NAT question on holding back a port
Thu Aug 19 11:06:20 CEST 2004
Content-Type: text/plain; charset=us-ascii
On Wed, Aug 18, 2004 at 03:38:09PM +0530, Atanu.Mondal@infineon.com wrote:
> Hi All,
> I have a unique requirement.. I am writing a SIP ALG and am facing with
> the following situation.
Are you aware that somebody else (forgot his name, please look in the
list archives) is already working on a SIP conntrack/nat ALG for
> The local Lan SIP phone sends a registration message and along with it ,
> its own contact port number. This gets SRC natted and the SIP ALG
> the Lan contact address and contact port to a Firewall global address
> and contact port... A DNAT rule also get added dynamically on this
> global address and contact port so that any WAN phone calling on this
> global address and contact port will get DNAT ed to the lan SIP phone.
you don't add rules in such a case but 'raise expectations'. Please
read the numerous other NAT helpers available in patch-o-matic-ng.
> Now any phone on the WAN can connect the lan phone by calling on this
> contact address and contact port.
> My problem arises from the part that if the conntrack created by the
> Registration message goes off, and any other application is given that
> global port(NAT checks only for unique tuple match to assign port)..
I don't really see how this would happen if you raise an expectation
with unspecified source port/ip.
> Atanu Mondal
- Harald Welte <email@example.com> http://www.netfilter.org/
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the netfilter-devel