[ovs-dev] HA: [PATCH] Add new 'passthrough' nat_type

Ben Pfaff blp at ovn.org
Wed Jun 5 18:18:04 UTC 2019


On Wed, Jun 05, 2019 at 09:27:38AM +0000, Rostyslav Fridman wrote:
> > This explains the semantics but not why they're useful.  Why would one use a passthrough nat_type?
> Basically this replicates the behavior of iptables ACCEPT rules in nat table.
> 
> target     prot opt source               destination
> ACCEPT     all  --  10.0.0.0/8          192.168.0.0/16         
> MASQUERADE  all  --  10.0.0.0/8          anywhere
> 
> What I want to achieve is to be able to nat some network to all destinations except for specified in passthrough rule.
> To be more precise, if I have some private subnet and I want it to be able to access Internet using NAT, but at the same time have a direct routing to subnet on a different node I will use a passthrough nat rule.

It is good to get this explanation in email.  Thank you.  Please add the
explanation to the commit message and the documentation as part of the
next version of the patch.


More information about the dev mailing list