Hi Michael,
i've tested it and it works as expected.

Regards
Matthias 

> Am 10.12.2015 um 17:37 schrieb Michael Tremer <michael.tremer(a)ipfire.org>:
> 
> Is there any evidence that this was tested by somebody else but you?
> 
> -Michael
> 
>> On Mon, 2015-12-07 at 15:57 +0100, Alexander Marx wrote:
>> When creating SNAT rules, the outgoing interface is not set. As a
>> side
>> effect, traffic that should be send unnatted to a vpn tunnel can be
>> natted which is a BUG.
>> With this patch the SNAT rules are getting a outgoing interface
>> according to the configuration. When selecting the RED Target
>> network,
>> all SNAT rules will be configured with "-o red0". Otherwise if "all"
>> is
>> selected, there is no interface in the rule, which matches all
>> networks.
>> 
>> Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org>
>> ---
>> config/firewall/rules.pl | 4 ++++
>> 1 file changed, 4 insertions(+)
>> 
>> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
>> index daa9565..8b0c6dd 100644
>> --- a/config/firewall/rules.pl
>> +++ b/config/firewall/rules.pl
>> @@ -467,6 +467,10 @@ sub buildrules {
>>                        } elsif ($NAT_MODE
>> eq "SNAT") {
>>                            my
>> @nat_options = @options;
>> 
>> +                            if
>> ($destination_intf) {
>> +                                push
>> (@nat_options, ("-o", $destination_intf));
>> +                            }
>> +
>>                            push(@nat_op
>> tions, @source_options);
>>                            push(@nat_op
>> tions, @destination_options);