Hello, I am developing a SIP proxy server with a media proxy feature which I would like to implement as a set of iptables rules (if the packet comes from the address and port specified in SDP, forward it to the specified destination address and port...). The problem is that the user agent sends the SIP message with the SDP containing the needed address and port practically simultaneously with the first RTP packets. This causes the DNAT rule to be added after some RTP packets being already received by the proxy. >From what I have experienced if I add a DNAT rule for a stream of packets that is already listed in the conntrack table as UNREPLIED the rule isn't applied for this stream until it times out. My question is, is there a way to apply new rules for connections that are already listed in the conntrack table as UNREPLIED without having to wait until they time out? Or did I understand it wrong? What I need is something like the RAWDNAT but I also need to be able to change the destination port and not just the address. Thanks for any help in advance, Jozef-- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
