View previous topic :: View next topic |
Author |
Message |
weixing979
Joined: 16 Feb 2023 Posts: 6 Location: china
|
Posted: Thu Feb 16, 2023 9:06 am Post subject: When the wan ip changed, or wan interface changed, how to? |
|
|
Hello ,
I am using miniupnpd 2.3.2 in my CPE device, the CPE has multiple Cellular network wan interface , CPE can only use one of these interfaces to connect internet at the same time.
I have some questions about the wan ip or wan interface changed.
1 Wan interface is Cellular Wan, it's name is ccmni1, and miniupnpd is running (its external_iface wan is ccmni1), and port mapping rules has been created for lan device.
When ccmni1 interface happens down/ up, and it's public ip changed. In this scenario,what I will do ?
If I do nothing, the port mapping rules can continue work?
Does it need restart miniupnpd?
2 Wan interface is Cellular Wan, it's name is ccmni1, and miniupnpd is running (its external_iface wan is ccmni1), and port mapping rules has been created for lan device.
But user modify the CPE configure , CPE use another interface ccmni2 to connect internet , ccmni1 can not connect internet now.
In this scenario, do I need restart miniupnpd?
If yes, the port mapping rules will be deleted, then how to resume these rules ?
thank you very much. |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1592
|
Posted: Fri Feb 17, 2023 3:00 am Post subject: |
|
|
Scenario 1 : it all depends on your configuration. Which OS ? which packet filtering / masquerading engine ? (pf, netfilter iptables ? netfilter nftables ?)
Scenario 2 : indeed if the external network interface changes miniupnpd need to be restarted.
You will need additional scripts to clean existing port forwarding rules.
To reload existing rules to the new network interface you could use the lease file feature of miniupnpd _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
weixing979
Joined: 16 Feb 2023 Posts: 6 Location: china
|
Posted: Fri Feb 17, 2023 6:10 am Post subject: |
|
|
Thank you for your reply.
Scenario 1 My OS is Linux OpenWrt 5.4.179 #0 SMP Thu Jan 5 03:03:09 2023 aarch64 GNU/Linux
it use netfilter iptables.
Scenario 2
I have create scripts to clean existing port forwarding rules when miniupnpd is stoped.
I have set lease file parameter '/var/run/miniupnpd.leases'
and I checked it's contents,it has the port mapping rules.
So under these conditions ,if the external interface is changed from ccmni1 to ccmni2, I just need modify the external interface in the config file and restart miniupnpd . is it right? |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1592
|
Posted: Fri Feb 17, 2023 1:23 pm Post subject: |
|
|
scenario 1.
The IPTABLES entries created by miniupnpd don't depend on the IP address of the WAN interface, so I think everything will be OK
Please check the IPTABLES entries anyway.
scenario 2.
I don't remember well if the IPTABLES entries created by miniupnpd depends on the WAN interface name. If that is not the case, you won't even need to clean/reload existing rules.
Please have a look by yourself.
you can used the provided iptables_display.sh / iptables_display_miniupnpd.sh to show them. _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
weixing979
Joined: 16 Feb 2023 Posts: 6 Location: china
|
Posted: Tue Feb 21, 2023 2:24 am Post subject: |
|
|
Hello
below is the rules created by miniupnpd
Chain MINIUPNPD (0 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:17819 to:192.168.1.143:54321
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:17819 to:192.168.1.143:12345
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:57572 to:192.168.1.143:6763
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:57572 to:192.168.1.143:57572
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6761 to:192.168.1.143:6761
Chain MINIUPNPD-POSTROUTING (0 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE tcp -- * * 192.168.1.143 0.0.0.0/0 tcp spt:54321 masq ports: 17819
0 0 MASQUERADE udp -- * * 192.168.1.143 0.0.0.0/0 udp spt:12345 masq ports: 17819
0 0 MASQUERADE tcp -- * * 192.168.1.143 0.0.0.0/0 tcp spt:6763 masq ports: 57572
0 0 MASQUERADE udp -- * * 192.168.1.143 0.0.0.0/0 udp spt:57572 masq ports: 57572
0 0 MASQUERADE tcp -- * * 192.168.1.143 0.0.0.0/0 tcp spt:6761 masq ports: 6761
I found a way to process Scenario 1 and Scenario 2, when the wan re-attach , I restart the miniupnd will be OK.
(It consists of several steps,
1 stop miniupnpd,clean the port mapping rules.
2 start miniupnpd , reload the port mapping rules from the lease file )
BTW: if miniupnpd don't depend on the IP and WAN interface name, can port mapping rules be created ? |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1592
|
Posted: Tue Feb 21, 2023 7:38 am Post subject: |
|
|
Quote: | BTW: if miniupnpd don't depend on the IP and WAN interface name, can port mapping rules be created ? |
the way MINIUPNPD chain is called depends on the WAN interface name or address. _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
weixing979
Joined: 16 Feb 2023 Posts: 6 Location: china
|
Posted: Tue Feb 21, 2023 8:07 am Post subject: |
|
|
Ok,I have found the method.
Thank you very much. |
|
Back to top |
|
|
|