On Sun, Oct 09, 2016 at 08:06:56PM +0200, Sven-Haegar Koch wrote: > > I think that's the answer to the problem: > > https://www.spinics.net/lists/netfilter/msg56874.html > > Is there a complete list somewhere of all rules needed to entirely > replicate the previous way of "just modprobe all existing nf_nat_* and > nf_conntrack_* modules"? > > (To make a user NAT gateway "just work for everything, no matter what > they try to use") NAT is not my problem, both call legs are reachable directly. I just want to use connection tracking to keep the set of open ports minimal on the outside interface ppp0. I am puzzled that nf_conntrack_sip only notices sip connection on the "internal" ethernet interface but not on the "external" ppp0. Bye, Joerg
Attachment:
signature.asc
Description: PGP signature
