policy based routing + nat ...? Sent from my iPhone On 2012-11-14, at 4:15 PM, Jörn Krebs <jk@xxxxxxxxxxxx> wrote: > Hi, > > I think you don't get the point. I have many devices that are > connecting to the same servers(n:m connections), > so I cannot put any simple rule in there. Esp. because the GMX Server > which is the second one that connects and is changing port and IP > address all the time, > my internal phone is changing the port, and might even change it's IP, > so I cannot define a rule based on that. > (I have mentioned that in my first post: It is working, but not when I > like to use direct rtp, which for some reason is possible in every > other network I am working in (mostly Cisco routers), but not in my > own one, and because linux should be / is highly configurable I > though, that this feature just has to be enabled somehow (with feature > I mean a real symmetric NAT)) > > So I don't want to do "hard" changes that would one work in one situation. > > Yes I always have nf_nat_sip compiled in my kernel. It might have > helped, but in this specific case (which isn't specific in VoIP at > all, it's basically a standard case in that world), it doesn't seem to > work. > > I WANT A SYMMETRIC NAT!!!! -> Why doesn't anybody understand that? > I mean I am on the netfilter list. Everyone here should know what I > mean with the term symmetric NAT, so what is the problem? > I more and more got the impression, that you are developing in your > own little world, and not the world where we have different types of > NAT. > Most of them can be covered with netfilter/conntrack, but some cannot > and I don't think it can be very hard to implement a symmetric NAT, > can it? > > Please advise me on how to implement a symmetric NAT with iptables. > > What does the random flag for example on iptables do? > > What is the difference between MASQUERADE and SNAT? > Is there any option I can give to the conntrack modules that might > change anything? > > Thanks, Joern. > > On Thu, Nov 15, 2012 at 10:38 AM, Jan Engelhardt <jengelh@xxxxxxx> wrote: >> >> On Wednesday 2012-11-14 23:41, Jörn Krebs wrote: >>> >>> The problem I have with case 1 is that Linux is assigning a new external port. >>> So and my router Case 1 looks more like this: >>> A:5000 <-> router:5000 <-> C >>> A:5000 <-> router:1030 <-> D >>> Which causes a big issue with my VoIP setup! >>> (VoIP is negotiating the ports inside the SIP protocol. They are not >>> detected and they are fixed and not detected on the fly) >> >> Are you sure you have tried loading nf_nat_sip, like I mentioned >> in the thread[1] on netfilter@ ? Or the extra DNAT rule? >> >> [1] http://marc.info/?l=netfilter&m=135289221821117&w=2 >> >>> (Hope I made my case clear) >> >> (The conntrack -E dump made a lot more sense to me.) >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html > > > > -- > Bye Bye, Jörn Krebs > -------------------------------------------- > 64 Queen St., Blackstone 4304 > Phone: +61731363381 > Mobile: +61431068955 > Telefon: +495516345347 > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
