MiniUPnPd Web Installer - Available For Testing

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3, 4, 5, 6, 7, 8  Next
Author Message
autobot
DD-WRT Guru


Joined: 07 May 2009
Posts: 1596

PostPosted: Sat Dec 12, 2009 18:01    Post subject: MiniUPnPd Web Installer - Available For Testing Reply with quote
To have this reload with the firewall and work properly at all times you need to save the following as a firewall script.

Code:

sleep 10
wget http://hackthecode.googlecode.com/files/miniupnpd.sh -O /tmp/miniupnpd.sh
chmod +x /tmp/miniupnpd.sh
sh /tmp/miniupnpd.sh


You don't do anything with the code below, its just the script you wget above for those who want to see it.
...........................................................

This is the contents of the downloaded file for the curious.

Code:

#!/bin/sh

################| December 18 2009 |################
####################################################
#   DD-WRT MiniUPnP Daemon Installation Script     #
####################################################

# set the script variables to be called
UPNP_DIR=/tmp
UPNP=/tmp/miniupnpd
MINI=/tmp/miniupnpd.gz
WAN="$(nvram get wan_iface)"
LAN="$(nvram get lan_ipaddr)"
IPT=/usr/sbin/iptables
GETMINIUPNPD="wget http://hackthecode.googlecode.com/files/miniupnpd.gz -O /tmp/miniupnpd.gz"
FLUSH="killall TERM miniupnpd"
FLUSHPNP="killall TERM upnp"

# flush the DD-WRT upnp daemon
$FLUSHPNP

# flush the old miniupnpd and hope he does his job re-forwarding previous ports
$FLUSH

# wget the miniupnpd daemon and decompress
cd $UPNP_DIR
$GETMINIUPNPD
gunzip $MINI
chmod 744 $UPNP

echo "downloaded ok"

# delete the MINIUPNPD rules if they previously existed
# thanks MikeMcr for the fix
$IPT -t nat -F MINIUPNPD
$IPT -t nat -X MINIUPNPD
$IPT -t filter -F MINIUPNPD
$IPT -t filter -X MINIUPNPD

# Setup the forwarding rules for miniupnpd
$IPT -t nat -N MINIUPNPD
$IPT -t nat -I PREROUTING -j MINIUPNPD
$IPT -t filter -N MINIUPNPD
$IPT -t filter -I FORWARD -j MINIUPNPD

# run miniupnpd then sleep two seconds
cd $UPNP_DIR
./miniupnpd -i $WAN -a $LAN
sleep 2

# finish up with a message
echo '#########################################################

To test, run the command *iptables -L MINIUPNPD*
and all new forwarded ports should show up once you have
launched an applicaton that uses upnp.

#########################################################'


echo "######################| Checking |#######################"

# see if its running
TEN4="$(cat /var/run/miniupnpd.pid)"
echo "MiniUPnP Daemon running on PID# :" $TEN4

# remove downloaded gzip as it's no longer needed
rm $MINI

# end script
exit

_________________
Eko Builds

BrainSlayer Builds

DD-WRT Changelog RSS Feed


Last edited by autobot on Fri Feb 12, 2010 20:04; edited 11 times in total
Sponsor
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Sat Dec 12, 2009 18:35    Post subject: Reply with quote
Does it really require you to manually create its own chain? If so then it will need a lot of work in the firewall.
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
autobot
DD-WRT Guru


Joined: 07 May 2009
Posts: 1596

PostPosted: Sat Dec 12, 2009 18:53    Post subject: Reply with quote
You mean the initial chain? I thought it would create the initial MINIUPNPD but after experimenting a little it doesn't seem to.
_________________
Eko Builds

BrainSlayer Builds

DD-WRT Changelog RSS Feed
autobot
DD-WRT Guru


Joined: 07 May 2009
Posts: 1596

PostPosted: Sat Dec 12, 2009 19:04    Post subject: Reply with quote
I guess you mean people that already use iptables, like dropping everything but 80. They can figure it out I imagine, but I see what you mean about the casual user that enters rules via the webif?

This is my first foray into bash, that's why the code has no logic or error handling.

_________________
Eko Builds

BrainSlayer Builds

DD-WRT Changelog RSS Feed
fggs
DD-WRT Guru


Joined: 28 Jan 2008
Posts: 1741

PostPosted: Sat Dec 12, 2009 19:11    Post subject: Reply with quote
I think he's talking about dd-wrt's built-in firewall, that would be hard to implement miniupnpd if needs to mess with new chains and stuff..
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Sat Dec 12, 2009 19:15    Post subject: Reply with quote
autobot wrote:
You mean the initial chain? I thought it would create the initial MINIUPNPD but after experimenting a little it doesn't seem to.

Yes the initial chain. The firewall flushes the tables and destroys all chains so they have to be rebuilt every time.

The whole script is going to have to be run every time the firewall does. You'll need to kill any previous process so that the daemon won't think it still has the ports mapped and hopefully clients will ask for their ports to be remapped.


