miniupnp.tuxfamily.org Forum Index miniupnp.tuxfamily.org
The forum about miniupnp and libnatpmp
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Restricting port mappings to certain clients

 
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpc Feature Request
View previous topic :: View next topic  
Author Message
machrider



Joined: 09 Oct 2008
Posts: 4

PostPosted: Fri Oct 10, 2008 12:01 am    Post subject: Restricting port mappings to certain clients Reply with quote

Hi,

I'm a new miniupnpc user, and so far it works great. The one thing I'm wondering is if I can use miniupnpc's UPNP_AddPortMapping() to add a port mapping that is only accessible to a certain external IP address. I want to dynamically create and destroy such mappings, and not have the whole world able to access them while they exist.

Is this possible with the current API? My understanding is that there is a NewRemoteHost parameter in the IGD protocol for this purpose.

Thoughts?

Thanks!
Mike
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1448

PostPosted: Fri Oct 10, 2008 9:45 am    Post subject: Reply with quote

It is indeed possible in the UPnP IGD API. But I think most routers wont accept setting the NewRemoteHost parameter.
What is the router you are using ? we could do the test to see if it supports setting the NewRemoteHost parametter.
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
machrider



Joined: 09 Oct 2008
Posts: 4

PostPosted: Fri Oct 10, 2008 3:24 pm    Post subject: Reply with quote

Yeah, I'm starting to realize that. I saw that the source to AddPortMapping has the NewRemoteHost parameter already. I patched the source to actually pass a value in that field, and my Linksys router promptly ignored it. It still allowed connections from any remote host.

I have another router I'm going to test this on (a CradlePoint unit). The thing is, our router selection for this project hasn't been made, so if there is one out there that obeys the NewRemoteHost parameter, it's possible we'll choose that one (assuming it has the other features we need).
Back to top
View user's profile Send private message
machrider



Joined: 09 Oct 2008
Posts: 4

PostPosted: Mon Oct 13, 2008 9:25 pm    Post subject: Reply with quote

FollowUp: The CradlePoint router (an MBR1000) respects the NewRemoteHost parameter. It seems to drop packets on the floor for anyone who isn't explicitly allowed to access the port.

Edit: Hm, I can't seem to remove the mapping on this router, though. It gives me an error 714 (NoSuchEntryInArray). The same code successfully removed the mapping on the Linksys router. Any idea why that wouldn't work on this router?
Back to top
View user's profile Send private message
machrider



Joined: 09 Oct 2008
Posts: 4

PostPosted: Mon Oct 13, 2008 11:04 pm    Post subject: Reply with quote

Ok, I figured it out. I had to specify the NewRemoteHost in the delete mapping call, too, otherwise it didn't match any mappings in the router's table. Now I've got it working 100% the way I want it. Smile
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1448

PostPosted: Tue Oct 14, 2008 5:33 pm    Post subject: Reply with quote

thanks for the informations and testing !
I'm adding the RemoteHost parameter to miniupnpc APIs
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
Babblu0



Joined: 08 Apr 2015
Posts: 1
Location: Fsd

PostPosted: Wed Apr 08, 2015 6:48 am    Post subject: Reply with quote

just a suggestion: it think it would be useful if the nat-pmp client features could be rolled into miniupnpc - ie miniupnpc now becomes a generic client library for all port mapping requests, regardless of the gateway protocol.
Back to top
View user's profile Send private message
yakovmotog



Joined: 18 Jul 2016
Posts: 13

PostPosted: Thu Aug 04, 2016 2:13 am    Post subject: Retrieve iaddr to use for UPNP_AddAnyPortMapping inClient Reply with quote

miniupnp wrote:
thanks for the informations and testing !
I'm adding the RemoteHost parameter to miniupnpc APIs

Could you please advise why is the iaddr should be provided as as upnpc command line argument to pass it as internalClient IP paramter inClient passed to UPNP_AddAnyPortMapping:
AddPortMappingArgs[4].val = inClient;

This is local Control Point upnp client IP address, can't it be retrieved instead of passing as commandargv[0] ?
Thanks
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1448

PostPosted: Fri Aug 05, 2016 10:17 pm    Post subject: Re: Retrieve iaddr to use for UPNP_AddAnyPortMapping inCli Reply with quote

yakovmotog wrote:
miniupnp wrote:
thanks for the informations and testing !
I'm adding the RemoteHost parameter to miniupnpc APIs

Could you please advise why is the iaddr should be provided as as upnpc command line argument to pass it as internalClient IP paramter inClient passed to UPNP_AddAnyPortMapping:
AddPortMappingArgs[4].val = inClient;

This is local Control Point upnp client IP address, can't it be retrieved instead of passing as commandargv[0] ?
Thanks

I don't understand your question.
Don't forget that upnpc.c command line tool is just sample code, it should be rewritten to suit your needs.
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpc Feature Request All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP
© 2007 Thomas Bernard, author of MiniUPNP.