> > so before step (3) any packets destined to internet shall be returned with > 'destination unreachable'. But i don't know if this could create the > contrack entry. the IAX udp packets are being sent all the time, even > before the router boots up - so its very likely such packet may hit the > router before netfilter (and SNAT) is configured. > But from what i understand, the UDP NAT shall refresh every 180 seconds (?) > so after 3 minutes the packets shall be nat-ed correctly. But maybe if > there is a constant flow of packets it can sustain the contrack entry? But Bingo :) I'll answer myself: YES I have shut down the asterisk for a few minutes to let the router contrack clean the entry and then started it up again. Now the connection is NAT-ed correctly. But this basically means the UDP entry is not 'refreshed' every 180 sec. right? Is this a bug or a 'feature'? :) Marek
