On Sat, January 7, 2012 15:11, Antoine Jacoutot wrote:
> Hi.
>
> Attached are 2 ports:
>
> * miniupnpd
> The miniUPnP daemon is an UPnP IGD (Internet Gateway Device) which
> provides NAT traversal services to any UPnP enabled client as well as
> NAT Port Mapping Protocol (NAT-PMP) on the network.
>
Hi. I've tested it with transmission. It tells, that port 51410 is closed.
sudo pfctl -a "miniupnpd/*" -s rules
pass in quick on xl0 on rdomain 0 inet proto tcp from any to any port = 51410
flags any label "NAT-PMP 51410 tcp" rdr-to 10.219.11.35 port 51410 prio 0
nmap -sS tells me too, that port is closed: 51410/tcp closed unknown
My config:
sudo egrep -v ^# /etc/pf.conf
ext_if = xl0
int_if = rl0
table <bad_hosts>
set skip on lo
anchor "miniupnpd/*"
pass # to establish keep-state
match out on $ext_if from 10.219.11.0/24 to any nat-to ($ext_if)
block in on $ext_if proto tcp to port { 138 139 445 }
block quick from <bad_hosts>
pass in on $ext_if proto tcp to $ext_if port ssh keep state \
(max-src-conn-rate 5/120, overload <bad_hosts> flush global)
pass in on $ext_if proto tcp from any to $ext_if port 8081 rdr-to 10.219.11.48
port 80
pass in on $ext_if proto tcp from any to $ext_if port 2222 rdr-to 10.219.11.48
port 22
pass in on $ext_if proto tcp from any to $ext_if port 51413 rdr-to
10.219.11.35 port 51413
block in on ! lo0 proto tcp to port 6000:6010
sudo egrep -v ^# /etc/miniupnpd.conf
ext_ifname=xl0
listening_ip=10.219.11.34/24
port=0
enable_natpmp=yes
enable_upnp=yes
bitrate_up=1000000
bitrate_down=10000000
secure_mode=yes
system_uptime=yes
clean_ruleset_interval=600
uuid=aa53c618-3934-11e1-9473-0016e6d8f2b1
serial=12345666
model_number=1
allow 1024-65535 10.219.11.0/24 1024-65535
deny 0-65535 0.0.0.0/0 0-65535
When I use port 51413, which is redirected with pf rule, it's seen as open by
transmission and by nmap.
Did I missed something in configuration, or the problem is in version of
OpenBSD on my gate (OpenBSD 5.0-current (GENERIC) #78: Sat Oct 22 20:59:16 MDT
2011)?
