I found some great related info in https://www.netfilter.org/projects/libnetfilter_queue/index.html Thanks again On Sun, Apr 28, 2019 at 10:59 AM Mojtaba <mespio@xxxxxxxxx> wrote: > > Hello Pablo, > Would you please let me know to make my own libnetfilter_queue > application ? I need a reference to read more about it and start > working on it? > With Best regards.Mojtaba > > On Sat, Apr 27, 2019 at 4:00 PM Mojtaba <mespio@xxxxxxxxx> wrote: > > > > Thanks Pablo, > > Actually i need this feature for redirect RTP-media packet beetwen > > two service. I want to optimize resource consumption by using this > > feature. > > All things works right, But i should find the right place to insert > > this rule in my code, Otherwise if the service got the first packet > > from end-point while i don't insert the rule,yet. I will face with > > problem, becasue of the rule was inserted before. > > Thanks with regards. Mojtaba > > > > On Sat, Apr 27, 2019 at 2:13 PM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > > > > > On Sat, Apr 27, 2019 at 01:31:40PM +0430, Mojtaba wrote: > > > > Hello Pablo, > > > > Just as better understanding, If i want to update using -U option, How > > > > can i do that? > > > > Suppose there is this rule in conntrack row: > > > > udp 17 29 src=192.168.122.242 dst=192.168.122.103 sport=5070 > > > > dport=5005 [UNREPLIED] src=192.168.122.103 dst=192.168.122.242 > > > > sport=5005 dport > > > > =5070 mark=0 use=1 > > > > > > > > and i want to update it with this command: > > > > conntrack -U -p udp -s 192.168.122.242 -d 192.168.122.103 --sport 5070 > > > > --dport 5005 --dst-nat 192.168.122.1:1111 --src-nat > > > > 192.168.122.103:2222 --timeout 30 > > > > Actually it was not updated and this issue was raised: > > > > conntrack v1.4.2 (conntrack-tools): 0 flow entries have been updated. > > > > > > You cannot update an existing entry with NATs. > > > > > > You can probably make your own libnetfilter_queue application that > > > allows you to create conntrack entries from packets. If you want to do > > > custom NAT handling some certain traffic. You will only need to pass > > > the first packet of the flow to userspace to set up the NAT mangling > > > you need. > > > > > > I would need to learn more on your usecase for this. > > > > > > > > -- > > --Mojtaba Esfandiari.S > > > > -- > --Mojtaba Esfandiari.S -- --Mojtaba Esfandiari.S