From: Eliezer Croitoru <eliezer@ngtech.co.il>
To: "Jörn Krebs" <jk@smartbyte.de>
Cc: netfilter <netfilter@vger.kernel.org>
Subject: Re: VoIP conntrack issue
Date: Tue, 13 Nov 2012 11:32:33 +0200 [thread overview]
Message-ID: <50A213B1.4050601@ngtech.co.il> (raw)
In-Reply-To: <CABY2qi9-dYnr8AkTmoeQZgbxM02T=OFw0-FKZoyt+_N6xHuJgA@mail.gmail.com>
On 11/13/2012 5:20 AM, Jörn Krebs wrote:
> Not really, as I use the devices behind the firewall, in many
> networks, so I need one setup that works.
>
> But to be honest, I don't like to start this discussion:
> My question is, why can netfilter not reuse the same port?
> The host inside the firewall is the same, so why can't linux manage a
> port mapping, which says: If a UDP packet comes from host A to us,
> port 1234, AND host B, port 1234, map both to internal host Int1?
> (under the assumption, that Int1 tried to establish the connection
> with Host A and B first).
>
> The point is: There is NO port mapping clash, why is netfilter
> creating one? and does a port remap? (For UDP ... TCP is different.)
Are you sure you understand NAT stun and how port prediction works??
Try to talk IP and ports in a diagram that will make sense to the eye
please.
Regards,
Eliezer
next prev parent reply other threads:[~2012-11-13 9:32 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-13 2:49 VoIP conntrack issue Jörn Krebs
2012-11-13 3:02 ` Neal Murphy
2012-11-13 3:20 ` Jörn Krebs
2012-11-13 9:32 ` Eliezer Croitoru [this message]
2012-11-13 11:42 ` Jörn Krebs
2012-11-13 15:13 ` /dev/rob0
2012-11-13 20:09 ` Eliezer Croitoru
[not found] ` <CABY2qi8w6eDME-OUYM_5Y8Pk63TxBudoHkC54EdzHtuEwQGjZQ@mail.gmail.com>
2012-11-13 22:51 ` Fwd: " Jörn Krebs
2012-11-14 1:09 ` Eliezer Croitoru
[not found] ` <CABY2qi_SsfZWzD5=ycNoSVGCCP5YqWro23rJe9THTrLpeEXmww@mail.gmail.com>
[not found] ` <50A2EF09.5030002@ngtech.co.il>
2012-11-14 1:31 ` Jörn Krebs
2012-11-14 1:43 ` Eliezer Croitoru
2012-11-14 1:47 ` Jan Engelhardt
2012-11-14 2:35 ` Jörn Krebs
2012-11-14 11:23 ` Jan Engelhardt
2012-11-14 15:38 ` Eliezer Croitoru
2012-11-14 15:54 ` Jan Engelhardt
2012-11-14 16:01 ` Eliezer Croitoru
2012-11-14 21:33 ` Jörn Krebs
-- strict thread matches above, loose matches on Subject: below --
2012-11-14 22:41 Jörn Krebs
2012-11-14 23:38 ` Jan Engelhardt
2012-11-15 0:15 ` Jörn Krebs
2012-11-15 0:40 ` Payam Chychi
2012-11-15 5:04 ` Jan Engelhardt
2012-11-15 5:28 ` Eliezer Croitoru
2012-11-15 7:43 ` Jörn Krebs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50A213B1.4050601@ngtech.co.il \
--to=eliezer@ngtech.co.il \
--cc=jk@smartbyte.de \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.