Vijay Viswanathan a écrit : > Thanks, > 1) what about non-connection oriented ? > 2) broadcast/multicast ( Upnp searches that need to go one extra hop > if dlna is run on veth ? ) These are cases where the addresses and ports in the reply packet does not match the ones in the original packet. In such case, the standard conntrack (connection tracking) won't treat the reply packet as belonging to the same connection as the original packet. The stateful NAT relies on conntrack to tell which connection a packet belongs to in order to apply the required mapping. For any such protocols, a specific conntrack/NAT helper pair must be written in order to allow them through NAT. Examples : SIP, H.323, TFTP. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
