Re: iptables - Trying to understand "no longer support implicit source local NAT"

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
To: netfilter@vger.kernel.org
Subject: Re: iptables - Trying to understand "no longer support implicit  source local NAT"
Date: Fri, 24 Apr 2009 16:38:44 +0200	[thread overview]
Message-ID: <49F1CEF4.9070706@plouf.fr.eu.org> (raw)
In-Reply-To: <BLU149-W79AC0311DCF953433463CA3750@phx.gbl>

Hello,

Data Shock a écrit :
> 
> It is unfortunate that nobody seems to know why this message is there,
> or really what it means.

It is just a warning and remainder. As you saw, it would occur at most 
once after the DNAT module is loaded. So I do not understand why so much 
complain for a message happening mostly once a boot at most.

In 2.4 kernels and 2.6 kernels older that 2.6.11, the DNAT target used 
to implicitly change the source address to reflect the new output 
interface. Kernels 2.6.11 and above do not do it any more, possibliy 
causing a loss of connectivy in some special cases. This is the reason 
of this message, giving the opportunity to add an explicit SNAT rule 
when required. The given reason for removing explicit source NAT is that 
the submitter believed it was not strictly necessary.

The REDIRECT target never changed the source address, so it does not 
produce the message.

Note that it should not be necessary to explicitly change the source 
address with a SNAT rule anyway. Don't you have too restrictive 
filtering rules on the loopback interface ?

     prev parent reply	other threads:[~2009-04-24 14:38 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-03-19 19:43 iptables - Trying to understand "no longer support implicit source local NAT" Data Shock
2009-03-19 20:04 ` Jonathan Knight
2009-03-19 21:06   ` Data Shock
2009-03-26 13:30     ` Data Shock
2009-04-06 18:31       ` Data Shock
2009-04-06 18:58         ` Data Shock
2009-04-06 19:41           ` Mike Wright
2009-04-06 21:52             ` Data Shock
2009-04-06 21:51           ` Mart Frauenlob
2009-04-06 22:30             ` Data Shock
2009-04-23 20:55               ` Data Shock
2009-04-24 14:38                 ` Pascal Hambourg [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=49F1CEF4.9070706@plouf.fr.eu.org \
    --to=pascal.mail@plouf.fr.eu.org \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.