Author Topic: MiniUPNPD setup and configuration help  (Read 13574 times)

ccarpenter

  • Zen Monk
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
MiniUPNPD setup and configuration help
« on: November 21, 2012, 01:42:23 am »
I have installed MiniUPNPd for UPNP from the Quantal repository. I am using the latest Zentyal 3 version. No problems with the install whatsoever, its the configuration that has me puzzled. I was looking at the clearOS forum because they have this package for their OS and others have helped. Here is the url I was looking at:
http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,21002/

So I already have it installed and set the WAN interface to be my eth1 port and the listening IP Address to be 10.1.1.5 which is my lan IP Address on eth0. The part that I can't figure out is it implies that I have to make a manual entry in my IPTABLES for it to work. The instructions mention a script that runs during firewall start so I looked up the hooks for Zentyal and it says to use firewall.postservice for firewall scripts. So as root I created a file in /etc/zentyal/hooks/firewall.postservice and added the IPTABLES code:

##
#MINIUPNPD required tables
##
IPTABLES=/sbin/iptables
#EXTIF=  (not required as uses automagic to determine WAN, can be manually specified)
#adding the MINIUPNPD chain for nat
$IPTABLES -t nat -N MINIUPNPD
#adding the rule to MINIUPNPD
$IPTABLES -t nat -A PREROUTING -i $EXTIF -j MINIUPNPD

#adding the MINIUPNPD chain for filter
$IPTABLES -t filter -N MINIUPNPD
#adding the rule to MINIUPNPD
$IPTABLES -t filter -A FORWARD -i $EXTIF -o ! $EXTIF -j MINIUPNPD

On firewall restart it doesn't complain about an error, but when I run: iptables -L there are not listings for MINIUPNPD.

When I restart the miniupnpd service it does add its own chain but there are no values under it.

Just trying to get help from anyone who has worked with this. Thank you.

ccarpenter

  • Zen Monk
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Re: MiniUPNPD setup and configuration help
« Reply #1 on: November 21, 2012, 03:45:14 pm »
Just following up. It was an insight on my part. I forgot to make the firewall.postservice executable. So that is fixed now. My next issue is in the actual script to add the rules. Here is the output when it tries to run:

chris@ubuntu:/sbin$ sudo /etc/init.d/zentyal firewall restart
 * Restarting Zentyal module: firewall                                   [fail]
root command /etc/zentyal/hooks/firewall.postservice 1 failed.
Error output: Bad argument `MINIUPNPD'
 Try `iptables -h' or 'iptables --help' for more information.
 iptables v1.4.12: cannot have ! before -j
 Try `iptables -h' or 'iptables --help' for more information.

It seems there is an issue, but the user-defined chain is clearly defined with "$IPTABLES -t nat -N MINIUPNPD" when it adds the MINIUPNPD chain to the nat table. Any ideas?

ccarpenter

  • Zen Monk
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Re: MiniUPNPD setup and configuration help
« Reply #2 on: November 21, 2012, 08:46:49 pm »
From all the messing around I have done with this it seems that there is a syntax error in the code I copied. In the last line it doesn't like the "!". I simplified the code as follows just to see if it'll work.

iptables -t nat -N MINIUPNPD
iptables -t nat -I PREROUTING -j MINIUPNPD
iptables -t filter -N MINIUPNPD
iptables -t filter -I FORWARD -j MINIUPNPD

I can now successfully restart the firewall service and all seems ok now except that it still isn't forwarding ports. I can run this on the iptables:
chris@ubuntu:~$ sudo iptables -L | grep -i upnp
MINIUPNPD  all  --  anywhere             anywhere
Chain MINIUPNPD (1 references)

So it shows there are rules in iptables now and I made sure miniupnpd is running. Not sure what else to check really. I am no iptables expert by any means so if someone else is and could let me know if I'm doing something wrong that would be great.

Also for debug purposes I will list my config files and setup info:

eth0 - lan - 10.1.1.5
eth1 - wan - Dynamic IP from ISP

/etc/miniupnpd/miniupnpd.conf
##############################################
# WAN network interface. If not supplied here, then
# we're going to use /etc/default/miniupnpd
ext_ifname=eth1

# if the WAN interface has several IP addresses, you
# can specify the one to use below. If you use the
# interface name defined in /etc/default/miniupnpd, then
# the init.d script will calculate it for you, so in most
# cases, you wont need to define it here.
#ext_ip=

# LAN network interfaces IPs / networks
# there can be multiple listening ips for SSDP traffic.
# should be under the CIDR form, eg: nnn.nnn.nnn.nnn/zz
# where zz is the netmask (number of bits with value 1)
#
# HTTP is available on all interfaces
# When MULTIPLE_EXTERNAL_IP is enabled, the external ip
# address associated with the subnet follows. for example :
# listening_ip=192.168.0.1/24 88.22.44.13
# listening_ip=192.168.0.1/24
# listening_ip=192.168.1.1/24
listening_ip=10.1.1.5/24

