View previous topic :: View next topic |
Author |
Message |
curana
Joined: 09 May 2007 Posts: 6
|
Posted: Wed May 09, 2007 8:30 pm Post subject: Rules not loading under FreeBSD? |
|
|
Hi,
I have the problem that I cant control to my NAS-System from my BSD server. I can connect from Windows but my client says sth about UPNP to work. So I wanted to give MiniUPnP a try, but Im not sure if this is the correct tool for this task.
I added the following line to my pf.conf:
rdr-anchor miniupnpd and reloaded my configuration. Btw, there was no directory "miniupnpd" in /etc. But Im not sure if this would be necessary. I compiled the software from the ports.
Then I edited the configfile with the following changes:
ext_ifname=rl0 (I only hv one interface)
listening_ip= my external IP-Address
allow 1024-65535 external IP 1024-65535
This is correct or I mixed sth?
How to set up the software to just allow these UPNP things to one special server, my backupserver?
Thanks for help. |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Thu May 10, 2007 8:37 pm Post subject: Re: Rules not loading under FreeBSD? |
|
|
curana wrote: | Hi,
I have the problem that I cant control to my NAS-System from my BSD server. I can connect from Windows but my client says sth about UPNP to work. So I wanted to give MiniUPnP a try, but Im not sure if this is the correct tool for this task.
I added the following line to my pf.conf:
rdr-anchor miniupnpd and reloaded my configuration. Btw, there was no directory "miniupnpd" in /etc. But Im not sure if this would be necessary. I compiled the software from the ports.
Then I edited the configfile with the following changes:
ext_ifname=rl0 (I only hv one interface)
listening_ip= my external IP-Address
allow 1024-65535 external IP 1024-65535
This is correct or I mixed sth?
How to set up the software to just allow these UPNP things to one special server, my backupserver?
Thanks for help. |
listening_ip should be set to your INTERNAL Ip address.
allow rule should also point to your INTERNAL IP address
Typical conf :
Code: |
listening_ip=192.168.0.1
allow 1024-65535 192.168.0.0/24 1024-65535
deny 0-65535 0.0.0.0/0 0-65535
|
Imagine you want only one machine to be able to have redirection pointing to it
you would have :
Code: |
allow 1024-65535 192.168.1.113/32 1024-65535
deny 0-65535 0.0.0.0/0 0-65535
|
|
|
Back to top |
|
|
curana
Joined: 09 May 2007 Posts: 6
|
Posted: Thu May 10, 2007 9:00 pm Post subject: |
|
|
Thanks for your reply.
I have only an external address. But I guess I need to configure the base system with the external address and the pf-Rules to handle the upnp options?
My server is connected to the internet and has no such internal address. But I need active FTP and UPNP options for accessing another server in my subnet.
See my point? |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Fri May 11, 2007 8:32 am Post subject: |
|
|
curana wrote: | Thanks for your reply.
I have only an external address. But I guess I need to configure the base system with the external address and the pf-Rules to handle the upnp options?
My server is connected to the internet and has no such internal address. But I need active FTP and UPNP options for accessing another server in my subnet.
See my point? |
are you sure you need miniupnpd ?
UPnP IGD (internet gateway device) is useful on the NAT router of your network :
at home, I have my ADSL connection (81.xx.xx.xx routable address ) and 3 LAN subnetworks : 192.168.0.xx, 192.168.1.xx, 192.168.2.xx. My gateway box is doing NAT to allow hosts on LAN subnetworks to access the outside world and UPnP IGD (implemented by miniupnpd) can be used to setup some NAT redirections.
Installing miniupnpd on a box with only one IP doesn't make sense
You need to check what part of UPnP standard your NAS implement. |
|
Back to top |
|
|
curana
Joined: 09 May 2007 Posts: 6
|
Posted: Fri May 11, 2007 8:36 am Post subject: |
|
|
I know it sounds stupid, but somehow I need to find out why I cant connect. Well, maybe you are right and UPNP is not for me
Thanks anyway. |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Sat May 12, 2007 12:53 am Post subject: |
|
|
curana wrote: | I know it sounds stupid, but somehow I need to find out why I cant connect. Well, maybe you are right and UPNP is not for me
Thanks anyway. |
explain exactly how your network is organized and how it is connected to the Internet
I don't understand how it works ! |
|
Back to top |
|
|
curana
Joined: 09 May 2007 Posts: 6
|
Posted: Sat May 12, 2007 6:27 am Post subject: |
|
|
My network is organised like that:
SERVER -> SWITCH IN DATACENTER -> INTERNET
My server is located in a datacenter and I dont have access to the switch/router. Just to my local firewall. I want to connect to a server via "ftp over ssl" and seems this one needs active mode as my windows client switches to UPNP and active to connect. So i thought this would solve my problem as i cant connect via freebsd.
Its complicated |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Sat May 12, 2007 12:28 pm Post subject: |
|
|
curana wrote: | My network is organised like that:
SERVER -> SWITCH IN DATACENTER -> INTERNET
My server is located in a datacenter and I dont have access to the switch/router. Just to my local firewall. I want to connect to a server via "ftp over ssl" and seems this one needs active mode as my windows client switches to UPNP and active to connect. So i thought this would solve my problem as i cant connect via freebsd.
Its complicated |
I still don't know if your server has a public IP address and where is the server you want to connect to via 'ftp over ssl' |
|
Back to top |
|
|
curana
Joined: 09 May 2007 Posts: 6
|
Posted: Sat May 12, 2007 3:39 pm Post subject: |
|
|
I only have a public address. And the server is in the same datacenter and also begins with 82.105.
When I try to connect from the server to the ftp server, i get a timeout. When i connect from my local windows pc, I see some UPNP activity. So i thought if i can implement UPNP on the firewall of my freebsd system, it would work also. But seems even without firewall i get this timeout.
See my point? |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Sun May 13, 2007 12:38 pm Post subject: |
|
|
curana wrote: | I only have a public address. And the server is in the same datacenter and also begins with 82.105.
When I try to connect from the server to the ftp server, i get a timeout. When i connect from my local windows pc, I see some UPNP activity. So i thought if i can implement UPNP on the firewall of my freebsd system, it would work also. But seems even without firewall i get this timeout.
See my point? |
If both machines have Public IPs, UPnP is useless and pointless.
The ftp is likely to fail because of a firewall somewhere.
Check if it fail with both active and passive ftp mode. |
|
Back to top |
|
|
curana
Joined: 09 May 2007 Posts: 6
|
Posted: Sun May 13, 2007 12:42 pm Post subject: |
|
|
I tried. I can access the ftp from home but not from my server. From a linux-machine its said to work with ftp-ssl package. I switched off my firewall (pf) but no use.
Maybe I should give up and waste my time doing sth else |
|
Back to top |
|
|
|