HOWTO_Setup_UPnP_with_IPTables
| Installation • Kernel & Hardware • Networks • Portage • Software • System • X Server • Gaming • Non-x86 • Emulators • Misc |
Requirements
Kernel 2.4 or higher
iptables
route add -net 239.0.0.0 netmask 255.0.0.0 <int_if>
or
ip route add 239.0.0.0/8 dev <int_if>
Instruction
UPnP (Universal Plug n Play) is useful for applications such as Azureus and MSN messenger.
At the present time, all packages required are in portage, and are up-to-date there. This may or may not change in the future. First, pretend to emerge linux-igd to make sure everything is acceptable to you. Then, emerge linux-igd. Libupnp will be pulled in as a dependency.
emerge -av linux-igd
After that, modify /etc/conf.d/upnpd with your internal and external interfaces. Also note that you will need to edit the linux-igd upnpd config file. YOU MUST remove the spaces around the equals signs, as those cause the config file to be read improperly, and may cause headaches if not fixed. If you don't remove the spaces around the equals signs in /etc/linuxigd/upnpd.conf, we will taunt you again.
nano /etc/conf.d/upnpd nano /etc/linuxigd/upnpd.conf
You may now start the service:
su /etc/init.d/upnpd start
If you find that it is not functional, check to see if the daemon is still running. If not, then check your log files for any errors it sent out. Also remember to check all your config files. Again, it has been proven necessary to taunt. Check your configuration files. If there are spaces around the equals signs in the linux-igd config file, you WILL look stupid at parties. If you get error -204, you have a problem with your firewall script. Try Arno's Iptables script, which worked for the original author of this how-to. Remember that iptables is a very case-by-case basis.
Finally, if you are noticing that linux-igd is placing the forwarding rules below a DROP or REJECT rule in your FORWARD chain, you may wish to consider removing the DROP or REJECT rule and instead have the default policy of the FORWARD chain be DROP or REJECT.
Another option to avoid rules getting placed after DROP/REJECT, is to create a separate table for UPnP rules
iptables -N UPNP
and then at the beginning of the FORWARD chain (or somewhere else suitable) just jump to it
iptables -A FORWARD -j UPNP
Then add this table name in /etc/linuxigd/upnpd.conf under forward_chain_name. If the UPNP table is empty, or no rules are matching iptables will just fall back into the parent chain (FORWARD in this case) again.
Iptables config example
This is how i got upnp working.
In /etc/linuxigd/upnpd.conf set:
forward_chain_name=UPNP_FORWARD prerouting_chain_name=UPNP_PREROUTING
And configure iptables like this:
# Good firewalls drop everything that has not been explicitly allowed, # so first create rules to allow other computers to connect to the upnp daemon. iptables -t filter -A INPUT -i eth0 -d 239.0.0.0/8 -j ACCEPT iptables -t filter -A INPUT -i eth0 -p tcp --dport 49152 -j ACCEPT iptables -t filter -A INPUT -i eth0 -p udp --dport 1900 -j ACCEPT # Create chains for the rules to be created by the upnp daemon. iptables -t filter -N UPNP_FORWARD iptables -t filter -A FORWARD -j UPNP_FORWARD iptables -t nat -N UPNP_PREROUTING iptables -t nat -A PREROUTING -j UPNP_PREROUTING
Created by NickStallman.net, Luxury Homes Australia
Real estate agents should be using interactive floor plans and real estate agent tools.