> > It looks like the proxy is grabbing the packets first and then dropping > > them directly onto the INPUT chain. Try disabling the proxy and release the > > bound ports then try it again. Once the packets reach PREROUTING you can > > DNAT them to another port. > I could ubnderstand the proxy code managing to grab the packet off the wire > before netfilter (PREROUTING) sees it, but I don't see how it would then get > seen by the INPUT chain - as far as I know, it's not possible for a packet to > reach netfilter's INPUT chain without first going through the PREROUTING > chain. If a packet bypasses one of these, it will bypass both. > However, the idea of disabling the proxy, and then seeing if the LOG rules > show anything different, is a good one. > How is the proxy connected to the socket? Anything unusual? The proxy is just a normal udp socket. (socket, bind, poll, recvfrom...) What I'm doing is an IVR over H.323, the program receives and send rtp packets until a conference is made, when the conference is made it starts working as a proxy (ie, it gets the packet with a recvfrom and sends by other socket with sendto) Nothing strange there. > Antony Saludos, HoraPe --- Horacio J. Peņa horape@xxxxxxxxxxxxxxxxx horape@xxxxxxxxxx
