From: Eliezer Croitoru <eliezer@ngtech.co.il>
To: Jan Engelhardt <jengelh@inai.de>
Cc: "Jörn Krebs" <jk@smartbyte.de>, netfilter <netfilter@vger.kernel.org>
Subject: Re: VoIP conntrack issue
Date: Wed, 14 Nov 2012 18:01:47 +0200 [thread overview]
Message-ID: <50A3C06B.2050301@ngtech.co.il> (raw)
In-Reply-To: <alpine.LNX.2.01.1211141648280.17446@nerf07.vanv.qr>
On 11/14/2012 5:54 PM, Jan Engelhardt wrote:
> On Wednesday 2012-11-14 16:38, Eliezer Croitoru wrote:
>
>> >Or instead just use DNAT with specific ports that will allow any other
>> >traffic from this host to others based on basic NAT what called
>> >"port-forwarding"
> Port forwarding is a terrible misnomer, because the port itself is an
> entity belonging to the host, and as such static. NA(P)T, or "port
> mapping" if you have to, is just fine and catches the spirit properly.
> If you need a car analogy, you can't move the piers/ports either, only
> the ships.
>
> That said, DNAT is exactly what I gave as one way of resolution. From
> there, one can use --dport(s) as needed, but then that's not a full 1:1
> NAT anymore.
> (I get the feeling my mail was ignored, perhaps you should go through
> the text and bottom post like everybody else.)
>
>>> >> iptables -t nat -A PREROUTING -i internet [-d 114.XX.234.123] \
>>> >> -j DNAT --to 192.168.1.38
Since he has very specific problem I suggested to do that which extends
your saying.
By the way you spelled it better then me..
Regards,
Eliezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
next prev parent reply other threads:[~2012-11-14 16:01 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-13 2:49 VoIP conntrack issue Jörn Krebs
2012-11-13 3:02 ` Neal Murphy
2012-11-13 3:20 ` Jörn Krebs
2012-11-13 9:32 ` Eliezer Croitoru
2012-11-13 11:42 ` Jörn Krebs
2012-11-13 15:13 ` /dev/rob0
2012-11-13 20:09 ` Eliezer Croitoru
[not found] ` <CABY2qi8w6eDME-OUYM_5Y8Pk63TxBudoHkC54EdzHtuEwQGjZQ@mail.gmail.com>
2012-11-13 22:51 ` Fwd: " Jörn Krebs
2012-11-14 1:09 ` Eliezer Croitoru
[not found] ` <CABY2qi_SsfZWzD5=ycNoSVGCCP5YqWro23rJe9THTrLpeEXmww@mail.gmail.com>
[not found] ` <50A2EF09.5030002@ngtech.co.il>
2012-11-14 1:31 ` Jörn Krebs
2012-11-14 1:43 ` Eliezer Croitoru
2012-11-14 1:47 ` Jan Engelhardt
2012-11-14 2:35 ` Jörn Krebs
2012-11-14 11:23 ` Jan Engelhardt
2012-11-14 15:38 ` Eliezer Croitoru
2012-11-14 15:54 ` Jan Engelhardt
2012-11-14 16:01 ` Eliezer Croitoru [this message]
2012-11-14 21:33 ` Jörn Krebs
-- strict thread matches above, loose matches on Subject: below --
2012-11-14 22:41 Jörn Krebs
2012-11-14 23:38 ` Jan Engelhardt
2012-11-15 0:15 ` Jörn Krebs
2012-11-15 0:40 ` Payam Chychi
2012-11-15 5:04 ` Jan Engelhardt
2012-11-15 5:28 ` Eliezer Croitoru
2012-11-15 7:43 ` Jörn Krebs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50A3C06B.2050301@ngtech.co.il \
--to=eliezer@ngtech.co.il \
--cc=jengelh@inai.de \
--cc=jk@smartbyte.de \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.