Hi,
So I am trying to get the MiniUpNp project to work with TCL in the hope that it can be used with the fork 'Mine OS+' which I am developing. I was going to post this in the extensions section, but my problem is allowing Miniupnp through the TCL firewall. I had a long talk with the creator of Miniupnp, and it seems that my iptables file isn't to blame, and I compiled the Miniupnp project from source using the recommended flags given in the wiki. I even disabled the firewall tcz from loading on boot to see if that was the problem. TCL is connected to the network through a bridged connection in virtual box.
Here is what we should see when the upnpc client is run; (192.168.10.254 is the upnp router)
$ sudo tshark -i eth0 port 1900
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
0.000000 192.168.10.35 -> 239.255.255.250 SSDP M-SEARCH * HTTP/1.1
0.001934 192.168.10.254 -> 192.168.10.35 SSDP HTTP/1.1 200 OK
1.620583 192.168.10.254 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
1.621632 192.168.10.254 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
1.623239 192.168.10.254 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
1.625945 192.168.10.254 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
1.626944 192.168.10.254 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
1.627918 192.168.10.254 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
1.628919 192.168.10.254 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
1.630063 192.168.10.254 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
1.631068 192.168.10.254 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
1.632176 192.168.10.254 -> 239.255.255.250 SSDP NOTIFY * HTTP/1.1
Whereas I am receiving this;
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
0.000000 192.168.1.109 -> 239.255.255.250 SSDP M-SEARCH * HTTP/1.1
2.002259 192.168.1.109 -> 239.255.255.250 SSDP M-SEARCH * HTTP/1.1
4.004569 192.168.1.109 -> 239.255.255.250 SSDP M-SEARCH * HTTP/1.1
6.006929 192.168.1.109 -> 239.255.255.250 SSDP M-SEARCH * HTTP/1.1
As you can see the SSDP M-SEARCH packets do seem to be getting past the TCL iptables, but no response gets back into TCL which is the strange part.
This is my iptabes config file which I *think* is the culprit.
:POSTROUTING ACCEPT [1:72]
:OUTPUT ACCEPT [1:72]
COMMIT
# Completed on Wed Jan 12 08:47:59 2011
# Generated by iptables-save v1.4.10 on Wed Jan 12 08:47:59 2011
*filter
:INPUT DROP [1:28]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [185:18724]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25565 -j ACCEPT
-A INPUT -p udp -m udp --dport 1900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1900 -j ACCEPT
COMMIT
I did see the extension Gupnp in the repo, however I need a cli client which can portforward any upnp compatible router, and miniupnp it seems is the only way I can do this.
Thanks for a great OS,
Nick