Hi, I think you don't get the point. I have many devices that are connecting to the same servers(n:m connections), so I cannot put any simple rule in there. Esp. because the GMX Server which is the second one that connects and is changing port and IP address all the time, my internal phone is changing the port, and might even change it's IP, so I cannot define a rule based on that. (I have mentioned that in my first post: It is working, but not when I like to use direct rtp, which for some reason is possible in every other network I am working in (mostly Cisco routers), but not in my own one, and because linux should be / is highly configurable I though, that this feature just has to be enabled somehow (with feature I mean a real symmetric NAT)) So I don't want to do "hard" changes that would one work in one situation. Yes I always have nf_nat_sip compiled in my kernel. It might have helped, but in this specific case (which isn't specific in VoIP at all, it's basically a standard case in that world), it doesn't seem to work. I WANT A SYMMETRIC NAT!!!! -> Why doesn't anybody understand that? I mean I am on the netfilter list. Everyone here should know what I mean with the term symmetric NAT, so what is the problem? I more and more got the impression, that you are developing in your own little world, and not the world where we have different types of NAT. Most of them can be covered with netfilter/conntrack, but some cannot and I don't think it can be very hard to implement a symmetric NAT, can it? Please advise me on how to implement a symmetric NAT with iptables. What does the random flag for example on iptables do? What is the difference between MASQUERADE and SNAT? Is there any option I can give to the conntrack modules that might change anything? Thanks, Joern. On Thu, Nov 15, 2012 at 10:38 AM, Jan Engelhardt <jengelh@xxxxxxx> wrote: > > On Wednesday 2012-11-14 23:41, Jörn Krebs wrote: >> >>The problem I have with case 1 is that Linux is assigning a new external port. >>So and my router Case 1 looks more like this: >>A:5000 <-> router:5000 <-> C >>A:5000 <-> router:1030 <-> D >>Which causes a big issue with my VoIP setup! >>(VoIP is negotiating the ports inside the SIP protocol. They are not >>detected and they are fixed and not detected on the fly) > > Are you sure you have tried loading nf_nat_sip, like I mentioned > in the thread[1] on netfilter@ ? Or the extra DNAT rule? > > [1] http://marc.info/?l=netfilter&m=135289221821117&w=2 > >>(Hope I made my case clear) > > (The conntrack -E dump made a lot more sense to me.) > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Bye Bye, Jörn Krebs -------------------------------------------- 64 Queen St., Blackstone 4304 Phone: +61731363381 Mobile: +61431068955 Telefon: +495516345347 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html