From a084f4bc61a81eb9076246d85d6cc5168b32a949 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Petazzoni?= <jp@enix.org>
Date: Wed, 11 Jun 2014 17:09:19 -0700
Subject: [PATCH] Select masquerade by outgoing interface rather than by
 destination subnet
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Docker-DCO-1.1-Signed-off-by: Jérôme Petazzoni <jerome@docker.com> (github: jpetazzo)
---
 daemon/networkdriver/bridge/driver.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/daemon/networkdriver/bridge/driver.go b/daemon/networkdriver/bridge/driver.go
index 8c5db9f843..1cde7c9be0 100644
--- a/daemon/networkdriver/bridge/driver.go
+++ b/daemon/networkdriver/bridge/driver.go
@@ -175,7 +175,7 @@ func InitDriver(job *engine.Job) engine.Status {
 
 func setupIPTables(addr net.Addr, icc bool) error {
 	// Enable NAT
-	natArgs := []string{"POSTROUTING", "-t", "nat", "-s", addr.String(), "!", "-d", addr.String(), "-j", "MASQUERADE"}
+	natArgs := []string{"POSTROUTING", "-t", "nat", "-s", addr.String(), "!", "-o", bridgeIface, "-j", "MASQUERADE"}
 
 	if !iptables.Exists(natArgs...) {
 		if output, err := iptables.Raw(append([]string{"-I"}, natArgs...)...); err != nil {