From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: re : iptables resources consumed
Date: Sat, 05 Jul 2008 18:46:56 -0500 [thread overview]
Message-ID: <487007F0.8080704@riverviewtech.net> (raw)
In-Reply-To: <VPOP31.4.0e.20080704144214.906.2.1.00149acd@matrixindia>
On 7/4/2008 4:12 AM, Elison Niven wrote:
> Well, this is not a problem at all. The source IP that the DSP puts
> in the *RTP packets* it generates can be changed dynamically at
> runtime. And it can be different for different RTP sessions as well,
> not that I would need to do it. That apart, this is allowed only for
> *RTP packets* (this traffic has to forwarded out from eth0). All
> other packets (the only ones that remain are the DSP control packets
> directed towards my system) use the source IP as the actual DSP IP
> address.
Ok. The, I suppose you can spoof the source IP if you want to.
> Ok, but all the packets that I need to send to the DSPs will reach my
> system and will have destination IP belonging to my system. They are
> not needed to be processed by my system but are to be sent to the
> DSPs. How do I do that?
Right, this is why you DNAT them to the DSPs inside.
> Well, actually this list is dynamic and can change at runtime. The
> actual port numbers and IP addresses depend on the SIP/SDP
> negotiation.
Uh, this could make for a bit of fun. It is trivial to write an
IPTables rule to match based on static source / destination IP and / or
source / destination port or any combination there of. However to match
the dynamic ports, you will need may need a helper to find what is
negotiated.
Question: Is filtering out packets from the DSPs other than what you
have mentioned a must or is it ok if packets leak out. In other words,
do they have to be filtered (prevent them from going) out as long as the
RTP packets go where they are suppose to go?
> Thanks a lot for helping me out.
*nod* You are welcome.
Grant. . . .
next prev parent reply other threads:[~2008-07-05 23:46 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-04 5:22 iptables resources consumed Elison Niven
2008-07-04 6:26 ` Grant Taylor
2008-07-04 9:12 ` re : " Elison Niven
2008-07-05 23:46 ` Grant Taylor [this message]
2008-07-07 5:32 ` Elison Niven
2008-07-07 15:04 ` Grant Taylor
2008-07-07 15:49 ` Grant Taylor
-- strict thread matches above, loose matches on Subject: below --
2008-07-03 13:40 Re : " Elison Niven
2008-07-03 18:05 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=487007F0.8080704@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox