Try to NAT a RTP stream - Nils Ohlmeier

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Nils Ohlmeier <lists@ohlmeier.de>
To: netfilter@lists.netfilter.org
Subject: Try to NAT a RTP stream
Date: Sun, 27 Apr 2003 08:24:31 +0200	[thread overview]
Message-ID: <200304270824.31892.lists@ohlmeier.de> (raw)

Hello,

i try to NAT RTP streams with my own application (i do not use iptables to 
insert the rules -> should i go to netfilter-devel?).

Scenario:
192.168.0.114 <-----> 192.168.0.2
                      Netfilter NAT
                     217.224.223.167 <--------------> 195.37.77.110

The result is that packets go from private to public but not vice versa. And 
the ruleset looks like this (empty chains omitted, ruleset is only for 
debuging, masquerade rule is for keeping my existing connections):

Chain FORWARD (policy ACCEPT 237 packets, 47356 bytes)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 ACCEPT     udp  --  *      *       195.37.77.110        
192.168.0.114      udp spts:18554:18555 dpts:8766:8767
  399 79648 ACCEPT     udp  --  *      *       192.168.0.114        
195.37.77.110      udp spts:8766:8767 dpts:18554:18555

Chain PREROUTING (policy ACCEPT 3481 packets, 552K bytes)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 DNAT       udp  --  *      *       195.37.77.110        
217.224.223.167    udp spts:18554:18555 dpts:32790:32791 
to:192.168.0.114:8766-8767

Chain POSTROUTING (policy ACCEPT 660 packets, 52480 bytes)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 SNAT       udp  --  *      *       192.168.0.114        
195.37.77.110      udp spts:8766:8767 dpts:18554:18555 
to:217.224.223.167:32790-32791
    9  1835 MASQUERADE  all  --  *      *       192.168.0.0/23       0.0.0.0/0

What i do not understand is why the packets from internal hit the rule in 
FORWARD but do not hit the same rule in POSTROUTING.
The second strange thing is that packets come in on the external interface 
(observed with ngrep) but to not hit the PREROUTING rule.
I fear i missed something obvious :-(

Any help/ideas appreciated.

Greetings
  Nils Ohlmeier

next             reply	other threads:[~2003-04-27  6:24 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-04-27  6:24 Nils Ohlmeier [this message]
2003-04-30  3:26 ` Try to NAT a RTP stream Tom Marshall
2003-04-30 11:12   ` Michael J. Tubby B.Sc. (Hons) G8TIC
2003-04-30 14:28     ` Tom Marshall
2003-05-01  9:17       ` Michael J. Tubby B.Sc. (Hons) G8TIC
2003-05-02  6:55         ` IP-tables with authentication Yogesh Talekar (M.T.S.@C.N.C.)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200304270824.31892.lists@ohlmeier.de \
    --to=lists@ohlmeier.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.