Hi,

usually there is a src-nat 192.168.3.0/24 to 3.3.3.3 for our phones and they go into a tunnel.
Today the other end of the tunnel crashed (leap second) and the l2tp-tunnel interface was down. So src-nat rule (relying on out-interface) was invalid and NAT did not longer apply.
Finally the tunnel came up again and the SIP packets were routed correctly again into the tunnel (checked by packet-sniffer). But the SRC-NAT rule did not show any activities. Except one all phones went to the tunnel with their 192.168.3.x IP. Packet counter of the rule did not increase. A reboot of the router fixed the problem and SRC-NAT was working again.

Additionally I watch the counter now (when everything is working) and it is at 42. But at the VoIP server I have seen about 500 SIP packets. So I guess there is some mechanism that prevents going through all NAT rules while a connection is active. Something like established & related in the filter rules.
But with NAT I do not know where to find, I have no rule like this and also did not find documentation for this.

Could anyone give me hint, please?

Thank you
Martin

Not sure, but could be the src-nat rule just counts the first packet that makes that "new connection" for conntrack (that get masqueraded).