/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
Ezequiel wrote: > Hi everyone!.. > > im doing a setup whit a firewall on linux redhat 7.0 whit kernel 2.2.18. > The schema is a VoIP (Voice over IP), an the comunicatios are UDP. > > example setup: > > > [GW VoIP] -> [Linux FW] -> > [inet] -> [Remote GW VoIP] > 10.10.0.2 10.10.0.1 > 200.200.200.200 100.100.100.100 > > well the schema seems to be easy, but i have here my problem: > > > src 10.10.0.2 src port 5010 -> dst 100.100.100.100 dst udp port > 5010 > > after the masq process the packet: > > src 200.200.200.200 src port 61321 -> dst 100.100.100.100 dst udp > port 5010 > (the source port from the masq box are ephemeral!, not fixed!) > v > so when the reply come from the Remote GW: > > src 100.100.100.100 src port 5010 -> dst 200.200.200.200 dst udp > port 5010 > > here is the problem, the protocol use by Clarent VoIP have a fixed > stream comunication over UDP port 5010!.. so when the last packet come > from 100.100.100.1000 to port 200.200.200.200 5010 the kernel send a > icmp port unreachable, logical but sad for me. > > is there any way to fix this issue? i have to develop a module? if the > solution is develop a kernel masq module where to start is the question. > i have develop some kernel modules, but not for masq. you could try setting up port forwarding of port 5010. that would probably keep the port numbers the same. alternatively, you could try the 2.4 kernel and iptables. when it masquerades, it keeps port numbers the same unless it has to alter them. otherwise, you will need to write a module. other modules that perform a similar function would be a good place to start. > Thanks. > > Ezequiel, raf _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