# port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
port=0

# path to the unix socket used to communicate with MiniSSDPd
# If running, MiniSSDPd will manage M-SEARCH answering.
# default is /var/run/minissdpd.sock
#minissdpdsocket=/var/run/minissdpd.sock

# enable NAT-PMP support (default is no)
enable_natpmp=yes

# enable UPNP support (default is yes)
enable_upnp=yes

# chain names for netfilter (not used for pf or ipf).
# default is MINIUPNPD for both
#upnp_forward_chain=MINIUPNPD
#upnp_nat_chain=MINIUPNPD

# lease file location
#lease_file=/var/lib/miniupnp/upnp.leases

# bitrates reported by daemon in bits per second
bitrate_up=1000000
bitrate_down=10000000

# "secure" mode : when enabled, UPnP client are allowed to add mappings only
# to their IP.
secure_mode=yes

# default presentation url is http address on port 80
# If set to an empty string, no presentationURL element will appear
# in the XML description of the device, which prevents MS Windows
# from displaying an icon in the "Network Connections" panel.
#presentation_url=http://www.mylan/index.php

# report system uptime instead of daemon uptime
system_uptime=yes

# notify interval in seconds. default is 30 seconds.
notify_interval=60

# unused rules cleaning.
# never remove any rule before this threshold for the number
# of redirections is exceeded. default to 20
#clean_ruleset_threshold=20

# clean process work interval in seconds. default to 0 (disabled).
# a 600 seconds (10 minutes) interval makes sense
clean_ruleset_interval=600

# log packets in pf (default is no)
#packet_log=no

# anchor name in pf (default is miniupnpd)
#anchor=miniupnpd
# ALTQ queue in pf
# filter rules must be used for this to be used.
# compile with PF_ENABLE_FILTER_RULES (see config.h file)
#queue=queue_name1

# tag name in pf
#tag=tag_name1

# make filter rules in pf quick or not. default is yes
# active when compiled with PF_ENABLE_FILTER_RULES (see config.h file)
#quickrules=no

# uuid : generate your own with "make genuuid"
uuid=fb1e5c36-2e31-4947-831d-cb836d0b0f2b

# serial and model number the daemon will report to clients
# in its XML description
serial=173
model_number=173

# UPnP permission rules
# (allow|deny) (external port range) ip/mask (internal port range)
# A port range is <min port>-<max port> or <port> if there is only
# one port in the range.
# ip/mask format must be nn.nn.nn.nn/nn
# it is advised to only allow redirection of port above 1024
# and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
#allow 12345 192.168.7.113/32 54321
#allow 1024-65535 192.168.0.0/16 1024-65535
#allow 1024-65535 10.0.0.0/8 1024-65535
allow 1024-65535 10.1.1.0/24 1024-65535
deny 0-65535 0.0.0.0/0 0-65535





/etc/default/miniupnpd
##############################################
# Set to 1 to start the daemon. Desactivated by default, because
# you don't want the outside to control your UPnP router, and
# as a consequence MiniUPnPd_LISTENING_IP should be set to a
# reasonable value before enabling the daemon.
START_DAEMON=1

# Define here the external interface connected to the WAN (eg: the public
# IP address NIC)
MiniUPnPd_EXTERNAL_INTERFACE=eth1

# IP that the daemon should listen on.
# Note that you do *not* want this to be 0.0.0.0, as you don't want
# your MiniUPnPd to be controled by anyone on the internet.
MiniUPnPd_LISTENING_IP=10.1.1.5/24

# This defines other options which you might want to use when
# starting MiniUPnPd. Note that the -S option is important:
# -S sets "secure" mode : clients can only add mappings to their own ip
# (see man page)
MiniUPnPd_OTHER_OPTIONS="-N -f /etc/miniupnpd/miniupnpd.conf"




hang10z

  • Zen Apprentice
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: MiniUPNPD setup and configuration help
« Reply #3 on: October 09, 2013, 09:04:04 pm »
Raising from the dead, I suck at linux... I've been adding tons of repositories but I cannot find this package, I am doing something wrong.. can someone spell out what repository I need to add to my list file so I can install this and get xbox and ps3 working before my son commits a homicide?  LOL thanks...

Huxy

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: MiniUPNPD setup and configuration help
« Reply #4 on: February 21, 2014, 01:22:54 pm »
I managed to get MiniUPnPd working.
I've posted a guide on my blog: http://blog.codeape.co.uk/zentyal-upnp/
Hopefully it might help somebody who's struggling to get it to work.