blob: 8d0b547a0d079645a801f44ad02e4d99e711b31d (
plain)
1
2
3
4
5
6
7
8
9
10
|
Known bugs:
1) NAT in the OUTPUT chain does not work in stock kernels. However,
there is a patch in patch-o-matic, called the 'local-nat.patch'.
This patch adds a CONFIG_NF_IP_NAT_LOCAL kernel config option.
2) tcpdump traffic is corrupted by OUTPUT NAT.
3) Connection tracking doesn't wait very long for reply FIN, meaning
that half-closed pipes can time out early (seen frequently with squid).
|
