From c366ef7dc0c2d5eb0e77fca9be04eacbc95a87b1 Mon Sep 17 00:00:00 2001
From: Sven Velt <sven@velt.de>
Date: Wed, 8 Dec 2021 20:28:45 +0100
Subject: [PATCH] Fixed NAT/Masquerade for bridge

Packets from bridge to bridge shouldn't be masqueraded
---
 files/etc/network/interfaces.d/br-lxc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/files/etc/network/interfaces.d/br-lxc b/files/etc/network/interfaces.d/br-lxc
index 60b7a21..d6d6dcf 100644
--- a/files/etc/network/interfaces.d/br-lxc
+++ b/files/etc/network/interfaces.d/br-lxc
@@ -4,6 +4,6 @@ iface br-lxc inet static
 
 	bridge_ports none
 
-	up	/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j MASQUERADE
-	down	/sbin/iptables -t nat -D POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j MASQUERADE
+	up	/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 ! -o br-lxc ! -d 192.168.1.0/24 -j MASQUERADE
+	down	/sbin/iptables -t nat -D POSTROUTING -s 192.168.1.0/24 ! -o br-lxc ! -d 192.168.1.0/24 -j MASQUERADE