miniupnp.tuxfamily.org Forum Index miniupnp.tuxfamily.org
The forum about miniupnp and libnatpmp
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Compile and build for Ti AR7 NSP ADSL Router
Goto page Previous  1, 2
 
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Compilation/Installation
View previous topic :: View next topic  
Author Message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1589

PostPosted: Sat Dec 22, 2007 4:24 pm    Post subject: Reply with quote

I don't know exactly how your iptables chains look but iptable -R seems to be perfect for changing the corresponding rules when your WAN IP changes.
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
mstombs



Joined: 16 Dec 2007
Posts: 23

PostPosted: Sat Dec 22, 2007 10:08 pm    Post subject: Reply with quote

miniupnp wrote:
I don't know exactly how your iptables chains look but iptable -R seems to be perfect for changing the corresponding rules when your WAN IP changes.


Unfortunately I am working around the Ti 'core logic' that adds user port forwards from the web gui with various custom game profiles, DMZ is optional, so I don't know what number rule I need to change. I suspect the core logic 'inserts' new port forward rules and 'Adds the dmz rule'.

uTorrent at least seems quite happy with this at the moment - I can "killall pppd" to drop the WAN connection and it comes back with a new IP every time.

[edit]I have found a way to identify the miniupnp divert rule using the following bash commands:

Code:
ln=$(iptables -t nat -L PREROUTING -vn --line-numbers | grep MINIUPNP)
n=${ln%% *}


and a simple way to identify a DMZ rule automatically - which on my router it appears as

Code:
 31 11334 DNAT       all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0          to:192.168.1.2


is

Code:
ln=$(iptables -t nat  -nL PREROUTING --line-numbers|grep all|grep DNAT)
n=${ln%% *}


So a snip of the control script needed to replace or insert the divert is

Code:
DIVERT(){
#check if entry already there
   ln=$($IPTn -nL PREROUTING --line-numbers|grep $MUD)
   n=${ln%% *}
   if [ "$n" -gt "0" ];then #replace
      $IPTn -R PREROUTING $n -d $WIP -i $WIF -j $MUD
   else #new
#check for DMZ
      ln=$($IPTn -nL PREROUTING --line-numbers|grep all|grep DNAT)
      n=${ln%% *}
      if [ "$n" -gt "0" ];then #insert so goes above DMZ
         $IPTn -I PREROUTING $n -d $WIP -i $WIF -j $MUD
      else
         $IPTn -A PREROUTING -d $WIP -i $WIF -j $MUD
      fi
   fi
}


may also be useful for others that like to have the WAN IP explicitly quoted in the primary divert rule (security paranoia?).


Last edited by mstombs on Wed Apr 02, 2008 11:13 am; edited 4 times in total
Back to top
View user's profile Send private message
mstombs



Joined: 16 Dec 2007
Posts: 23

PostPosted: Sat Dec 22, 2007 10:23 pm    Post subject: Reply with quote

miniupnp wrote:

What do you call "IGD presentation mode" ?
If it is the sending of SSDP Notify messages, I think you can edit the minissdp.c file and play with functions like SendSSDPNotifies() or SendSSDPNotifies2()


I will have a look to see what tomato does - port mapping works but windows doesn't get the IGD icon. It has a GUI tick box to enable/disable "Show In My Network Places" as well as upnp.

Quote:
maybe the simplest thing to do in your case is to change the GetStatusInfo() function in upnpsoap.c to directly read /proc/uptime and totally forget startup_time Smile GetStatusInfo() could also be improved to return accurate informations about the connection status.


I will have a go at this - just copy your code that reads /proc/uptime from the initial read!

I've seen code that reads the ADSL proc status as "Training" and "Showtime", can any string go in that message in place of "Connected" which I see from the windows status? (Guess I can easily find out!).

By the way - I will share all my code tweaks - all protected by #ifdef's but need a bit of tidying before you laugh at my amateur code!
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1589

PostPosted: Sat Dec 22, 2007 10:48 pm    Post subject: Reply with quote

mstombs wrote:
miniupnp wrote:

What do you call "IGD presentation mode" ?
If it is the sending of SSDP Notify messages, I think you can edit the minissdp.c file and play with functions like SendSSDPNotifies() or SendSSDPNotifies2()


I will have a look to see what tomato does - port mapping works but windows doesn't get the IGD icon. It has a GUI tick box to enable/disable "Show In My Network Places" as well as upnp.

I think it has to do with the presence of the presentationURL into the XML root description of the device. Would be a pain to change that Smile
mstombs wrote:
Quote:
maybe the simplest thing to do in your case is to change the GetStatusInfo() function in upnpsoap.c to directly read /proc/uptime and totally forget startup_time Smile GetStatusInfo() could also be improved to return accurate informations about the connection status.


I will have a go at this - just copy your code that reads /proc/uptime from the initial read!

I've seen code that reads the ADSL proc status as "Training" and "Showtime", can any string go in that message in place of "Connected" which I see from the windows status? (Guess I can easily find out!).

