Browse Source

Select masquerade by outgoing interface rather than by destination subnet

Docker-DCO-1.1-Signed-off-by: Jérôme Petazzoni <jerome@docker.com> (github: jpetazzo)
Jérôme Petazzoni 11 years ago
parent
commit
a084f4bc61
1 changed files with 1 additions and 1 deletions
  1. 1 1
      daemon/networkdriver/bridge/driver.go

+ 1 - 1
daemon/networkdriver/bridge/driver.go

@@ -175,7 +175,7 @@ func InitDriver(job *engine.Job) engine.Status {
 
 
 func setupIPTables(addr net.Addr, icc bool) error {
 func setupIPTables(addr net.Addr, icc bool) error {
 	// Enable NAT
 	// Enable NAT
-	natArgs := []string{"POSTROUTING", "-t", "nat", "-s", addr.String(), "!", "-d", addr.String(), "-j", "MASQUERADE"}
+	natArgs := []string{"POSTROUTING", "-t", "nat", "-s", addr.String(), "!", "-o", bridgeIface, "-j", "MASQUERADE"}
 
 
 	if !iptables.Exists(natArgs...) {
 	if !iptables.Exists(natArgs...) {
 		if output, err := iptables.Raw(append([]string{"-I"}, natArgs...)...); err != nil {
 		if output, err := iptables.Raw(append([]string{"-I"}, natArgs...)...); err != nil {