X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=src%2Finitscripts%2Finit.d%2Ffirewall;h=31aa2c9b574e828e7d42c33a238808859f9cf6fb;hp=a67af7056486ad4e93db4786100d0a83ea80d100;hb=99f11a16f62ee8424c3a2b6ae72539678818a33a;hpb=63f2fb7fda9112d9e39414328e5d4fab28809c63

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index a67af7056..31aa2c9b5 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -196,6 +196,7 @@ iptables_init() {
 	# DNAT rules
 	iptables -t nat -N NAT_DESTINATION
 	iptables -t nat -A PREROUTING -j NAT_DESTINATION
+	iptables -t nat -A OUTPUT -j NAT_DESTINATION
 
 	iptables -t mangle -N NAT_DESTINATION
 	iptables -t mangle -A PREROUTING -j NAT_DESTINATION
@@ -311,7 +312,10 @@ iptables_red() {
 
 		# Outgoing masquerading (don't masqerade IPSEC (mark 50))
 		iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN
-		iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
+
+		if [ "$IFACE" != "$GREEN_DEV" ]; then
+			iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
+		fi
 
 	fi