From what I read from the UPnP specs, allowed values for ConnectionStatus are :
Unconfigured, Connecting, Authenticating, Connected, PendingDisconnect, Disconnecting, Disconnected

I also read that Uptime should be the uptime of the Internet connection, not of the device Wink

mstombs wrote:
By the way - I will share all my code tweaks - all protected by #ifdef's but need a bit of tidying before you laugh at my amateur code!

_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
mstombs



Joined: 16 Dec 2007
Posts: 23

PostPosted: Sun Mar 02, 2008 8:49 pm    Post subject: Reply with quote

Hi,

I have now upgraded to the latest 20080224 distro - there is one minor issue in miniupnp.c - you haven't compiled without NATPMP recently I guess?

I'm afraid my XP PC does not like the new L3F_SERVICE, for some reason the Presentation URL does not always get through (comfirmed by viewing with Noël Danjou's upnptest), so the router doesn't appear in "Network Connections" - port forwarding still works though, and the alternative "dummy" service still work fine, so I'm sticking with that for now.

I have a question about the new lease file, which I'm sure will be very useful- it seems to retain entries after the port forward is removed - is this deliberate and for how long?

Example

Code:

Chain MINIUPNPD (1 references)
 pkts bytes target     prot opt in     out     source               destination
    2   315 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:13411 to:192.168.1.2:13411
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:13411 to:192.168.1.2:13411

/var # cat tmp/upnp.leases
UDP:1479:192.168.1.2:1963:svchost (192.168.1.2:1963) 1479 UDP
TCP:62026:192.168.1.2:62026:utorrent
UDP:50126:192.168.1.2:3945:svchost (192.168.1.2:3945) 50126 UDP
TCP:41234:192.168.1.2:41234:Skype
UDP:41234:192.168.1.2:41234:Skype
UDP:20167:192.168.1.2:1764:svchost (192.168.1.2:1764) 20167 UDP
TCP:20009:192.168.1.2:20009:utorrent
UDP:13411:192.168.1.2:13411:NAT-PMP 3626
TCP:13411:192.168.1.2:13411:NAT-PMP 3626


The NAT-PMP entry is also uTorrent

Thanks again for the great project!


Last edited by mstombs on Mon Mar 03, 2008 11:09 am; edited 4 times in total
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1589

PostPosted: Mon Mar 03, 2008 12:55 am    Post subject: Reply with quote

mstombs wrote:
Hi,

I have no upgraded to the latest 20080224 distro - there is one minor issue in miniupnp.c - you haven't compiled without NATPMP recently I guess?

No... and the next distro will work better Smile sorry for the errors.
mstombs wrote:

I'm afraid my XP PC does not like the new L3F_SERVICE, for some reason the Presentation URL does not always get through, so the router doesn't appear in "Network Connections" - port forwarding still works though, and the alternative "dummy" service still work fine, so I'm sticking with that for now.

I'm going to fix that presentation URL stuff.
mstombs wrote:

I have a question about the new lease file, which I'm sure will be very useful- it seems to retain entries after the port forward is removed - is this deliberate and for how long?

Example

Code:

Chain MINIUPNPD (1 references)
 pkts bytes target     prot opt in     out     source               destination
    2   315 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:13411 to:192.168.1.2:13411
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:13411 to:192.168.1.2:13411

/var # cat tmp/upnp.leases
UDP:1479:192.168.1.2:1963:svchost (192.168.1.2:1963) 1479 UDP
TCP:62026:192.168.1.2:62026:utorrent
UDP:50126:192.168.1.2:3945:svchost (192.168.1.2:3945) 50126 UDP
TCP:41234:192.168.1.2:41234:Skype
UDP:41234:192.168.1.2:41234:Skype
UDP:20167:192.168.1.2:1764:svchost (192.168.1.2:1764) 20167 UDP
TCP:20009:192.168.1.2:20009:utorrent
UDP:13411:192.168.1.2:13411:NAT-PMP 3626
TCP:13411:192.168.1.2:13411:NAT-PMP 3626


The NAT-PMP entry is also uTorrent

Thanks again for the great project!

In fact I haven't tested this feature much, i'm personnaly using miniupnpdctl to list redirections. I will test further in order to track bugs.
Thanks for the feedback !
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
mstombs



Joined: 16 Dec 2007
Posts: 23

PostPosted: Mon Mar 03, 2008 11:06 am    Post subject: Reply with quote

Thanks, the lease_file entries may be related with stopping and re-starting the miniupnpd task. The upnp presentation URL issue may be my windows XP issue, I've noticed the Internet Gateway icon disappear before, only to return when machine rebooted, so testing and reliability of results an issue!
Back to top
View user's profile Send private message
mstombs



Joined: 16 Dec 2007
Posts: 23

PostPosted: Wed Apr 02, 2008 11:01 am    Post subject: Reply with quote

Routertech firmware version 2.5 for a wide range of Ti AR7 ADSL routers has now been released over at www.routertech.org.

The upnp daemon is miniupnpd based on the latest distribution

08/03/2008

compiled with NAT-PMP and L3 service and implemented with secure mode on and low number TCP/IP ports blocked by default. NAT-PMP is disabled by default but users can turn it on (and upnp off) as well as change other options by writing to the conf file via nvram environment variable commands.

