Select masquerade by outgoing interface rather than by destination subnet

Docker-DCO-1.1-Signed-off-by: Jérôme Petazzoni <jerome@docker.com> (github: jpetazzo)
2014-06-11 17:09:19 -07:00 · 2014-06-11 17:09:19 -07:00 · a084f4bc61
commit a084f4bc61
parent c99ee556d4
1 changed files with 1 additions and 1 deletions
--- a/daemon/networkdriver/bridge/driver.go
+++ b/daemon/networkdriver/bridge/driver.go
@ -175,7 +175,7 @@ func InitDriver(job *engine.Job) engine.Status {

 func setupIPTables(addr net.Addr, icc bool) error {
 	// Enable NAT
-	natArgs := []string{"POSTROUTING", "-t", "nat", "-s", addr.String(), "!", "-d", addr.String(), "-j", "MASQUERADE"}
+	natArgs := []string{"POSTROUTING", "-t", "nat", "-s", addr.String(), "!", "-o", bridgeIface, "-j", "MASQUERADE"}

 	if !iptables.Exists(natArgs...) {
 		if output, err := iptables.Raw(append([]string{"-I"}, natArgs...)...); err != nil {