Q:

I want to simply forward the RTP packet received from one IP:Port pair to another IP:Port pair. I have already done it with iptables. iptables use conntrack module. But there is no need of conntrack in my application. So I want to do it with stateless NAT. I have found that statless NAT rules can be executed with "ip route add nat" command e.g

ip route add nat 205.254.211.17 via 192.168.100.17

This command tells the kernel to perform network address translation on any packet bound for 205.254.211.17. The parameter via tells the NAT code to rewrite the packet bound for 205.254.211.17 with the new destination address 192.168.100.17.

As I understand, the problem is this will forward all packets bound for 205.254.211.17 to 192.168.100.17. Is there any option to forward RTP packets received on specific port of 205.254.211.17 to another IP:Port?

全球最大HTTPs证书提供商之一的Let's Encrypt根证书于9月30日过期，如果你不幸跟我一样未能在9.30日之前更新系统根证书，将导致系统更新失败以及众多的程序运行异常。

Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 201.0.222.9 443]
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

一般的监控系统只是监测证书的有效期，并不会太多注意到根证书的有效期，监控系统也不会发出提示预警。因此，网站运维人员应尽快自查正在使用的 Let's Encrypt品牌证书，或尽快更新其他品牌的证书
解决办法，删掉对应过期根证书，重新拉新的。

sudo rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
sudo update-ca-certificates

参考：
https://community.letsencrypt.org/t/help-thread-for-dst-root-ca-x3-expiration-september-2021/149190/324