From: Eliezer Croitoru <eliezer@ngtech.co.il>
To: Jan Engelhardt <jengelh@inai.de>
Cc: "Jörn Krebs" <jk@smartbyte.de>, netfilter <netfilter@vger.kernel.org>
Subject: Re: VoIP conntrack issue
Date: Wed, 14 Nov 2012 18:01:47 +0200 [thread overview]
Message-ID: <50A3C06B.2050301@ngtech.co.il> (raw)
In-Reply-To: <alpine.LNX.2.01.1211141648280.17446@nerf07.vanv.qr>
On 11/14/2012 5:54 PM, Jan Engelhardt wrote:
> On Wednesday 2012-11-14 16:38, Eliezer Croitoru wrote:
>
>> >Or instead just use DNAT with specific ports that will allow any other
>> >traffic from this host to others based on basic NAT what called
>> >"port-forwarding"
> Port forwarding is a terrible misnomer, because the port itself is an
> entity belonging to the host, and as such static. NA(P)T, or "port
> mapping" if you have to, is just fine and catches the spirit properly.
> If you need a car analogy, you can't move the piers/ports either, only
> the ships.
>
> That said, DNAT is exactly what I gave as one way of resolution. From
> there, one can use --dport(s) as needed, but then that's not a full 1:1
> NAT anymore.
> (I get the feeling my mail was ignored, perhaps you should go through
> the text and bottom post like everybody else.)
>
>>> >> iptables -t nat -A PREROUTING -i internet [-d 114.XX.234.123] \
>>> >> -j DNAT --to 192.168.1.38
Since he has very specific problem I suggested to do that which extends
your saying.
By the way you spelled it better then me..
Regards,
Eliezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
next prev parent reply other threads:[~2012-11-14 16:01 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-13 2:49 VoIP conntrack issue Jörn Krebs
2012-11-13 3:02 ` Neal Murphy
2012-11-13 3:20 ` Jörn Krebs
2012-11-13 9:32 ` Eliezer Croitoru
2012-11-13 11:42 ` Jörn Krebs
2012-11-13 15:13 ` /dev/rob0
2012-11-13 20:09 ` Eliezer Croitoru
[not found] ` <CABY2qi8w6eDME-OUYM_5Y8Pk63TxBudoHkC54EdzHtuEwQGjZQ@mail.gmail.com>
2012-11-13 22:51 ` Fwd: " Jörn Krebs
2012-11-14 1:09 ` Eliezer Croitoru
[not found] ` <CABY2qi_SsfZWzD5=ycNoSVGCCP5YqWro23rJe9THTrLpeEXmww@mail.gmail.com>
[not found] ` <50A2EF09.5030002@ngtech.co.il>
2012-11-14 1:31 ` Jörn Krebs
2012-11-14 1:43 ` Eliezer Croitoru
2012-11-14 1:47 ` Jan Engelhardt
2012-11-14 2:35 ` Jörn Krebs
2012-11-14 11:23 ` Jan Engelhardt
2012-11-14 15:38 ` Eliezer Croitoru
2012-11-14 15:54 ` Jan Engelhardt
2012-11-14 16:01 ` Eliezer Croitoru [this message]
2012-11-14 21:33 ` Jörn Krebs
[not found] <CABY2qi8n0ttC99_UktcT+Jwnd9WCCsvk5+ug1GXrrYbd9ixxWw@mail.gmail.com>
[not found] ` <alpine.LNX.2.01.1211150035180.32273@nerf07.vanv.qr>
2012-11-15 0:15 ` Jörn Krebs
2012-11-15 0:40 ` Payam Chychi
2012-11-15 5:04 ` Jan Engelhardt
2012-11-15 5:28 ` Eliezer Croitoru
2012-11-15 7:43 ` Jörn Krebs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50A3C06B.2050301@ngtech.co.il \
--to=eliezer@ngtech.co.il \
--cc=jengelh@inai.de \
--cc=jk@smartbyte.de \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox