Skip to content

Commit 9148f3e

Browse files
pieterlangepieterlange
committed
Use more efficient SNAT instead of MASQUERADE
1 parent 65b8492 commit 9148f3e

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

entrypoint.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -64,11 +64,11 @@ for route in "${routes[@]}"; do
6464
done
6565

6666
if [ $OVPN_DEFROUTE -gt 0 ]; then
67-
iptables -t nat -A POSTROUTING -s ${OVPN_NETWORK} -o ${OVPN_NATDEVICE} -j MASQUERADE
67+
iptables -t nat -A POSTROUTING -s ${OVPN_NETWORK} -o ${OVPN_NATDEVICE} -j SNAT --to-source $PODIPADDR
6868
[ $OVPN_DEFROUTE -gt 1 ] && addArg "--push" "redirect-gateway def1"
6969
else
7070
for route in "${routes[@]}"; do
71-
iptables -t nat -A POSTROUTING -s ${OVPN_NETWORK} -d $route -o ${OVPN_NATDEVICE} -j MASQUERADE
71+
iptables -t nat -A POSTROUTING -s ${OVPN_NETWORK} -d $route -o ${OVPN_NATDEVICE} -j SNAT --to-source $PODIPADDR
7272
done
7373
fi
7474

0 commit comments

Comments
 (0)