miniupnp.tuxfamily.org Forum Index miniupnp.tuxfamily.org
The forum about miniupnp and libnatpmp
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

poluted netfilter tabels.

 
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Bugs
View previous topic :: View next topic  
Author Message
SoLoR



Joined: 30 May 2009
Posts: 36

PostPosted: Thu Jan 20, 2011 12:26 pm    Post subject: poluted netfilter tabels. Reply with quote

For some reason rules in table filter does not get removed... ever, while table nat works as it should. for example after ~12h

1 redirection currently active for utorrent:

mih ~ # iptables -t nat -L MINIUPNPD
Chain MINIUPNPD (1 references)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:12177 to:10.0.0.2:12177
DNAT udp -- anywhere anywhere udp dpt:12177 to:10.0.0.2:12177

mih ~ # iptables -t filter -L MINIUPNPD
Chain MINIUPNPD (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere solor tcp dpt:42193
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT tcp -- anywhere solor tcp dpt:42061
ACCEPT udp -- anywhere solor udp dpt:42061
ACCEPT tcp -- anywhere solor tcp dpt:46513
ACCEPT udp -- anywhere solor udp dpt:46513
ACCEPT tcp -- anywhere solor tcp dpt:42193
ACCEPT tcp -- anywhere solor tcp dpt:42193
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT tcp -- anywhere solor tcp dpt:42193
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT tcp -- anywhere solor tcp dpt:57878
ACCEPT udp -- anywhere solor udp dpt:57878
ACCEPT tcp -- anywhere solor tcp dpt:24387
ACCEPT udp -- anywhere solor udp dpt:24387
ACCEPT tcp -- anywhere solor tcp dpt:12177
ACCEPT udp -- anywhere solor udp dpt:12177


also why is forward chain (table filter) even needed? If i set it to something that doesnt exist it seems to have no effect at all... only thing i notice are errors like this in syslog but nat redirections still seems work:

Jan 20 13:23:47 mih miniupnpd[10166]: add_filter_rule() : iptc_is_chain() error : No chain/target/match by that name
Jan 20 13:23:47 mih miniupnpd[10166]: add_filter_rule() : iptc_is_chain() error : No chain/target/match by that name

this is with iptables v1.4.10
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1589

PostPosted: Fri Jan 21, 2011 11:40 am    Post subject: Reply with quote

which version of miniupnpd are you using ?
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
SoLoR



Joined: 30 May 2009
Posts: 36

PostPosted: Fri Jan 21, 2011 10:40 pm    Post subject: Reply with quote

miniupnp wrote:
which version of miniupnpd are you using ?


latest 1.5, funny thins is i didnt notice this earlyer and im using miniupnpd for few years so it might be something new... or i simply just didnt notice it before Smile
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1589

PostPosted: Sat Jan 22, 2011 8:55 am    Post subject: Reply with quote

SoLoR wrote:
miniupnp wrote:
which version of miniupnpd are you using ?


latest 1.5, funny thins is i didnt notice this earlyer and im using miniupnpd for few years so it might be something new... or i simply just didnt notice it before Smile

There may be a new bug.
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1589

PostPosted: Sat Jan 22, 2011 9:02 am    Post subject: Reply with quote

There were some recent changes in iptcrdr.c.
the current version is 1.33 (cvs version of the file) commited 2010/09/27.
Could you try with the 1.32 version of this file which should be included in miniupnpd-1.4.20100921.tar.gz.

I dont have time to check the code now, but I'll try next week
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
SoLoR



Joined: 30 May 2009
Posts: 36

PostPosted: Sat Jan 22, 2011 9:56 am    Post subject: Reply with quote

i can confirm iptcrdr.c v1.32 fixes this issue.
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1589

PostPosted: Thu Jan 27, 2011 5:25 pm    Post subject: Reply with quote

see http://miniupnp.tuxfamily.org/forum/viewtopic.php?t=664
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1589

PostPosted: Thu Jan 27, 2011 5:52 pm    Post subject: Reply with quote

I sort of reverted the changes to fix the problem :
miniupnpd-1.5.20110127.tar.gz
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
SoLoR



Joined: 30 May 2009
Posts: 36

PostPosted: Thu Jan 27, 2011 7:36 pm    Post subject: Reply with quote

miniupnp wrote:
I sort of reverted the changes to fix the problem :
miniupnpd-1.5.20110127.tar.gz


yes this version works, but i guess end goal is to fix that ipcrdr.c patch.
Back to top
View user's profile Send private message
AlexeyS



Joined: 27 Sep 2009
Posts: 7

PostPosted: Fri Jan 28, 2011 9:08 am    Post subject: Reply with quote

Path for iptcrdr.c version 1.33: http://alxdm.dyndns-at-work.com:808/files/iptcrdr_1.33_fix.diff
Also, full source fixed: http://alxdm.dyndns-at-work.com:808/files/iptcrdr.c

Please test.


Last edited by AlexeyS on Wed Apr 20, 2011 9:31 am; edited 1 time in total
Back to top
View user's profile Send private message
SoLoR



Joined: 30 May 2009
Posts: 36

PostPosted: Fri Jan 28, 2011 11:46 am    Post subject: Reply with quote

AlexeyS wrote:
Path for iptcrdr.c version 1.33: http://195.70.197.11:808/files/iptcrdr_1.33_fix.diff
Also, full source fixed: http://195.70.197.11:808/files/iptcrdr.c

Please test.


confirmed fixed. ill report if ill notice anyy more problems.
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1589

PostPosted: Tue Mar 01, 2011 3:45 pm    Post subject: Reply with quote

SoLoR wrote:
AlexeyS wrote:
Path for iptcrdr.c version 1.33: http://195.70.197.11:808/files/iptcrdr_1.33_fix.diff
Also, full source fixed: http://195.70.197.11:808/files/iptcrdr.c

Please test.


confirmed fixed. ill report if ill notice anyy more problems.

It seams there can be some problem when the external and internal port of the port mapping are not the same.
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1589

PostPosted: Wed Mar 02, 2011 4:20 pm    Post subject: Reply with quote

this code should work in all cases :
miniupnpd-1.5.20110302.tar.gz
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
SoLoR



Joined: 30 May 2009
Posts: 36

PostPosted: Wed Mar 02, 2011 4:52 pm    Post subject: Reply with quote

no issues for me with 20110302.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Bugs All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP
© 2007 Thomas Bernard, author of MiniUPNP.