When snatting, from is not used #18
Description
Example partition:
partition 'x' do
label 'd', :address => '10.243.4.97'
label 's', :address => '172.17.7.9'
label 'n', :address => '10.243.4.3'
rewrite 'wow' do
from 's'
to 'd'
snat 's' => 'n'
end
endProduces:
# x-58816d
iptables --table nat --new-chain x-d58816d
iptables --table nat --new-chain x-s58816d
iptables --table filter --new-chain x-a58816d
iptables --table nat --append x-s58816d --source 172.17.7.9 --jump SNAT --to-source 10.243.4.3
iptables --table filter --append x-a58816d --source 172.17.7.9 --jump ACCEPT
iptables --table nat --insert partition-s --source 172.17.7.9 --jump x-s58816d
iptables --table filter --insert partition-a --source 172.17.7.9 --jump x-a58816dWhere as I would have expect something more like:
# x-58816d
...
iptables --table nat --append x-s58816d --source 172.17.7.9 --destination 10.243.4.97 --jump SNAT --to-source 10.243.4.3
iptables --table filter --append x-a58816d --source 172.17.7.9 --destination 10.243.4.97 --jump ACCEPT
...The same is true (but flipped) for DNAT. Sometimes you want to DNAT/SNAT on specific sources and destinations to a specific IP.