Bug 12808:

Summary of Changes:   Using multiple routing tables to send the packets on the public NIC's based on source IP for the following type of connections:
  - Inbound connections of Static NAT ip .
  - Outbound connections of static-NAT (using static NAT-ip for SNAT).
Reviewed-by: Abhi

patches/systemvm/debian/config/root/firewall.sh

@@ -185,15 +185,24 @@ static_nat() {
 
   local dev=$(ip_to_dev $publicIp)
   [ $? -ne 0 ] && echo "Could not find device associated with $publicIp" && return 1
+  local tableNo=$(echo $dev | awk -F'eth' '{print $2}')
 
   # shortcircuit the process if error and it is an append operation
   # continue if it is delete
+  (sudo iptables -t mangle $op PREROUTING -i $dev -d $publicIp \
+           -j MARK -m state --state NEW --set-mark $tableNo) &&
+  (sudo iptables -t mangle $op PREROUTING -i $dev -d $publicIp \
+           -m state --state NEW -j CONNMARK --save-mark) &&
+  (sudo iptables -t mangle $op  PREROUTING -s $instIp -i eth0  \
+           -j MARK -m state --state NEW --set-mark $tableNo) &&
+  (sudo iptables -t mangle $op PREROUTING -s $instIp -i eth0  \
+           -m state --state NEW -j CONNMARK --save-mark) &&
   (sudo iptables -t nat $op  PREROUTING -i $dev -d $publicIp -j DNAT \
            --to-destination $instIp &>>  $OUTFILE || [ "$op" == "-D" ]) &&
   (sudo iptables $op FORWARD -i $dev -o eth0 -d $instIp  -m state \
            --state NEW -j ACCEPT &>>  $OUTFILE || [ "$op" == "-D" ]) &&
   (sudo iptables -t nat $op2 POSTROUTING $rulenum -s $instIp -j SNAT \
-           --to-source $publicIp &>> $OUTFILE || [ "$op" == "-D" ])
+           -o $dev --to-source $publicIp &>> $OUTFILE || [ "$op" == "-D" ])
 
   result=$?
   logger -t cloud "$(basename $0): done static nat entry public ip=$publicIp op=$op result=$result"