Re: miniupnp
On Mon, Jan 09, 2012 at 10:39:23AM +0100, Antoine Jacoutot wrote: On Sat, Jan 07, 2012 at 01:11:20PM +0100, Antoine Jacoutot wrote: Hi. Attached are 2 ports: Updated ports and added minisspd. Anyone? -- Antoine
Re: miniupnp
On Sun, January 8, 2012 12:50, Antoine Jacoutot wrote: On Sun, Jan 08, 2012 at 09:55:54AM +0100, Antoine Jacoutot wrote: Yeah, the generated rule is bogus here. I'll have a look at it. Thanks for testing. Please try this new port (have a look at the README as well, some stuffs changed). Thanks. -- Antoine Hellp. Sorry for timeout. miniupnpd from your latest tarball with subdirs works fine with the new hints from pkg-readme. Thanks!
Re: miniupnp
On Sat, Jan 07, 2012 at 01:11:20PM +0100, Antoine Jacoutot wrote: Hi. Attached are 2 ports: Updated ports and added minisspd. * miniupnpd The miniUPnP daemon is an UPnP IGD (Internet Gateway Device) which provides NAT traversal services to any UPnP enabled client as well as NAT Port Mapping Protocol (NAT-PMP) on the network. * miniupnpc miniupnpc, the MiniUPnP client library, enables applications to access the services provided by an UPnP Internet Gateway Device present on the network. In UPnP terminology, it is a UPnP Control Point. There are still to be considered as a work-in-progress but after some small testing with empathy (jabber) and windows messenger, it seems to do the right thing. I expect to make a lot more testing next week and would appreciate as most feedback as possible (working or not working). If this gets in I'm planning on porting minissdpd as well. Thanks! -- Antoine -- Antoine miniupnp.tgz Description: application/tar-gz
Re: miniupnp
On Sat, Jan 07, 2012 at 05:25:43PM +0300, Kirill Bychkov wrote: Hi. I've tested it with transmission. It tells, that port 51410 is closed. sudo pfctl -a miniupnpd/* -s rules pass in quick on xl0 on rdomain 0 inet proto tcp from any to any port = 51410 flags any label NAT-PMP 51410 tcp rdr-to 10.219.11.35 port 51410 prio 0 Yeah, the generated rule is bogus here. I'll have a look at it. Thanks for testing. -- Antoine
Re: miniupnp
On Sun, Jan 08, 2012 at 09:55:54AM +0100, Antoine Jacoutot wrote: Yeah, the generated rule is bogus here. I'll have a look at it. Thanks for testing. Please try this new port (have a look at the README as well, some stuffs changed). Thanks. -- Antoine miniupnpd.tgz Description: application/tar-gz
Re: miniupnp
Hi, On Saturday, January 7, 2012 13:11 CET, Antoine Jacoutot ajacou...@bsdfrog.org wrote: Hi. Attached are 2 ports: * miniupnpd The miniUPnP daemon is an UPnP IGD (Internet Gateway Device) which provides NAT traversal services to any UPnP enabled client as well as NAT Port Mapping Protocol (NAT-PMP) on the network. * miniupnpc miniupnpc, the MiniUPnP client library, enables applications to access the services provided by an UPnP Internet Gateway Device present on the network. In UPnP terminology, it is a UPnP Control Point. There are still to be considered as a work-in-progress but after some small testing with empathy (jabber) and windows messenger, it seems to do the right thing. I expect to make a lot more testing next week and would appreciate as most feedback as possible (working or not working). both compile and install fine on i386 and macppc. However, haven't installed on my firewall for some tests. The SECURITY file for miniupnpd, is only around in the ports tree. It doesn't get installed, nor echoed out when installing the package, nor is in pkg_info. Since the users are encouraged to install packages, they will miss it, right? Besides the SECURITY file, and haven't really tested it, it looks OK to me. cheers, Sebastian If this gets in I'm planning on porting minissdpd as well. Thanks! -- Antoine
Re: miniupnp
On 2012-01-07, Sebastian Reitenbach sebas...@l00-bugdead-prods.de wrote: Hi, On Saturday, January 7, 2012 13:11 CET, Antoine Jacoutot ajacou...@bsdfrog.org wrote: Hi. Attached are 2 ports: * miniupnpd The miniUPnP daemon is an UPnP IGD (Internet Gateway Device) which provides NAT traversal services to any UPnP enabled client as well as NAT Port Mapping Protocol (NAT-PMP) on the network. * miniupnpc miniupnpc, the MiniUPnP client library, enables applications to access the services provided by an UPnP Internet Gateway Device present on the network. In UPnP terminology, it is a UPnP Control Point. There are still to be considered as a work-in-progress but after some small testing with empathy (jabber) and windows messenger, it seems to do the right thing. I expect to make a lot more testing next week and would appreciate as most feedback as possible (working or not working). both compile and install fine on i386 and macppc. However, haven't installed on my firewall for some tests. The SECURITY file for miniupnpd, is only around in the ports tree. It doesn't get installed, nor echoed out when installing the package, nor is in pkg_info. Since the users are encouraged to install packages, they will miss it, right? there is a history of SECURITY files in the ports tree but in this case I think mv'ing it to MESSAGE makes sense.
