Hi Brent, hi others
Is this really for SIP.
Yes, it's definately for SIP. I try to create some sort of transparent sip proxy that I will use later for monitoring packets for a project / for my thesis. The thing I want to do is the following 1. redirect traffic from the client to my proxy --> iptables -A OUTPUT -t nat -p udp --dport 5060 --sport 5060 -j REDIRECT --to-ports 5061 The proxy waits on 5061 for this traffic, the packets do arrive. Step 1 is working. 2. Now the proxy collects some info from the packets and sends them (unchanged) out on 5062 to the server. I need a second rule that changes the source port from 5062 back to 5060 that the SIP server doesn't notice the proxy --> iptables -A POSTROUTING -t nat -p udp --dport 5060 --sport 5062 -j SNAT --to-source 192.168.0.21:5060 192.168.0.21 is the IP of the PC where the client and proxy are running on. That's working, too. The packets get sent to the server using the correct ports, the server accepts the packets and replies correctly. BUT NOW I think the problem occurs! When the reply from the server arrives on the proxy computer, a "ICMP destination port unreachable" is sent back to the server. Why? I don't get this. Has anybody an idea how to fix this problem or how to do the whole proxy differently? Regards, Holger
