[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    [DNAT] applying a new rule for a connection marked as UNREPLIED
From:       Jozef Balaz <jozef.balaz.237 () gmail ! com>
Date:       2013-04-11 16:24:06
Message-ID: 03A41D63-B87F-405D-A4D2-FED951FF9FC8 () gmail ! com
[Download RAW message or body]

Hello,

I am developing a SIP proxy server with a media proxy feature which I would like to \
implement as a set of iptables rules (if the packet comes from the address and port \
specified in SDP, forward it to the specified destination address and port...).

The problem is that the user agent sends the SIP message with the SDP containing the \
needed address and port practically simultaneously with the first RTP packets. This \
causes the DNAT rule to be added after some RTP packets being already received by the \
proxy. 

From what I have experienced if I add a DNAT rule for a stream of packets that is \
already listed in the conntrack table as UNREPLIED the rule isn't applied for this \
stream until it times out.

My question is, is there a way to apply new rules for connections that are already \
listed in the conntrack table as UNREPLIED without having to wait until they time \
out? Or did I understand it wrong?

What I need is something like the RAWDNAT but I also need to be able to change the \
destination port and not just the address.

Thanks for any help in advance,
Jozef--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[prev in list] [next in list] [prev in thread] [next in thread]