| Harald Welte | 1268184 | 2001-05-26 04:40:37 +0000 | [diff] [blame] | 1 | Known bugs: |
| Rusty Russell | 967893b | 2000-10-06 08:11:40 +0000 | [diff] [blame] | 2 | |
| Harald Welte | 158b090 | 2002-07-23 13:44:41 +0000 | [diff] [blame] | 3 | 1) NAT in the OUTPUT chain only works since kernel 2.4.18. However, |
| 4 | there is a patch for previous kernels in patch-o-matic, called the |
| 5 | 'local-nat.patch'. This patch adds a CONFIG_NF_IP_NAT_LOCAL kernel config |
| 6 | option. |
| Rusty Russell | 967893b | 2000-10-06 08:11:40 +0000 | [diff] [blame] | 7 | |
| 8 | 2) tcpdump traffic is corrupted by OUTPUT NAT. |
| 9 | |
| 10 | 3) Connection tracking doesn't wait very long for reply FIN, meaning |
| 11 | that half-closed pipes can time out early (seen frequently with squid). |
| Harald Welte | 158b090 | 2002-07-23 13:44:41 +0000 | [diff] [blame] | 12 | |
| 13 | 4) When you use ip6tables packet mangling on IPv6 packets, the packet will |
| 14 | not be re-routed in case e.g. you insert a routing header. |