Friday, July 30, 2010

IPTables Firewall Nonsense

I have three firewall rules:
-A OUTPUT -p tcp -s 192.168.110.41 -d 192.168.111.33 -j DNAT --to-destination 192.168.110.33
-A OUTPUT -p udp -s 192.168.110.41 -d 192.168.111.33 -j DNAT --to-destination 192.168.110.33
-A OUTPUT -p icmp -s 192.168.110.41 -d 192.168.111.33 -j DNAT --to-destination 192.168.110.33

Only the third one (ping!) works. 

The other two result in the log messages:
NAT: no longer support implicit source local NAT
NAT: packet src 192.168.110.33 -> dst 192.168.111.33

What the heck.  I'm just trying to redirect outgoing traffic to a different ip address and the source is specified, not implicit.  I really don't want to read iptables source code, but their documentation and the whole internet isn't helping.


Tuesday, July 20, 2010

How Not to English

I wish more technical reporters on the internet invested in some
college level writing classes. Then they might just sound smart
(which they usually are) instead of merely informed. This occurred to
me while reading Anandtech today.

Wednesday, July 14, 2010

Waiting for Liferay 6.0 GA

Just chalked up new feature request number eleventy million that is already done in Liferay 6.0 but hard to implement in 5.2.3.  Event tags are so nice and so not available to us without hack code.