Hello, At 08/03/2002 15:52, you wrote: > > No. The NAT module (and the conntrack part as well) is very primitive: it > changes only the "IP-address port" "sequences" in the packets. > Naked "IP-address" sequences remain unmodified.
i don't understand what you say, ether real show me a IP address-Port sequence in the incriminated packet : ====> piece of ether real trace unicastAddress iPAddress network: 192.168.0.25 (192.168.0.25) tsapIdentifier: 1503 ===== (you remenber : 192.168.0.25 is the private IP of the OTHER computer) I don't see why the nat module won't match this sequence. As this packet is h245, it has been processed by h245_help (conntrack) first. Then, in the for (i=0 ...) loop, the first if statement should be true as many times as it see source ip adress in the packet, right ? And then, it stores information and call ip_conntrack_expect_related, right ? But, WHY THE HELL the nat helper function is not called twice on this packet ? Is this related with the fact the port that we found in this sequence is 1503, port that has already been forwarded (statically) ? Regards, -- Cl�ment Moreau Inventel Syst�mes -- www.inventel.com PARIS Meet Inventel at those shows / Nos prochains rendez-vous : - CeBIT 2002 March 13-20 : Hall 27 / Booth F23 & Hall 13 Bluetooth pavilion - Bluetooth Congress Amsterdam 2002 June 11-14 / Booth 401
