View previous topic :: View next topic |
Author |
Message |
Riel
Joined: 12 Feb 2010 Posts: 5
|
Posted: Fri Feb 12, 2010 10:56 pm Post subject: Basic configuration problem |
|
|
I am trying to use miniupnpd on my network, but Upnp protocol is quite a mystery to me, so I wonder how to set up everything in place.
My configuration is the following :
- a private network 192.168.103/24 containing Upnp server (192.168.103.2)
- a dmz network 192.168.102/24 containg Upnp clients
- a freeBSD firewall between both, with 192.168.103.245 on interface sis0 and 192.168.102.32 on interface sis2. The firewall applies NAT to all traffic going from the private network to the dmz.
What I need is to make the Upnp clients see the server, but I'm not sure of what my configuration file should contain. I used :
Code: | ext_ifname=sis2
listening_ip=192.168.102.32 |
but this does not seem to work (despite having added hooks in the pf configuration). Can someone tell me if this two options are the good ones or if I missed the point ?
Thanks, |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Sat Feb 13, 2010 9:37 am Post subject: |
|
|
Usually UPNP is used for letting clients on a private network access the Internet !
It is not designed to command gateways between two private networks _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
Riel
Joined: 12 Feb 2010 Posts: 5
|
Posted: Sat Feb 13, 2010 11:53 am Post subject: |
|
|
Too bad. I though the same daemon could do the job for me I do not really see a difference between private/internet and private/private network... Any clue of how I could make things work in my case ?
Anyway, thank you very much for your quick answer ! |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Sat Feb 13, 2010 2:11 pm Post subject: |
|
|
Well in the first place I dont understand why you need NAT between 192.168.103/24 and 192.168.102/24.
What are you trying to do ? _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
Riel
Joined: 12 Feb 2010 Posts: 5
|
Posted: Sat Feb 13, 2010 4:22 pm Post subject: |
|
|
Well, problem is that servers in the dmz network (192.168.102/24) use DHCP and have their default gateway on a router provided by my ISP (a freebox) and I cannot add a route to 192.168.103/24 on this equipment.
So, if a computer in the DMZ tries to access my Upnp server without doing any NAT, packets will be sent to my freebox, which will drop them or route them on internet, or whatever (but never sending them where I want to, on my private network through my firewall).
That's why I need some translation of some kind. Currently I am compiling a new BSD kernel to use mrouted to forward multicast upnp packets, and using a binat 192.168.102.2 <-> 192.168.103.2, but I do not know if this will be enough for Upnp to work (especially if dynamic ports are used...) |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Sun Feb 14, 2010 9:00 am Post subject: |
|
|
Indeed it is impossible to add a route to the freebox. Thats a shame.
What I'll do is set the freebox in bridge mode and use the freebsd box as router. 3 network interfaces on the box : 1 for the internet (freebox), 1 for 192.168.102/24 and one for 192.168.103/24. That way you'll be able to do whatever you want with routing and filtering. _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
Riel
Joined: 12 Feb 2010 Posts: 5
|
Posted: Sun Feb 14, 2010 10:24 am Post subject: |
|
|
Yeah, too bad we cannot mess somewhat more with a freebox ! Adding this route would make the trick (the goal is in fact ot make the freebox access the upnp server on the private network)
Thanks for your suggestion. I already considered it, but that would require lots of changes on a bunch of equipments. I didn't mention that there are also two wifi networks around (one private, on DMZ), some VPN, etc .
Just to make things clear to me, if I :
- make multicast go through my BSD firewall
- do basic (IP) translation to masquerade the Upnp server
should things work or is the Upnp protocol too tricky for that ? I guess it will not work (hence miniupnpd), but my knowledge of this protocol is close from nothing. |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Sun Feb 14, 2010 11:50 am Post subject: |
|
|
If I understand,
192.168.103/24 ==(bsd box/NAT)==> 192.168.102/24 ==(freebox NAT)==> Internet.
In that setup, upnp can do nothing for you... _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
Riel
Joined: 12 Feb 2010 Posts: 5
|
Posted: Sun Feb 14, 2010 8:20 pm Post subject: |
|
|
Your understanding of the setup is correct. I didn't expect upnp was so hard to put in place with NAT
Thank you very much for your help ! |
|
Back to top |
|
|
|