MiniUPNPd patched for routed network

Ostatní
User avatar
Ashus
Administrátor
Posts: 417
Joined: 07. 07. 2007 10:51
Location: Ostrava - Polanka nad Odrou
Contact:

MiniUPNPd patched for routed network

Postby Ashus » 18. 03. 2014 18:14

If you have tried to forward UDP packets of UPNP (dynamic NAT port forwarding) to another network (you may have NAT further away from you), you need a little workaround for miniupnpd server to accept addresses that are not bound to any interface. The message in debug reads following: miniupnpd[3605]: get_lan_for_peer(): 192.168.5.25:1900 not found !


Let's say we have main router A, that NATs traffic of clients at A and router B. Router A also shapes traffic, so we can't use NAT on B natively and just forward everything to A. We need to forward UPNP and nat-PMP requests from clients of B to the router A. Clients of A have IP range 192.168.1.0/24, clients of B 192.168.5.0/24. The router A has IP 192.168.1.1 and 192.168.2.1 on p2p link with B. Router B has IPs 192.168.5.1 and 192.168.2.2 on p2p link with A.

Getting NAT-PMP to work is really easy, only one line is required in the firewall of B:

Code: Select all

# NAT-PMP relay
iptables -t nat -A PREROUTING -i eth0 -p udp -d 192.168.5.1 --dport 5351 -j DNAT --to-destination 192.168.2.1

To route multicast traffic, you need to use smcroute on B. Configuration must be done per-IP:

Code: Select all

function smcroute_ip {
    smcroute -a "$2" "$1" 239.255.255.250 wlan0
}

smcroute -a wlan0 192.168.2.1 239.255.255.250 eth0

for (( i = 2 ; i <= 254 ; i++ )); do           # one subnet
        smcroute_ip "192.168.5.$i" eth0
        done

Interface wlan0 is uplink p2p interface; eth0 is LAN on router B.


Also you need to accept and NAT some packets through your router B or even increase the TTL. Edit the firewall of B once again:

Code: Select all

# uPNP relay
iptables -A FORWARD -s 192.168.2.1 -m pkttype --pkt-type multicast -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -d 192.168.5.1 -p tcp --dport 1902 -j DNAT --to 192.168.2.1
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.1 -p udp --dport 1900 -j SNAT --to 192.168.5.1
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.1 -p udp --sport 1900 -j SNAT --to 192.168.5.1
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.1 -p tcp --dport 2869 -j SNAT --to 192.168.5.1

# uPNP relay - increase TTL (may not be required)
iptables -t mangle -A PREROUTING -i wlan0 -d 239.255.255.250 -j TTL --ttl-inc 1
iptables -t mangle -A PREROUTING -i eth0 -d 239.255.255.250 -j TTL --ttl-inc 1

MiniUPNPd has to run on router A, but we need to custom-compile it first.
First of all read INSTALL file, it's pretty straightforward.

Edit upnputils.c and look for segments below:

Code: Select all

/* by ashus - start */
...
    if (strncmp( dbg_str, "192.168.5.", 10) == 0)
...
            if (strncmp( lan_addr->ifname, "eth0.6", 6) == 0)
...
/* by ashus - end */
Pay close attention to edit "192.168.5." to your subnet and number 10 after that to its string length. Also do exactly the same with interface of p2p link - "eth0.6", 6.

Edit minissdp.c and look for segments below:

Code: Select all

/* by ashus - start */
        if (strcmp( lan_addr->str, "192.168.2.1") == 0)
            {
            strcpy(lan_addr->str, "192.168.5.1");
...
/* by ashus - end */
Edit "192.168.2.1" to your router A's p2p link IP and the router B's LAN IP - "192.168.5.1".

Configuration of /etc/miniupnpd/miniupnpd.conf must also contain listening_ip=eth0.6 with your p2p interface and http_port=1902 (fixed). I also recommend using secure_mode=yes for extra protection.
Attachments
miniupnpd-1.8.20140523-ashus.tgz
(190.68 KiB) Downloaded 3 times
Image
Coffee phreak!

Who is online

Users browsing this forum: No registered users and 1 guest

cron