Re: miniupnp
On Mon, Jan 09, 2012 at 10:39:23AM +0100, Antoine Jacoutot wrote: On Sat, Jan 07, 2012 at 01:11:20PM +0100, Antoine Jacoutot wrote: Hi. Attached are 2 ports: Updated ports and added minisspd. Anyone? -- Antoine
Re: miniupnp
On Sun, January 8, 2012 12:50, Antoine Jacoutot wrote: On Sun, Jan 08, 2012 at 09:55:54AM +0100, Antoine Jacoutot wrote: Yeah, the generated rule is bogus here. I'll have a look at it. Thanks for testing. Please try this new port (have a look at the README as well, some stuffs changed). Thanks. -- Antoine Hellp. Sorry for timeout. miniupnpd from your latest tarball with subdirs works fine with the new hints from pkg-readme. Thanks!
Re: miniupnp
On Sat, Jan 07, 2012 at 01:11:20PM +0100, Antoine Jacoutot wrote: Hi. Attached are 2 ports: Updated ports and added minisspd. * miniupnpd The miniUPnP daemon is an UPnP IGD (Internet Gateway Device) which provides NAT traversal services to any UPnP enabled client as well as NAT Port Mapping Protocol (NAT-PMP) on the network. * miniupnpc miniupnpc, the MiniUPnP client library, enables applications to access the services provided by an UPnP Internet Gateway Device present on the network. In UPnP terminology, it is a UPnP Control Point. There are still to be considered as a work-in-progress but after some small testing with empathy (jabber) and windows messenger, it seems to do the right thing. I expect to make a lot more testing next week and would appreciate as most feedback as possible (working or not working). If this gets in I'm planning on porting minissdpd as well. Thanks! -- Antoine -- Antoine miniupnp.tgz Description: application/tar-gz
Re: miniupnp
On Sat, Jan 07, 2012 at 05:25:43PM +0300, Kirill Bychkov wrote: Hi. I've tested it with transmission. It tells, that port 51410 is closed. sudo pfctl -a miniupnpd/* -s rules pass in quick on xl0 on rdomain 0 inet proto tcp from any to any port = 51410 flags any label NAT-PMP 51410 tcp rdr-to 10.219.11.35 port 51410 prio 0 Yeah, the generated rule is bogus here. I'll have a look at it. Thanks for testing. -- Antoine
Re: miniupnp
On Sun, Jan 08, 2012 at 09:55:54AM +0100, Antoine Jacoutot wrote: Yeah, the generated rule is bogus here. I'll have a look at it. Thanks for testing. Please try this new port (have a look at the README as well, some stuffs changed). Thanks. -- Antoine miniupnpd.tgz Description: application/tar-gz
Re: miniupnp
Hi, On Saturday, January 7, 2012 13:11 CET, Antoine Jacoutot ajacou...@bsdfrog.org wrote: Hi. Attached are 2 ports: * miniupnpd The miniUPnP daemon is an UPnP IGD (Internet Gateway Device) which provides NAT traversal services to any UPnP enabled client as well as NAT Port Mapping Protocol (NAT-PMP) on the network. * miniupnpc miniupnpc, the MiniUPnP client library, enables applications to access the services provided by an UPnP Internet Gateway Device present on the network. In UPnP terminology, it is a UPnP Control Point. There are still to be considered as a work-in-progress but after some small testing with empathy (jabber) and windows messenger, it seems to do the right thing. I expect to make a lot more testing next week and would appreciate as most feedback as possible (working or not working). both compile and install fine on i386 and macppc. However, haven't installed on my firewall for some tests. The SECURITY file for miniupnpd, is only around in the ports tree. It doesn't get installed, nor echoed out when installing the package, nor is in pkg_info. Since the users are encouraged to install packages, they will miss it, right? Besides the SECURITY file, and haven't really tested it, it looks OK to me. cheers, Sebastian If this gets in I'm planning on porting minissdpd as well. Thanks! -- Antoine
Re: miniupnp
On 2012-01-07, Sebastian Reitenbach sebas...@l00-bugdead-prods.de wrote: Hi, On Saturday, January 7, 2012 13:11 CET, Antoine Jacoutot ajacou...@bsdfrog.org wrote: Hi. Attached are 2 ports: * miniupnpd The miniUPnP daemon is an UPnP IGD (Internet Gateway Device) which provides NAT traversal services to any UPnP enabled client as well as NAT Port Mapping Protocol (NAT-PMP) on the network. * miniupnpc miniupnpc, the MiniUPnP client library, enables applications to access the services provided by an UPnP Internet Gateway Device present on the network. In UPnP terminology, it is a UPnP Control Point. There are still to be considered as a work-in-progress but after some small testing with empathy (jabber) and windows messenger, it seems to do the right thing. I expect to make a lot more testing next week and would appreciate as most feedback as possible (working or not working). both compile and install fine on i386 and macppc. However, haven't installed on my firewall for some tests. The SECURITY file for miniupnpd, is only around in the ports tree. It doesn't get installed, nor echoed out when installing the package, nor is in pkg_info. Since the users are encouraged to install packages, they will miss it, right? there is a history of SECURITY files in the ports tree but in this case I think mv'ing it to MESSAGE makes sense.
Re: miniupnp
On Sat, January 7, 2012 15:11, Antoine Jacoutot wrote:
Hi.
