On 23. aug. 2012 13:49, Thomas Goirand wrote:
On 08/23/2012 06:13 AM, Andre Tomt wrote:
Package: miniupnpd
Version: 1.7-3
Disclaimer: I installed this in ubuntu, but AFAICT there is nothing
Ubuntu specific with this bug.
Initscript magic fails with multiple IP's on WAN interface.
192.168.99.1 and xx.xx.xx.2 (censored) is set on WAN interface
+ /sbin/iptables -t nat -A PREROUTING -d 192.168.99.1 xx.xx.xx.2 -i
eth0 -j MINIUPNPD
Bad argument `xx.xx.xx.2'
Try `iptables -h' or 'iptables --help' for more information.
..
+ start-stop-daemon -q --start --exec /usr/sbin/miniupnpd -- -i eth0
-o 192.168.99.1 xx.xx.xx.2 -a 10.255.21.1 -N -f
/etc/miniupnpd/miniupnpd.conf
Unknown option: xx.xx.xx.2
Hi,
Are you sure that it's even possible to do that with MiniUPnPd? Can I
specify more than once a -o option?
Hmm. It doesn't complain with multiple -o's.. But:
/* Uncomment the following line to enable multiple external ip support */
/* note : That is EXPERIMENTAL, do not use that unless you know perfectly what
you are doing */
/* Dynamic external ip adresses are not supported when this option is enabled.
* Also note that you would need to configure your .conf file accordingly. */
/*#define MULTIPLE_EXTERNAL_IP*/
So thats probably not advisable to enable in the build.
However, people with multiple WAN IP's tend to have them statically
assigned (99.9999% of cases ;)), and using a static, explicit SNAT rule
to map clients to one of them, using the other addresses for 1:1 NAT to
DMZ servers or some similar scheme.
These people will probably be fine with static config option for
external IP address to expose in UPNP/PMP. No kind of autodetection in
this case is really possible.
I propose some kind of EXT_IP flag in the defaults-file. IP-address or
"dynamic" defaulting to dynamic? If dynamic drop -d $EXTIP from
PREROUTING rule, and not set -o for miniupnpd invocation? This will make
everything hitting that interface on UPNP rules be DNAT'ed. miniupnpd
will look up the external IP itself when clients asks for it, with the
added bonus that will work across sudden changes in WAN IP address
(which is currently another bug I've been meaning to submit).
If set to something else, use the value in both PREROUTING as -d and
pass to miniupnpd as -o. Now the administrator is in control, and the
DNAT will not conflict with other WAN IP's.
I think that would cover most use cases?
Actually it would get rid of EXTIP lookup in initscript entirely.
Also, the title of this bug talks about WAN, but aren't you in fact
talking about more than one LAN IP address? This is confusing me.
Its the IP addresses the init script is getting from
MiniUPnPd_EXTERNAL_INTERFACE and putting into EXTIP. You probably got
confused by the RFC1918 address. Thats just a wart of this lab setup.
But would fail in all cases with multiple WAN IP's.
root@grr:~# ip addr show dev eth0 | grep "inet " | awk '{ print $2 }' |
cut -d"/" -f1
192.168.99.1
84.xxx.xxx.2
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
