miniupnp.tuxfamily.org Forum Index miniupnp.tuxfamily.org
The forum about miniupnp and libnatpmp
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Basic configuration problem

 
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Compilation/Installation
View previous topic :: View next topic  
Author Message
Riel



Joined: 12 Feb 2010
Posts: 5

PostPosted: Fri Feb 12, 2010 10:56 pm    Post subject: Basic configuration problem Reply with quote

I am trying to use miniupnpd on my network, but Upnp protocol is quite a mystery to me, so I wonder how to set up everything in place.

My configuration is the following :
- a private network 192.168.103/24 containing Upnp server (192.168.103.2)
- a dmz network 192.168.102/24 containg Upnp clients
- a freeBSD firewall between both, with 192.168.103.245 on interface sis0 and 192.168.102.32 on interface sis2. The firewall applies NAT to all traffic going from the private network to the dmz.

What I need is to make the Upnp clients see the server, but I'm not sure of what my configuration file should contain. I used :
Code:
ext_ifname=sis2
listening_ip=192.168.102.32

but this does not seem to work (despite having added hooks in the pf configuration). Can someone tell me if this two options are the good ones or if I missed the point ?

Thanks,
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1494

PostPosted: Sat Feb 13, 2010 9:37 am    Post subject: Reply with quote

Usually UPNP is used for letting clients on a private network access the Internet !
It is not designed to command gateways between two private networks
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
Riel



Joined: 12 Feb 2010
Posts: 5

PostPosted: Sat Feb 13, 2010 11:53 am    Post subject: Reply with quote

Too bad. I though the same daemon could do the job for me Sad I do not really see a difference between private/internet and private/private network... Any clue of how I could make things work in my case ?

Anyway, thank you very much for your quick answer ! Smile
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1494

PostPosted: Sat Feb 13, 2010 2:11 pm    Post subject: Reply with quote

Well in the first place I dont understand why you need NAT between 192.168.103/24 and 192.168.102/24.
What are you trying to do ?
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
Riel



Joined: 12 Feb 2010
Posts: 5

PostPosted: Sat Feb 13, 2010 4:22 pm    Post subject: Reply with quote

Well, problem is that servers in the dmz network (192.168.102/24) use DHCP and have their default gateway on a router provided by my ISP (a freebox) and I cannot add a route to 192.168.103/24 on this equipment.

So, if a computer in the DMZ tries to access my Upnp server without doing any NAT, packets will be sent to my freebox, which will drop them or route them on internet, or whatever (but never sending them where I want to, on my private network through my firewall).

That's why I need some translation of some kind. Currently I am compiling a new BSD kernel to use mrouted to forward multicast upnp packets, and using a binat 192.168.102.2 <-> 192.168.103.2, but I do not know if this will be enough for Upnp to work (especially if dynamic ports are used...)
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1494

PostPosted: Sun Feb 14, 2010 9:00 am    Post subject: Reply with quote

Indeed it is impossible to add a route to the freebox. Thats a shame.
What I'll do is set the freebox in bridge mode and use the freebsd box as router. 3 network interfaces on the box : 1 for the internet (freebox), 1 for 192.168.102/24 and one for 192.168.103/24. That way you'll be able to do whatever you want with routing and filtering.
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
Riel



Joined: 12 Feb 2010
Posts: 5

PostPosted: Sun Feb 14, 2010 10:24 am    Post subject: Reply with quote

Yeah, too bad we cannot mess somewhat more with a freebox ! Adding this route would make the trick (the goal is in fact ot make the freebox access the upnp server on the private network)

Thanks for your suggestion. I already considered it, but that would require lots of changes on a bunch of equipments. I didn't mention that there are also two wifi networks around (one private, on DMZ), some VPN, etc Wink.

Just to make things clear to me, if I :
- make multicast go through my BSD firewall
- do basic (IP) translation to masquerade the Upnp server
should things work or is the Upnp protocol too tricky for that ? I guess it will not work (hence miniupnpd), but my knowledge of this protocol is close from nothing.
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1494

PostPosted: Sun Feb 14, 2010 11:50 am    Post subject: Reply with quote

If I understand,
192.168.103/24 ==(bsd box/NAT)==> 192.168.102/24 ==(freebox NAT)==> Internet.

In that setup, upnp can do nothing for you...
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
Riel



Joined: 12 Feb 2010
Posts: 5

PostPosted: Sun Feb 14, 2010 8:20 pm    Post subject: Reply with quote

Your understanding of the setup is correct. I didn't expect upnp was so hard to put in place with NAT Sad

Thank you very much for your help !
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Compilation/Installation All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP
© 2007 Thomas Bernard, author of MiniUPNP.