Creating a prewall script only works when you know what you need to add. In this case the daemon is adding the rules, so you'd have to come up with a method to save the MINIUPNP chain to a prewall script if you go down that route. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
_________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
Creating a prewall script only works when you know what you need to add. In this case the daemon is adding the rules, so you'd have to come up with a method to save the MINIUPNP chain to a prewall script if you go down that route.
He only needs to make his own chain in iptables and then he can manipulate his own chain....
If the firewall is restarted it needs to recreate the chains and rewrite all the rules...
This can be be done in that prewall.... _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
He only needs to make his own chain in iptables and then he can manipulate his own chain....
If the firewall is restarted it needs to recreate the chains and rewrite all the rules...
This can be be done in that prewall....
The chain just needs to be created before miniupnp runs which can be done in the firewall script. It's not the same as it was in your case where you had a list of predefined rules that you add every time. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
He can add rules and delete them without restarting the firewall. He just needs to recreate all the rules when the firewall is restarted. That's where the script comes in..... _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
He can add rules and delete them without restarting the firewall. He just needs to recreate all the rules when the firewall is restarted. That's where the script comes in.....
You're not getting it, all he does is set up the chain for miniupnp to use. He can create the MINIUPNP chain and the rules to jump to it perfectly fine from within the firewall script. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
It sounds like a major issue but I'm only getting a few hits on google.... Maybe it's also hardware related. If anyone knows some more about this issue, please PM. I'm somehow unable to post anything on their forum _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
I'm assuming if there are problems they will report, it has been downloaded about 150 times. But I would wait also, maybe another week and perhaps some reports will come in. _________________ Eko Builds
frater, thanks for the revised script code. I will give it a try. I didn't know about the head and tail commands so that is really useful.
I actually found it was the "awk" command that is slow within the main loop.
I used nslookup because I wanted to resolve IPs to host names given out via DHCP (DNSMasq) and they are not in /etc/hosts. I suppose I could get them from the DNSMasq lease file which I have enabled.
frater, thanks for the revised script code. I will give it a try. I didn't know about the head and tail commands so that is really useful.
I actually found it was the "awk" command that is slow within the main loop.
I used nslookup because I wanted to resolve IPs to host names given out via DHCP (DNSMasq) and they are not in /etc/hosts. I suppose I could get them from the DNSMasq lease file which I have enabled.
It is also faster to use the the "done <filename" and there's another thing which I didn't know when I started bash-scripting.... if you invoke it like you did you will spawn another shell process and the variables you change/define there will not be visible after the loop ends....
My hosts are in /etc/hosts. Did you check this? I'm also using that file in my pound script.... _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
I'm on my cell, so can't type a full note, but I sent you an PM last night.
I'm not sure if something changed in the past week in your compile options (or even if that is relevant), but:
My PS3 sees the UPNP and ports and rules are added to iptable.
However, Call of Duty modern warfare 2 is no longer able to connect to the developer's servers for online games.
I switched back from my WRT610Nv2 to Tomato firmware on my WRT54G, which also runs miniupnp, and all was well immediately.
I also saw, but need to retest this when I get a chance, that after a day or so, the PS3 was no longer recognizing the UPnP even though the miniupnp daemon was still up. A reboot of dd-wrt was needed to fix that.
It is weird, because when the PS3 no longer sees the upnp, Call of duty IS able to connect to the servers. I know this because in the menu in that case call of duty says that NAT type is "moderate". Normally, when upnp is working (eg Tomato) it would say "open".
I hope I explained myself semi-well.
Last edited by edrikk on Sat Dec 26, 2009 16:22; edited 1 time in total