[LARTC] Re: iptables rule not matching after stream begins

To:	lartc@mailman.ds9a.nl
Subject:	[LARTC] Re: iptables rule not matching after stream begins
From:	"Bob Beers" <bob.beers@gmail.com>
Date:	Mon, 20 Nov 2006 19:46:00 -0500
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=TjxMTDkU1tawfcByKLuYz+4KGpQyrcQ1J+SgwOHGsCvTTIHGDAdN63Vfd6csXllaIRao+OJ88hBlvHforQU0lj7CME0PzmoP+QxbZZql/upRZmg2F+TsWXQVXkpa+EwlIDc0EdnayAsEbN6uv7f3vBftp1+SEljmBQNxQHPjWjc=
In-reply-to:	<4f6ba3b0611200730j337ad29xc69dd63b205060c4@mail.gmail.com>
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
References:	<4f6ba3b0611200730j337ad29xc69dd63b205060c4@mail.gmail.com>
Sender:	lartc-bounces@mailman.ds9a.nl

Trying again, after re-subscribing:

On 11/20/06, Bob Beers <bob.beers@gmail.com> wrote:

Hello,

I want to dynamically create DNAT rules for
 RTP streams (port-mapping for a SIP proxy).

If my proxy adds the rule before the first packet
 of the RTP stream hits the port, all is well.  But, if
 the stream begins arriving before my rule is in
 place, it never matches.  I cannot always be
 sure that the info for setting up the rule
 arrives sufficiently ahead of the stream.

I suspect if there is a simple resolution to my
 problem.  Does anyone else see this behavior,
 and will share with me the solution?

Apologies if there is a better place to seek an
 answer to this question, please redirect me as
 necessary.

I am using kernel 2.6.15.4, and iptables 1.3.3.

My rules are similar to this:
iptables -I PREROUTING -t nat -p UDP \
  -d<public_ip> --dport <public_port> \
   -j DNAT --to-destination <private_ip:port>
iptables -I FORWARD -p UDP \
   -d <private_ip> --dport <private_port>

--
-Bob
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] Re: iptables rule not matching after stream begins, Bob Beers <= Re: [LARTC] Re: iptables rule not matching after stream begins, Flophouse Joe Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers Re: [LARTC] Re: iptables rule not matching after stream begins, Alexey Toptygin Re: [LARTC] Re: iptables rule not matching after stream begins, Bob Beers Re: [LARTC] Re: iptables rule not matching after stream begins, Alexey Toptygin

Previous by Date:	[LARTC] Fwd: Traffic Shaping on a Transparent Bridge not working!, drew einhorn
Next by Date:	Re: [LARTC] Re: iptables rule not matching after stream begins, Flophouse Joe
Previous by Thread:	[LARTC] Fwd: Traffic Shaping on a Transparent Bridge not working!, drew einhorn
Next by Thread:	Re: [LARTC] Re: iptables rule not matching after stream begins, Flophouse Joe
Indexes:	[Date] [Thread] [Top] [All Lists]