-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I cannot reproduce this with a default config. Both zone.int and
zone.tun are enabled with the following rule:
SNAT[0]="EXT ALL 0.0.0.0/0=>0.0.0.0/0"
Now looking at the result:
$ iptables -t nat -nvL
Chain POSTROUTING_NAT_EXT (1 references)
pkts bytes target prot opt in out source
destination
0 0 MASQUERADE all -- * * 192.168.1.0/24
0.0.0.0/0
0 0 MASQUERADE all -- * * 172.20.0.0/16
0.0.0.0/0
As you see, both nat rules are restricted to the zone subnets.
Perhaps you have DYNAMIC=1 in one of your zone.xxx files? This would
have the effect you described. But DYNAMIC=1 is not necessary in
zone.{int,tun}.
Regards,
Bastian
- --
,''`. Bastian Kleineidam
: :' : GnuPG Schlüssel
`. `' gpg --keyserver wwwkeys.pgp.net --recv-keys 32EC6F3E
`-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDtVG/eBwlBDLsbz4RAgdWAJ45fFcYpcTyrPeaVm3ouJoB0cqFawCfc4An
Lb1RL2unXWEaNiw+R4kpkyU=
=RLap
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
