On Sat, January 7, 2012 15:11, Antoine Jacoutot wrote: > Hi. > > Attached are 2 ports: > > * miniupnpd > The miniUPnP daemon is an UPnP IGD (Internet Gateway Device) which > provides NAT traversal services to any UPnP enabled client as well as > NAT Port Mapping Protocol (NAT-PMP) on the network. >
Hi. I've tested it with transmission. It tells, that port 51410 is closed. sudo pfctl -a "miniupnpd/*" -s rules pass in quick on xl0 on rdomain 0 inet proto tcp from any to any port = 51410 flags any label "NAT-PMP 51410 tcp" rdr-to 10.219.11.35 port 51410 prio 0 nmap -sS tells me too, that port is closed: 51410/tcp closed unknown My config: sudo egrep -v ^# /etc/pf.conf ext_if = xl0 int_if = rl0 table <bad_hosts> set skip on lo anchor "miniupnpd/*" pass # to establish keep-state match out on $ext_if from 10.219.11.0/24 to any nat-to ($ext_if) block in on $ext_if proto tcp to port { 138 139 445 } block quick from <bad_hosts> pass in on $ext_if proto tcp to $ext_if port ssh keep state \ (max-src-conn-rate 5/120, overload <bad_hosts> flush global) pass in on $ext_if proto tcp from any to $ext_if port 8081 rdr-to 10.219.11.48 port 80 pass in on $ext_if proto tcp from any to $ext_if port 2222 rdr-to 10.219.11.48 port 22 pass in on $ext_if proto tcp from any to $ext_if port 51413 rdr-to 10.219.11.35 port 51413 block in on ! lo0 proto tcp to port 6000:6010 sudo egrep -v ^# /etc/miniupnpd.conf ext_ifname=xl0 listening_ip=10.219.11.34/24 port=0 enable_natpmp=yes enable_upnp=yes bitrate_up=1000000 bitrate_down=10000000 secure_mode=yes system_uptime=yes clean_ruleset_interval=600 uuid=aa53c618-3934-11e1-9473-0016e6d8f2b1 serial=12345666 model_number=1 allow 1024-65535 10.219.11.0/24 1024-65535 deny 0-65535 0.0.0.0/0 0-65535 When I use port 51413, which is redirected with pf rule, it's seen as open by transmission and by nmap. Did I missed something in configuration, or the problem is in version of OpenBSD on my gate (OpenBSD 5.0-current (GENERIC) #78: Sat Oct 22 20:59:16 MDT 2011)?