snat rules created by wanloadbanana are now applied before snat rules created by nat. this shouldn't be a problem for nat, as the wanloadbanana rules are filters on packets marked in the mangle table.

now using the new jump to target inserted by vyatta-cfg-firewall project on boot.

1 files changed, 3 insertions, 3 deletions

diff --git a/src/lbdecision.cc b/src/lbdecision.cc
index 507d3b5..315516c 100644
--- a/src/lbdecision.cc
+++ b/src/lbdecision.cc
@@ -111,8 +111,8 @@ if so then this stuff goes here!
   if (lbdata._disable_source_nat == false) {
     execute(string("iptables -t nat -N WANLOADBALANCE"), stdout);
     execute(string("iptables -t nat -F WANLOADBALANCE"), stdout);
-    execute(string("iptables -t nat -D POSTROUTING -j WANLOADBALANCE"), stdout);
-    execute(string("iptables -t nat -A POSTROUTING -j WANLOADBALANCE"), stdout);
+    execute(string("iptables -t nat -D VYATTA_PRE_SNAT_HOOK -j WANLOADBALANCE"), stdout);
+    execute(string("iptables -t nat -I VYATTA_PRE_SNAT_HOOK 1 -j WANLOADBALANCE"), stdout);
   }
   //set up the conntrack table
   execute(string("iptables -t raw -N NAT_CONNTRACK"), stdout);
@@ -266,7 +266,7 @@ LBDecision::shutdown()
 
   //clear out nat as well
   execute("iptables -t nat -F WANLOADBALANCE", stdout);
-  execute("iptables -t nat -D POSTROUTING -j WANLOADBALANCE", stdout);
+  execute("iptables -t nat -D VYATTA_PRE_SNAT_HOOK -j WANLOADBALANCE", stdout);
 
 
   //remove the policy entries