Op vrijdag 26 september 2014 15:18:42 schreef Pascal Hambourg: > Maarten Vanraes a écrit : > > Op woensdag 24 september 2014 15:38:26 schreef Eliezer Croitoru: > >> VOIP and STREAMING are beasts!!! > >> There are modules which analyze them and also recognize them but you > >> will need to enable them first. > > > > what kind of modules do you know that help conntracking this kind of > > stuff? > > For SIP : nf_conntrack_sip. There is a nf_conntrack_<protocol> helper > for each supported "complex" protocol (FTP, IRC, PPTP...). Their purpose > is to set the state of the first packet of the data connection to > RELATED, and copy the connmark of the control connection to the data > connection. On a box doing NAT, you also need the related > nf_nat_<protocol> module. > > > and... what about ipv6 and multiple ISPs? (but without natting, but still > > no bgp or something), won't i still have the same problem? > > Yes. awesome, this makes it totally clear... thx! -- BA NV IT & Security -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