# kill old process before starting a new one
kill -9 `cat /var/run/miniupnpd.pid`

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)


Last edited by phuzi0n on Sat Dec 12, 2009 19:19; edited 1 time in total
autobot
DD-WRT Guru


Joined: 07 May 2009
Posts: 1596

PostPosted: Sat Dec 12, 2009 19:16    Post subject: Reply with quote
I'm still not in understanding, the script creates the initial chains and miniupnpd does all the forwarding through the initial MINIUPNPD chains. I may be wording that wrong.
_________________
Eko Builds

BrainSlayer Builds

DD-WRT Changelog RSS Feed
autobot
DD-WRT Guru


Joined: 07 May 2009
Posts: 1596

PostPosted: Sat Dec 12, 2009 19:21    Post subject: Reply with quote
phuzi0n wrote:
Then the whole thing is going to have to be run every time the firewall does, and you'll need to kill any previous process so that the daemon won't think it still has the ports mapped and hopefully clients will ask for their ports to be remapped.


# kill old process before starting a new one
kill -9 `cat /var/run/miniupnpd.pid`


I believe if you do this miniupnpd will clean up after itself

Code:

kill TERM `cat /var/run/miniupnpd.pid`


So I guess don't implement this until you get your rules finalized, then there will be no restart of the firewall?

_________________
Eko Builds

BrainSlayer Builds

DD-WRT Changelog RSS Feed
fggs
DD-WRT Guru


Joined: 28 Jan 2008
Posts: 1741

PostPosted: Sat Dec 12, 2009 19:26    Post subject: Reply with quote
The question is: Is this really needed? Because I think it's too much work for the devs to implement this in dd-wrt, mess with "spi firewall" (built-in) and lots of stuff..
autobot
DD-WRT Guru


Joined: 07 May 2009
Posts: 1596

PostPosted: Sat Dec 12, 2009 19:28    Post subject: Reply with quote
I added a flush and the wan_iface change, thanks phuzi0n.
_________________
Eko Builds

BrainSlayer Builds

DD-WRT Changelog RSS Feed


Last edited by autobot on Wed Dec 16, 2009 21:16; edited 2 times in total
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Sat Dec 12, 2009 19:54    Post subject: Reply with quote
I don't think you understand yet. When the firewall runs (because WAN came up or ui options changed, etc.) then it flushes the tables and leaves you with a clean environment to add rules to. You don't need to clean up any of the iptables stuff because the firewall will have already cleaned it.

This means that the MINIUPNPD chain won't even exist and will need to be recreated along with all forwards but we'll leave the daemon to worry about that... All you need to worry about is killing the previous daemon so that UPnP clients don't think their ports are still mapped, and run the entire script again to recreate the chains and update the daemon, etc.

A couple other things:

WAN="$(nvram get wan_ifname)" should be wan_iface to properly support all wan connection types.

If the -a $LAN switch is optional then remove it to support port forwarding to more than the main subnet for people with vlans, multiple wlans, etc.

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
autobot
DD-WRT Guru


Joined: 07 May 2009
Posts: 1596

PostPosted: Sun Dec 13, 2009 12:10    Post subject: Reply with quote
fggs wrote:
The question is: Is this really needed? Because I think it's too much work for the devs to implement this in dd-wrt, mess with "spi firewall" (built-in) and lots of stuff..


Ok then we can stick to a half broke implementation of upnp, I'm just trying to help.

_________________
Eko Builds

BrainSlayer Builds

DD-WRT Changelog RSS Feed
edrikk
DD-WRT User


Joined: 31 Oct 2009
Posts: 186
Location: Canada

PostPosted: Thu Dec 17, 2009 14:37    Post subject: Reply with quote
Hi Autobot,

Shouldn't you put an:

Code:
rm $MINI


to delete the downloaded gzip file? It is no longer needed after you have unzipped it, and it just takes up space.

OR, you could do a check to see if the file exists, and if it does, then don't re-download it.
autobot
DD-WRT Guru


Joined: 07 May 2009
Posts: 1596

PostPosted: Thu Dec 17, 2009 18:17    Post subject: Reply with quote
Yes I could, I thought about it before and forgot. Will add it to save that extra 37k of ram, thanks.
_________________
Eko Builds

BrainSlayer Builds

DD-WRT Changelog RSS Feed
jugstah
DD-WRT Novice


Joined: 22 Apr 2008
Posts: 24

PostPosted: Fri Dec 18, 2009 2:24    Post subject: Reply with quote
have this running on a wrt160n with a broken upnp and it's working great so far.. thanks!!! (btw, I disabled the usual pnp in the dd-wrt tabs so that's correct, right?)

and btw, had to kill the httpd cuz of its cpu load but seems the miniupnp is still running good...
Goto page 1, 2, 3, 4, 5, 6, 7, 8  Next Display posts from previous:    Page 1 of 8
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum