From cf9ca69584e7262245cdc497d14e0ad765a64762 Mon Sep 17 00:00:00 2001 From: Sam Stoelinga Date: Thu, 16 Jun 2016 17:20:32 +0800 Subject: [PATCH] Support interfaces with name other than eth0 This fixes the iptables rule which only applies SNAT if traffic gets out from eth0. In my case I also wanted to apply SNAT for traffic going to internal bridge interface. --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 863bd8a..5d70298 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -9,7 +9,7 @@ service rsyslog start sysctl -w net.ipv4.ip_forward=1 # configure firewall -iptables -t nat -A POSTROUTING -s 10.99.99.0/24 -o eth0 -j MASQUERADE +iptables -t nat -A POSTROUTING -s 10.99.99.0/24 ! -d 10.99.99.0/24 -j MASQUERADE iptables -A FORWARD -s 10.99.99.0/24 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356 exec "$@"