Don't snat all traffic when force_snat_range set

When using /proc/sys/net/bridge/bridge-nf-call-iptables=1, bridged
traffic gets snatted even though it is being bridged out to an
external gateway. This can lead to asymmetric routes where traffic
goes out the fixed network and comes back on the float network
and can lead to packets being blocked by firewalls. Work around
this problem by only fallback snatting when the traffic is
going to one of the force_snat_ranges. If force_snat_range is not
set it defaults to the existing behavior of snatting all traffic
that doesn't hit an earlier rule.

Fixes bug 1182143

Change-Id: If496dad2308a68a6a4a9fd43d695943bc5034ac4

0 files changed, 0 insertions, 0 deletions