@@ -20,9 +20,9 @@ const (

 )

 var (

-	ErrIptablesNotFound = errors.New("Iptables not found")

 	nat                 = []string{"-t", "nat"}

 	supportsXlock       = false

+	ErrIptablesNotFound = errors.New("Iptables not found")

 )

 type Chain struct {

@@ -30,6 +30,15 @@ type Chain struct {

 	Bridge string

 }

+type ChainError struct {

+	Chain  string

+	Output []byte

+}

+

+func (e *ChainError) Error() string {

+	return fmt.Sprintf("Error iptables %s: %s", e.Chain, string(e.Output))

+}

+

 func init() {

 	supportsXlock = exec.Command("iptables", "--wait", "-L", "-n").Run() == nil

 }

@@ -78,7 +87,7 @@ func (c *Chain) Forward(action Action, ip net.IP, port int, proto, dest_addr str

 		"--to-destination", net.JoinHostPort(dest_addr, strconv.Itoa(dest_port))); err != nil {

 		return err

 	} else if len(output) != 0 {

-		return fmt.Errorf("Error iptables forward: %s", output)

+		return &ChainError{Chain: "FORWARD", Output: output}

 	}

 	fAction := action

@@ -94,7 +103,7 @@ func (c *Chain) Forward(action Action, ip net.IP, port int, proto, dest_addr str

 		"-j", "ACCEPT"); err != nil {

 		return err

 	} else if len(output) != 0 {

-		return fmt.Errorf("Error iptables forward: %s", output)

+		return &ChainError{Chain: "FORWARD", Output: output}

 	}

 	return nil

@@ -108,7 +117,7 @@ func (c *Chain) Prerouting(action Action, args ...string) error {

 	if output, err := Raw(append(a, "-j", c.Name)...); err != nil {

 		return err

 	} else if len(output) != 0 {

-		return fmt.Errorf("Error iptables prerouting: %s", output)

+		return &ChainError{Chain: "PREROUTING", Output: output}

 	}

 	return nil

 }

@@ -121,7 +130,7 @@ func (c *Chain) Output(action Action, args ...string) error {

 	if output, err := Raw(append(a, "-j", c.Name)...); err != nil {

 		return err

 	} else if len(output) != 0 {

-		return fmt.Errorf("Error iptables output: %s", output)

+		return &ChainError{Chain: "OUTPUT", Output: output}

 	}

 	return nil

 }