[Bug 1917715] [NEW] MiniUPnPD and netfilter incompatability

Bill Williamson Wed, 03 Mar 2021 22:55:46 -0800

Public bug reported:

Description:    Ubuntu 20.10
Release:        20.10


In short: miniupnpd daemon's code talks to old school iptables to build
dynamic firewall rules.  Ubuntu uses netfilter, and thus old school
iptables rules are managed using iptables-legacy.  This means the daemon
never sees the chains it's created via command line, and breaks things
and makes it not work.


In longer:
I have set up a router on RPi4 using ubuntu server 20.10.  Standard setup using 
a few iptables rules to set up MASQ, allow inbound for existing connections, 
etc.  Using dnsmasq for dns and dhcp.  It all works great.

Now I want to add UPnP for xboxes/etc, I installed miniupnpd and it
starts up nicely but doesn't actually work.  So I did some
investigating.

The setup file for miniupnpd uses iptables or ip6tables to create
chains.  This creates the chains (you can verify with iptables -S), but
when the miniupnpd daemon tries to find them you get the error "chain
MINIUPNPD not found".

I fixed the issue by hardcoding the config file to use "iptables-legacy"
as the setup command. (it seems to have attached to this bug report?)

A better fix is for upstream to use the netfilter APIs for talking to
chains/tables/etc, but my hacky fix at least makes the package work as
expected.


(my understanding is that iptables interface is deprecated and will be gone in 
the future?).

Thanks, happy to provide any other info.

ProblemType: Bug
DistroRelease: Ubuntu 20.10
Package: miniupnpd 2.1-6.1
ProcVersionSignature: Ubuntu 5.8.0-1016.19-raspi 5.8.18
Uname: Linux 5.8.0-1016-raspi aarch64
ApportVersion: 2.20.11-0ubuntu50.5
Architecture: arm64
CasperMD5CheckResult: skip
Date: Thu Mar  4 06:18:26 2021
ImageMediaBuild: 20201022
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=C.UTF-8
 SHELL=/bin/bash
SourcePackage: miniupnpd
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.miniupnpd.miniupnpd_functions.sh: 2021-03-04T04:45:50.501225

** Affects: miniupnpd (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apport-bug arm64 groovy uec-images

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917715

Title:
  MiniUPnPD and netfilter incompatability

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/miniupnpd/+bug/1917715/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1917715] [NEW] MiniUPnPD and netfilter incompatability

Reply via email to