View previous topic :: View next topic |
Author |
Message |
putsli
Joined: 25 Jul 2009 Posts: 2
|
Posted: Sun Jul 26, 2009 6:10 am Post subject: Failed to remove NAT-PMP mapping. |
|
|
Greetings, first of all I wish to many thanks to the maintainer for the done work. I have started to use recently miniupnpd and have noticed in logs: miniupnpd [3632]: Failed to remove NAT-PMP mapping eport 59143, protocol UDP
As i have understood rules are not deleted from chains iptables. Prompt please in what there can be a business. Thanks in advance for any answer. |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Mon Jul 27, 2009 9:22 am Post subject: |
|
|
Please include more details on :
* Which version of miniupnpd you are using, and how you compiled it.
* which system do you use. If using linux, which version of ipfilter/iptables.
thanks _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
putsli
Joined: 25 Jul 2009 Posts: 2
|
Posted: Mon Jul 27, 2009 11:49 am Post subject: |
|
|
I'm use miniupnpd 1.3 (20090605) and compile it with gcc 4.3 and Makefile.linux. I'm use Debian 5.0 kernel 2.6.26 and iptables 1.4.4. The error does not appear any more in a logs, but unnecessary rules do not leave from chains iptables and also there are records in upnp.lease file.
My miniupnpd.conf
Code: |
# WAN network interface
#ext_ifname=eth0
ext_ifname=ppp0
# if the WAN interface has several IP addresses, you
# can specify the one to use below
#ext_ip=
# LAN network interfaces IPs / networks
# there can be multiple listening ips for SSDP traffic.
# should be under the form nnn.nnn.nnn.nnn/nn
# HTTP is available on all interfaces
#listening_ip=192.168.0.1/24
listening_ip=192.168.1.1/28
#listening_ip=
# port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
#port=0
# path to the unix socket used to communicate with MiniSSDPd
# If running, MiniSSDPd will manage M-SEARCH answering.
# default is /var/run/minissdpd.sock
#minissdpdsocket=/var/run/minissdpd.sock
# enable NAT-PMP support (default is no)
enable_natpmp=yes
# enable UPNP support (default is yes)
enable_upnp=yes
# chain names for netfilter (not used for pf or ipf).
# default is MINIUPNPD for both
#upnp_forward_chain=forwardUPnP
#upnp_nat_chain=UPnP
# lease file location
lease_file=/var/tmp/upnp.leases
# bitrates reported by daemon in bits per second
bitrate_up=1750000
bitrate_down=1750000
# "secure" mode : when enabled, UPnP client are allowed to add mappings only
# to their IP.
secure_mode=yes
#secure_mode=no
# default presentation url is http address on port 80
# If set to an empty string, no presentationURL element will appear
# in the XML description of the device, which prevents MS Windows
# from displaying an icon in the "Network Connections" panel.
#presentation_url=http://www.mylan/index.php
# report system uptime instead of daemon uptime
system_uptime=yes
# notify interval in seconds. default is 30 seconds.
#notify_interval=240
notify_interval=60
# unused rules cleaning.
# never remove any rule before this threshold for the number
# of redirections is exceeded. default to 20
#clean_ruleset_threshold=10
# clean process work interval in seconds. default to 0 (disabled).
# a 600 seconds (10 minutes) interval makes sense
clean_ruleset_interval=600
# log packets in pf
#packet_log=no
# ALTQ queue in pf
# filter rules must be used for this to be used.
# compile with PF_ENABLE_FILTER_RULES (see config.h file)
#queue=queue_name1
# tag name in pf
#tag=tag_name1
# make filter rules in pf quick or not. default is yes
# active when compiled with PF_ENABLE_FILTER_RULES (see config.h file)
#quickrules=no
# uuid : generate your own with "make genuuid"
uuid=ce4b8967-077c-46bc-91eb-9aca8611add2
# serial and model number the daemon will report to clients
# in its XML description
serial=12345678
model_number=Alix2D3
# UPnP permission rules
# (allow|deny) (external port range) ip/mask (internal port range)
# A port range is <min port>-<max port> or <port> if there is only
# one port in the range.
# ip/mask format must be nn.nn.nn.nn/nn
# it is advised to only allow redirection of port above 1024
# and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
#allow 1024-65535 192.168.0.0/24 1024-65535
allow 1024-65535 192.168.1.0/28 1024-65535
#allow 1024-65535 192.168.0.0/23 22
#allow 12345 192.168.7.113/32 54321
deny 0-65535 0.0.0.0/0 0-65535
|
|
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Tue Aug 04, 2009 10:34 am Post subject: |
|
|
useless rules are not cleaned until the clean_ruleset_threshold is reached. _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
|