Friday, July 30, 2010

IPTables Firewall Nonsense

I have three firewall rules:
-A OUTPUT -p tcp -s -d -j DNAT --to-destination
-A OUTPUT -p udp -s -d -j DNAT --to-destination
-A OUTPUT -p icmp -s -d -j DNAT --to-destination

Only the third one (ping!) works. 

The other two result in the log messages:
NAT: no longer support implicit source local NAT
NAT: packet src -> dst

What the heck.  I'm just trying to redirect outgoing traffic to a different ip address and the source is specified, not implicit.  I really don't want to read iptables source code, but their documentation and the whole internet isn't helping.