Additionally the upnpd daemon now works (doesn't crash the router running the microsoft IGD test, for example) and has a lower flash and ram requirement than the old Ti origin linux-igd it replaces.

Yet to get feedback from users, if it works all thanks to miniupnp, if it doesn't its probably due to the way it is patched into the router core-logic - but because it is Linux with neat source I'm sure any any issues can be resolved - and additional features added when available.
Back to top
View user's profile Send private message
mstombs



Joined: 16 Dec 2007
Posts: 23

PostPosted: Wed Jul 23, 2008 10:38 pm    Post subject: Reply with quote

RouterTech 2.5 had over 5000 downloads, and no upnp problems reported, some percentage must be using upnp (in previous versions users were recommended not to use upnp!). The binary and control script has also been copied into a version of non-RouterTech firmware

http://forum1.netgear.com/showpost.php?p=119503&postcount=10

I noticed a small error of my own, calling "upnpd" without parameters caused a segfault and not display usage. Routertech 2.6 now released with this bug fixed, miniupnpd version upgraded to "Version: 20080427", a new compiler based on OpenWRT gcc 4 also used and the binary now 10% smaller than previous version (95K) .

Code:
/var # ls -laF /usr/sbin
-rwxr-xr-x    1 1001     1001         3124 Jul  5 13:36 miniupnpcmd.sh*
-rwxr-xr-x    1 1001     1001        93636 Jul 23 00:32 upnpd*

/var # upnpd
Miniupnpd pretending to be upnpd in RouterTech Firmware
Usage: upnpd <external ifname> <internal ifname> [optional debug flag]
Example: upnpd ppp0 br0 1
Add extra miniupnpd options via /etc/upnp.conf
Version: 20080427
See http://miniupnp.tuxfamily.org/ for further info


I didn't enable events, do these messages suggest they should be enabled for emule?

http://forum.amule.org/index.php?topic=14253.0

Thanks again for the software!


Last edited by mstombs on Thu Jul 24, 2008 4:03 pm; edited 2 times in total
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1589

PostPosted: Wed Jul 23, 2008 11:19 pm    Post subject: Reply with quote

The links you are giving is talking about aMule (not eMule) being not happy without SUBSCRIBE support. Anyway they seems to have resolved the issue in aMule sources.
Anyway I'm looking for an eMule (win32) user that could help me see if compatibility problems between eMule and miniupnpd can be solved.

So unless it is proved that some clients NEED Eventing support, I advise you not to enable it. It will just make the executable bigger without providing any usefull feature, because miniupnpd still don't send any event when the public IP changes or when connectivity is lost, and that would be only events that could be reported to subscribed clients.
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
mstombs



Joined: 16 Dec 2007
Posts: 23

PostPosted: Thu Jul 24, 2008 10:19 am    Post subject: Reply with quote

Thanks, sorry I don't know anything about mules!

Seems as though miniupnpd working fine though, and error messages have helped them to fix old problems with libupnp as well!
Back to top
View user's profile Send private message
mstombs



Joined: 16 Dec 2007
Posts: 23

PostPosted: Wed Oct 08, 2008 7:47 pm    Post subject: Reply with quote

RouterTech 2.7 now released - with minupnpd unchanged from 20080427 (because no need reported!), will look to catch up to latest distro in future. One question - I have noticed the bash script we use to create the MINIUPNPD tables and change the primary diverts on WAN IP change is very heavy on CPU and ram when it runs - any thoughts on doing these functions inside the binary with libiptc calls - presumably it would be much more efficient?
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1589

PostPosted: Wed Oct 08, 2008 9:36 pm    Post subject: Reply with quote

Is that mandatory to change something when the WAN IP changes ?
I removed the mention of this ip from the initial rules...
Code:
#adding the MINIUPNPD chain for nat
$IPTABLES -t nat -N MINIUPNPD
#adding the rule to MINIUPNPD
$IPTABLES -t nat -A PREROUTING -i $EXTIF -j MINIUPNPD

#adding the MINIUPNPD chain for filter
$IPTABLES -t filter -N MINIUPNPD
#adding the rule to MINIUPNPD
$IPTABLES -t filter -A FORWARD -i $EXTIF -o ! $EXTIF -j MINIUPNPD

_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
mstombs



Joined: 16 Dec 2007
Posts: 23

PostPosted: Wed Oct 08, 2008 10:18 pm    Post subject: Reply with quote

One version of our firmware kills miniupnpd on WANIP change - probably as a patch to the old upnpd that had memory leaks etc. The script currently cleans up the nat PREROUTING and FORWARD on exit, then re-inserts on reload. As above we have binary only 'core logic' to workaround, have to insert the rules in the correct place.

I left the divert which explicitly checks the correct destination IP from security paranoia view - that's just what the older upnpd did - in every rule, not via new chain.

I suspect most ISPs only forward stuff directly addressed to an adsl modem, so probably not needed, a hacker inside the ISP would know the IP address...
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Compilation/Installation All times are GMT
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP
© 2007 Thomas Bernard, author of MiniUPNP.