From b358f122dfab9a922f3502d3f3d46895042f9a7d Mon Sep 17 00:00:00 2001
From: Manevolent <Manevolent@users.noreply.github.com>
Date: Sun, 23 Apr 2023 20:28:50 -0600
Subject: [PATCH] Update tinc-up.tmpl

---
 tinc/tinc-up.tmpl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tinc/tinc-up.tmpl b/tinc/tinc-up.tmpl
index 23697db..4f9cc26 100644
--- a/tinc/tinc-up.tmpl
+++ b/tinc/tinc-up.tmpl
@@ -16,7 +16,8 @@ iptables -t nat -I PREROUTING -d {{ . }} -i eth0 -j DNAT --to-destination ${tinc
 # Plugins may communicate over eth0, the 'internal' docker network.
 # Because of this, we should allow masquerading NAT through eth0
 iptables -A FORWARD -i eth0 -o \$INTERFACE -j ACCEPT
-iptables -t nat -A POSTROUTING -i eth0 -o \$INTERFACE -j MASQUERADE
+iptables -t nat -A PREROUTING -i eth0 -j MARK --set-mark 1
+iptables -t nat -A POSTROUTING -m mark --mark 1 -o \$INTERFACE -j MASQUERADE
 
 # Prevent spoofing attacks
 iptables -A FORWARD -i \$INTERFACE ! -s ${network_address}/${global_prefix:-16} -j DROP