[LARTC] Re: iptables rule not matching after stream begins
Bob Beers
bob.beers at gmail.com
Tue Nov 21 15:10:42 CET 2006
Thank you, Joe, for your response
On 11/20/06, Flophouse Joe <flophousejoe-lartc-zvbbfzu at halibutdepot.org> wrote:
> Have you considered testing any of the patches from netfilter's
> patch-o-matic?
I will consider doing just that.
>
> There are two patches that seem promising. Quoting from the netfilter
> website:
>
> http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-rtsp-conntrack
...
> http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-sip-conntrack-nat
...
Thanks for the pointers.
But, I think my problem is really more basic. I only mentioned
that it was SIP related for background.
Let me try to restate my question:
Is it a common problem that inserting a rule after a (UDP) stream is
established does not match the rule, even though the exact same
rule for the exact same stream does match, as long as it is inserted
before the first packet of the stream arrives?
If so, (that it is a common, or at least known, problem), how does
one overcome this problem? Is there a way to "disconnect" the
stream, once the rule is installed, so that can match? Like I said
in the original post, everything works right, as long as my rule
wins the race with the first packet.
Any other hints most welcome, meanwhile I will examine the two
patches mentioned. Thanks,
>
> Joe
>
Bob
More information about the LARTC
mailing list