View previous topic :: View next topic |
Author |
Message |
SoLoR
Joined: 30 May 2009 Posts: 36
|
Posted: Thu Jan 20, 2011 12:26 pm Post subject: poluted netfilter tabels. |
|
|
For some reason rules in table filter does not get removed... ever, while table nat works as it should. for example after ~12h
1 redirection currently active for utorrent:
mih ~ # iptables -t nat -L MINIUPNPD
Chain MINIUPNPD (1 references)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:12177 to:10.0.0.2:12177
DNAT udp -- anywhere anywhere udp dpt:12177 to:10.0.0.2:12177
mih ~ # iptables -t filter -L MINIUPNPD
Chain MINIUPNPD (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere solor tcp dpt:42193
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT tcp -- anywhere solor tcp dpt:42061
ACCEPT udp -- anywhere solor udp dpt:42061
ACCEPT tcp -- anywhere solor tcp dpt:46513
ACCEPT udp -- anywhere solor udp dpt:46513
ACCEPT tcp -- anywhere solor tcp dpt:42193
ACCEPT tcp -- anywhere solor tcp dpt:42193
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT tcp -- anywhere solor tcp dpt:42193
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT udp -- anywhere solor-iphone udp dpt:mdns
ACCEPT tcp -- anywhere solor tcp dpt:57878
ACCEPT udp -- anywhere solor udp dpt:57878
ACCEPT tcp -- anywhere solor tcp dpt:24387
ACCEPT udp -- anywhere solor udp dpt:24387
ACCEPT tcp -- anywhere solor tcp dpt:12177
ACCEPT udp -- anywhere solor udp dpt:12177
also why is forward chain (table filter) even needed? If i set it to something that doesnt exist it seems to have no effect at all... only thing i notice are errors like this in syslog but nat redirections still seems work:
Jan 20 13:23:47 mih miniupnpd[10166]: add_filter_rule() : iptc_is_chain() error : No chain/target/match by that name
Jan 20 13:23:47 mih miniupnpd[10166]: add_filter_rule() : iptc_is_chain() error : No chain/target/match by that name
this is with iptables v1.4.10 |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Fri Jan 21, 2011 11:40 am Post subject: |
|
|
which version of miniupnpd are you using ? _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
SoLoR
Joined: 30 May 2009 Posts: 36
|
Posted: Fri Jan 21, 2011 10:40 pm Post subject: |
|
|
miniupnp wrote: | which version of miniupnpd are you using ? |
latest 1.5, funny thins is i didnt notice this earlyer and im using miniupnpd for few years so it might be something new... or i simply just didnt notice it before |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Sat Jan 22, 2011 8:55 am Post subject: |
|
|
SoLoR wrote: | miniupnp wrote: | which version of miniupnpd are you using ? |
latest 1.5, funny thins is i didnt notice this earlyer and im using miniupnpd for few years so it might be something new... or i simply just didnt notice it before |
There may be a new bug. _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Sat Jan 22, 2011 9:02 am Post subject: |
|
|
There were some recent changes in iptcrdr.c.
the current version is 1.33 (cvs version of the file) commited 2010/09/27.
Could you try with the 1.32 version of this file which should be included in miniupnpd-1.4.20100921.tar.gz.
I dont have time to check the code now, but I'll try next week _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
SoLoR
Joined: 30 May 2009 Posts: 36
|
Posted: Sat Jan 22, 2011 9:56 am Post subject: |
|
|
i can confirm iptcrdr.c v1.32 fixes this issue. |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
|
Back to top |
|
|
SoLoR
Joined: 30 May 2009 Posts: 36
|
Posted: Thu Jan 27, 2011 7:36 pm Post subject: |
|
|
yes this version works, but i guess end goal is to fix that ipcrdr.c patch. |
|
Back to top |
|
|
AlexeyS
Joined: 27 Sep 2009 Posts: 7
|
|
Back to top |
|
|
SoLoR
Joined: 30 May 2009 Posts: 36
|
Posted: Fri Jan 28, 2011 11:46 am Post subject: |
|
|
confirmed fixed. ill report if ill notice anyy more problems. |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Tue Mar 01, 2011 3:45 pm Post subject: |
|
|
SoLoR wrote: |
confirmed fixed. ill report if ill notice anyy more problems. |
It seams there can be some problem when the external and internal port of the port mapping are not the same. _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
|
Back to top |
|
|
SoLoR
Joined: 30 May 2009 Posts: 36
|
Posted: Wed Mar 02, 2011 4:52 pm Post subject: |
|
|
no issues for me with 20110302. |
|
Back to top |
|
|
|