Re: Issue related to conntrack while insert new rule with conntrack command in linux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I found some great related info  in
https://www.netfilter.org/projects/libnetfilter_queue/index.html
Thanks again

On Sun, Apr 28, 2019 at 10:59 AM Mojtaba <mespio@xxxxxxxxx> wrote:
>
> Hello Pablo,
> Would you please let me know to make my own libnetfilter_queue
> application ? I need a reference to read more about it and start
> working on it?
> With Best regards.Mojtaba
>
> On Sat, Apr 27, 2019 at 4:00 PM Mojtaba <mespio@xxxxxxxxx> wrote:
> >
> > Thanks Pablo,
> > Actually i need this feature for redirect  RTP-media packet beetwen
> > two service. I want to optimize resource consumption by using this
> > feature.
> > All things works right, But i should find the right place to insert
> > this rule in my code, Otherwise if the service got the first packet
> > from end-point while i don't insert the rule,yet. I will face with
> > problem, becasue of the rule was inserted before.
> > Thanks with regards. Mojtaba
> >
> > On Sat, Apr 27, 2019 at 2:13 PM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > >
> > > On Sat, Apr 27, 2019 at 01:31:40PM +0430, Mojtaba wrote:
> > > > Hello Pablo,
> > > > Just as better understanding, If i want to update using -U option, How
> > > > can i do that?
> > > > Suppose there is this rule in conntrack row:
> > > > udp      17 29 src=192.168.122.242 dst=192.168.122.103 sport=5070
> > > > dport=5005 [UNREPLIED] src=192.168.122.103 dst=192.168.122.242
> > > > sport=5005 dport
> > > > =5070 mark=0 use=1
> > > >
> > > > and i want to update it with this command:
> > > > conntrack -U -p udp -s 192.168.122.242 -d 192.168.122.103 --sport 5070
> > > > --dport 5005 --dst-nat 192.168.122.1:1111 --src-nat
> > > > 192.168.122.103:2222 --timeout 30
> > > > Actually it was not updated and this issue was raised:
> > > > conntrack v1.4.2 (conntrack-tools): 0 flow entries have been updated.
> > >
> > > You cannot update an existing entry with NATs.
> > >
> > > You can probably make your own libnetfilter_queue application that
> > > allows you to create conntrack entries from packets. If you want to do
> > > custom NAT handling some certain traffic. You will only need to pass
> > > the first packet of the flow to userspace to set up the NAT mangling
> > > you need.
> > >
> > > I would need to learn more on your usecase for this.
> >
> >
> >
> > --
> > --Mojtaba Esfandiari.S
>
>
>
> --
> --Mojtaba Esfandiari.S



-- 
--Mojtaba Esfandiari.S



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux