Thanks Pablo, Actually i need this feature for redirect RTP-media packet beetwen two service. I want to optimize resource consumption by using this feature. All things works right, But i should find the right place to insert this rule in my code, Otherwise if the service got the first packet from end-point while i don't insert the rule,yet. I will face with problem, becasue of the rule was inserted before. Thanks with regards. Mojtaba On Sat, Apr 27, 2019 at 2:13 PM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > On Sat, Apr 27, 2019 at 01:31:40PM +0430, Mojtaba wrote: > > Hello Pablo, > > Just as better understanding, If i want to update using -U option, How > > can i do that? > > Suppose there is this rule in conntrack row: > > udp 17 29 src=192.168.122.242 dst=192.168.122.103 sport=5070 > > dport=5005 [UNREPLIED] src=192.168.122.103 dst=192.168.122.242 > > sport=5005 dport > > =5070 mark=0 use=1 > > > > and i want to update it with this command: > > conntrack -U -p udp -s 192.168.122.242 -d 192.168.122.103 --sport 5070 > > --dport 5005 --dst-nat 192.168.122.1:1111 --src-nat > > 192.168.122.103:2222 --timeout 30 > > Actually it was not updated and this issue was raised: > > conntrack v1.4.2 (conntrack-tools): 0 flow entries have been updated. > > You cannot update an existing entry with NATs. > > You can probably make your own libnetfilter_queue application that > allows you to create conntrack entries from packets. If you want to do > custom NAT handling some certain traffic. You will only need to pass > the first packet of the flow to userspace to set up the NAT mangling > you need. > > I would need to learn more on your usecase for this. -- --Mojtaba Esfandiari.S