Attached are 2 ports:
* miniupnpd
The miniUPnP daemon is an UPnP IGD (Internet Gateway Device) which
provides NAT traversal services to any UPnP enabled client as well as
NAT Port Mapping Protocol (NAT-PMP) on the network.
Hi. I've tested it with transmission. It tells, that port 51410 is closed.
sudo pfctl -a miniupnpd/* -s rules
pass in quick on xl0 on rdomain 0 inet proto tcp from any to any port = 51410
flags any label NAT-PMP 51410 tcp rdr-to 10.219.11.35 port 51410 prio 0
nmap -sS tells me too, that port is closed: 51410/tcp closed unknown
My config:
sudo egrep -v ^# /etc/pf.conf
ext_if = xl0
int_if = rl0
table bad_hosts
set skip on lo
anchor miniupnpd/*
pass# to establish keep-state
match out on $ext_if from 10.219.11.0/24 to any nat-to ($ext_if)
block in on $ext_if proto tcp to port { 138 139 445 }
block quick from bad_hosts
pass in on $ext_if proto tcp to $ext_if port ssh keep state \
(max-src-conn-rate 5/120, overload bad_hosts flush global)
pass in on $ext_if proto tcp from any to $ext_if port 8081 rdr-to 10.219.11.48
port 80
pass in on $ext_if proto tcp from any to $ext_if port rdr-to 10.219.11.48
port 22
pass in on $ext_if proto tcp from any to $ext_if port 51413 rdr-to
10.219.11.35 port 51413
block in on ! lo0 proto tcp to port 6000:6010
sudo egrep -v ^# /etc/miniupnpd.conf
ext_ifname=xl0
listening_ip=10.219.11.34/24
port=0
enable_natpmp=yes
enable_upnp=yes
bitrate_up=100
bitrate_down=1000
secure_mode=yes
system_uptime=yes
clean_ruleset_interval=600
uuid=aa53c618-3934-11e1-9473-0016e6d8f2b1
serial=12345666
model_number=1
allow 1024-65535 10.219.11.0/24 1024-65535
deny 0-65535 0.0.0.0/0 0-65535
When I use port 51413, which is redirected with pf rule, it's seen as open by
transmission and by nmap.
Did I missed something in configuration, or the problem is in version of
OpenBSD on my gate (OpenBSD 5.0-current (GENERIC) #78: Sat Oct 22 20:59:16 MDT
2011)?
Re: miniupnp
The SECURITY file for miniupnpd, is only around in the ports tree. It doesn't get installed, nor echoed out when installing the package, nor is in pkg_info. Since the users are encouraged to install packages, they will miss it, right? there is a history of SECURITY files in the ports tree but in this case I think mv'ing it to MESSAGE makes sense. Yes I asked espie@ around p2k11 if we could kill SECURITY and use MESSAGE/README instead but he objected. So I 'm using the 'correct' way to do things. If we are allowed to kill SECURITY then sure I'll put it in README (not MESSAGE, it's useless there). Meanwhile I'll keep it as is. -- Antoine
Re: miniupnp
On Sat, Jan 07, 2012 at 04:02:51PM +0100, Antoine Jacoutot wrote: The SECURITY file for miniupnpd, is only around in the ports tree. It doesn't get installed, nor echoed out when installing the package, nor is in pkg_info. Since the users are encouraged to install packages, they will miss it, right? there is a history of SECURITY files in the ports tree but in this case I think mv'ing it to MESSAGE makes sense. Yes I asked espie@ around p2k11 if we could kill SECURITY and use MESSAGE/README instead but he objected. So I 'm using the 'correct' way to do things. If we are allowed to kill SECURITY then sure I'll put it in README (not MESSAGE, it's useless there). Meanwhile I'll keep it as is. Copying from SECURITY to README looks fine, I would still prefer not to kill SECURITY.
Re: miniupnp
On Sat, Jan 07, 2012 at 05:27:24PM +0100, Marc Espie wrote: On Sat, Jan 07, 2012 at 04:02:51PM +0100, Antoine Jacoutot wrote: The SECURITY file for miniupnpd, is only around in the ports tree. It doesn't get installed, nor echoed out when installing the package, nor is in pkg_info. Since the users are encouraged to install packages, they will miss it, right? there is a history of SECURITY files in the ports tree but in this case I think mv'ing it to MESSAGE makes sense. Yes I asked espie@ around p2k11 if we could kill SECURITY and use MESSAGE/README instead but he objected. So I 'm using the 'correct' way to do things. If we are allowed to kill SECURITY then sure I'll put it in README (not MESSAGE, it's useless there). Meanwhile I'll keep it as is. Copying from SECURITY to README looks fine, I would still prefer not to kill SECURITY. But what is the benefit of SECURITY in this case? -- Antoine
Re: miniupnp
On Sat, Jan 07, 2012 at 08:10:26PM +0100, Antoine Jacoutot wrote: Copying from SECURITY to README looks fine, I would still prefer not to kill SECURITY. But what is the benefit of SECURITY in this case? It's something you can find(1). But yeah, we probably want to formalize things a bit more at some point.
Re: miniupnp
On Sat, Jan 07, 2012 at 09:08:25PM +0100, Marc Espie wrote: On Sat, Jan 07, 2012 at 08:10:26PM +0100, Antoine Jacoutot wrote: Copying from SECURITY to README looks fine, I would still prefer not to kill SECURITY. But what is the benefit of SECURITY in this case? It's something you can find(1). Ok then I'll keep SECURITY so it can be found. -- Antoine
