Friday, July 30, 2010

IPTables Firewall Nonsense

I have three firewall rules:
-A OUTPUT -p tcp -s 192.168.110.41 -d 192.168.111.33 -j DNAT --to-destination 192.168.110.33
-A OUTPUT -p udp -s 192.168.110.41 -d 192.168.111.33 -j DNAT --to-destination 192.168.110.33
-A OUTPUT -p icmp -s 192.168.110.41 -d 192.168.111.33 -j DNAT --to-destination 192.168.110.33

Only the third one (ping!) works. 

The other two result in the log messages:
NAT: no longer support implicit source local NAT
NAT: packet src 192.168.110.33 -> dst 192.168.111.33

What the heck.  I'm just trying to redirect outgoing traffic to a different ip address and the source is specified, not implicit.  I really don't want to read iptables source code, but their documentation and the whole internet isn't helping.


No comments: