1Known bugs: 2 31) NAT in the OUTPUT chain only works since kernel 2.4.18. However, 4 there is a patch for previous kernels in patch-o-matic, called the 5 'local-nat.patch'. This patch adds a CONFIG_NF_IP_NAT_LOCAL kernel config 6 option. 7 82) tcpdump traffic is corrupted by OUTPUT NAT. 9 103) Connection tracking doesn't wait very long for reply FIN, meaning 11 that half-closed pipes can time out early (seen frequently with squid). 12 134) When you use ip6tables packet mangling on IPv6 packets, the packet will 14 not be re-routed in case e.g. you insert a routing header. 15