Known bugs: | |
1) NAT in the OUTPUT chain does not work in stock kernels. However, | |
there is a patch in patch-o-matic, called the 'local-nat.patch'. | |
This patch adds a CONFIG_NF_IP_NAT_LOCAL kernel config option. | |
2) tcpdump traffic is corrupted by OUTPUT NAT. | |
3) Connection tracking doesn't wait very long for reply FIN, meaning | |
that half-closed pipes can time out early (seen frequently with squid). |