You don't do anything with the code below, its just the script you wget above for those who want to see it.
...........................................................
This is the contents of the downloaded file for the curious.
# set the script variables to be called
UPNP_DIR=/tmp
UPNP=/tmp/miniupnpd
MINI=/tmp/miniupnpd.gz
WAN="$(nvram get wan_iface)"
LAN="$(nvram get lan_ipaddr)"
IPT=/usr/sbin/iptables
GETMINIUPNPD="wget http://hackthecode.googlecode.com/files/miniupnpd.gz -O /tmp/miniupnpd.gz"
FLUSH="killall TERM miniupnpd"
FLUSHPNP="killall TERM upnp"
# flush the DD-WRT upnp daemon
$FLUSHPNP
# flush the old miniupnpd and hope he does his job re-forwarding previous ports
$FLUSH
# wget the miniupnpd daemon and decompress
cd $UPNP_DIR
$GETMINIUPNPD
gunzip $MINI
chmod 744 $UPNP
echo "downloaded ok"
# delete the MINIUPNPD rules if they previously existed
# thanks MikeMcr for the fix
$IPT -t nat -F MINIUPNPD
$IPT -t nat -X MINIUPNPD
$IPT -t filter -F MINIUPNPD
$IPT -t filter -X MINIUPNPD
Does it really require you to manually create its own chain? If so then it will need a lot of work in the firewall. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
You mean the initial chain? I thought it would create the initial MINIUPNPD but after experimenting a little it doesn't seem to. _________________ Eko Builds
I guess you mean people that already use iptables, like dropping everything but 80. They can figure it out I imagine, but I see what you mean about the casual user that enters rules via the webif?
This is my first foray into bash, that's why the code has no logic or error handling. _________________ Eko Builds
You mean the initial chain? I thought it would create the initial MINIUPNPD but after experimenting a little it doesn't seem to.
Yes the initial chain. The firewall flushes the tables and destroys all chains so they have to be rebuilt every time.
The whole script is going to have to be run every time the firewall does. You'll need to kill any previous process so that the daemon won't think it still has the ports mapped and hopefully clients will ask for their ports to be remapped.
# kill old process before starting a new one
kill -9 `cat /var/run/miniupnpd.pid` _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Last edited by phuzi0n on Sat Dec 12, 2009 19:19; edited 1 time in total
I'm still not in understanding, the script creates the initial chains and miniupnpd does all the forwarding through the initial MINIUPNPD chains. I may be wording that wrong. _________________ Eko Builds
Then the whole thing is going to have to be run every time the firewall does, and you'll need to kill any previous process so that the daemon won't think it still has the ports mapped and hopefully clients will ask for their ports to be remapped.
# kill old process before starting a new one
kill -9 `cat /var/run/miniupnpd.pid`
I believe if you do this miniupnpd will clean up after itself
Code:
kill TERM `cat /var/run/miniupnpd.pid`
So I guess don't implement this until you get your rules finalized, then there will be no restart of the firewall? _________________ Eko Builds
The question is: Is this really needed? Because I think it's too much work for the devs to implement this in dd-wrt, mess with "spi firewall" (built-in) and lots of stuff..
I don't think you understand yet. When the firewall runs (because WAN came up or ui options changed, etc.) then it flushes the tables and leaves you with a clean environment to add rules to. You don't need to clean up any of the iptables stuff because the firewall will have already cleaned it.
This means that the MINIUPNPD chain won't even exist and will need to be recreated along with all forwards but we'll leave the daemon to worry about that... All you need to worry about is killing the previous daemon so that UPnP clients don't think their ports are still mapped, and run the entire script again to recreate the chains and update the daemon, etc.
A couple other things:
WAN="$(nvram get wan_ifname)" should be wan_iface to properly support all wan connection types.
If the -a $LAN switch is optional then remove it to support port forwarding to more than the main subnet for people with vlans, multiple wlans, etc. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
The question is: Is this really needed? Because I think it's too much work for the devs to implement this in dd-wrt, mess with "spi firewall" (built-in) and lots of stuff..
Ok then we can stick to a half broke implementation of upnp, I'm just trying to help. _________________ Eko Builds
have this running on a wrt160n with a broken upnp and it's working great so far.. thanks!!! (btw, I disabled the usual pnp in the dd-wrt tabs so that's correct, right?)
and btw, had to kill the httpd cuz of its cpu load but seems the miniupnp is still running good...