Re: miniupnp
On Sat, January 7, 2012 15:11, Antoine Jacoutot wrote: Hi. Attached are 2 ports: * miniupnpd The miniUPnP daemon is an UPnP IGD (Internet Gateway Device) which provides NAT traversal services to any UPnP enabled client as well as NAT Port Mapping Protocol (NAT-PMP) on the network. Hi. I've tested it with transmission. It tells, that port 51410 is closed. sudo pfctl -a miniupnpd/* -s rules pass in quick on xl0 on rdomain 0 inet proto tcp from any to any port = 51410 flags any label NAT-PMP 51410 tcp rdr-to 10.219.11.35 port 51410 prio 0 nmap -sS tells me too, that port is closed: 51410/tcp closed unknown My config: sudo egrep -v ^# /etc/pf.conf ext_if = xl0 int_if = rl0 table bad_hosts set skip on lo anchor miniupnpd/* pass# to establish keep-state match out on $ext_if from 10.219.11.0/24 to any nat-to ($ext_if) block in on $ext_if proto tcp to port { 138 139 445 } block quick from bad_hosts pass in on $ext_if proto tcp to $ext_if port ssh keep state \ (max-src-conn-rate 5/120, overload bad_hosts flush global) pass in on $ext_if proto tcp from any to $ext_if port 8081 rdr-to 10.219.11.48 port 80 pass in on $ext_if proto tcp from any to $ext_if port rdr-to 10.219.11.48 port 22 pass in on $ext_if proto tcp from any to $ext_if port 51413 rdr-to 10.219.11.35 port 51413 block in on ! lo0 proto tcp to port 6000:6010 sudo egrep -v ^# /etc/miniupnpd.conf ext_ifname=xl0 listening_ip=10.219.11.34/24 port=0 enable_natpmp=yes enable_upnp=yes bitrate_up=100 bitrate_down=1000 secure_mode=yes system_uptime=yes clean_ruleset_interval=600 uuid=aa53c618-3934-11e1-9473-0016e6d8f2b1 serial=12345666 model_number=1 allow 1024-65535 10.219.11.0/24 1024-65535 deny 0-65535 0.0.0.0/0 0-65535 When I use port 51413, which is redirected with pf rule, it's seen as open by transmission and by nmap. Did I missed something in configuration, or the problem is in version of OpenBSD on my gate (OpenBSD 5.0-current (GENERIC) #78: Sat Oct 22 20:59:16 MDT 2011)?
Re: miniupnp
The SECURITY file for miniupnpd, is only around in the ports tree. It doesn't get installed, nor echoed out when installing the package, nor is in pkg_info. Since the users are encouraged to install packages, they will miss it, right? there is a history of SECURITY files in the ports tree but in this case I think mv'ing it to MESSAGE makes sense. Yes I asked espie@ around p2k11 if we could kill SECURITY and use MESSAGE/README instead but he objected. So I 'm using the 'correct' way to do things. If we are allowed to kill SECURITY then sure I'll put it in README (not MESSAGE, it's useless there). Meanwhile I'll keep it as is. -- Antoine
Re: miniupnp
On Sat, Jan 07, 2012 at 04:02:51PM +0100, Antoine Jacoutot wrote: The SECURITY file for miniupnpd, is only around in the ports tree. It doesn't get installed, nor echoed out when installing the package, nor is in pkg_info. Since the users are encouraged to install packages, they will miss it, right? there is a history of SECURITY files in the ports tree but in this case I think mv'ing it to MESSAGE makes sense. Yes I asked espie@ around p2k11 if we could kill SECURITY and use MESSAGE/README instead but he objected. So I 'm using the 'correct' way to do things. If we are allowed to kill SECURITY then sure I'll put it in README (not MESSAGE, it's useless there). Meanwhile I'll keep it as is. Copying from SECURITY to README looks fine, I would still prefer not to kill SECURITY.
Re: miniupnp
On Sat, Jan 07, 2012 at 05:27:24PM +0100, Marc Espie wrote: On Sat, Jan 07, 2012 at 04:02:51PM +0100, Antoine Jacoutot wrote: The SECURITY file for miniupnpd, is only around in the ports tree. It doesn't get installed, nor echoed out when installing the package, nor is in pkg_info. Since the users are encouraged to install packages, they will miss it, right? there is a history of SECURITY files in the ports tree but in this case I think mv'ing it to MESSAGE makes sense. Yes I asked espie@ around p2k11 if we could kill SECURITY and use MESSAGE/README instead but he objected. So I 'm using the 'correct' way to do things. If we are allowed to kill SECURITY then sure I'll put it in README (not MESSAGE, it's useless there). Meanwhile I'll keep it as is. Copying from SECURITY to README looks fine, I would still prefer not to kill SECURITY. But what is the benefit of SECURITY in this case? -- Antoine
Re: miniupnp
On Sat, Jan 07, 2012 at 08:10:26PM +0100, Antoine Jacoutot wrote: Copying from SECURITY to README looks fine, I would still prefer not to kill SECURITY. But what is the benefit of SECURITY in this case? It's something you can find(1). But yeah, we probably want to formalize things a bit more at some point.
Re: miniupnp
On Sat, Jan 07, 2012 at 09:08:25PM +0100, Marc Espie wrote: On Sat, Jan 07, 2012 at 08:10:26PM +0100, Antoine Jacoutot wrote: Copying from SECURITY to README looks fine, I would still prefer not to kill SECURITY. But what is the benefit of SECURITY in this case? It's something you can find(1). Ok then I'll keep SECURITY so it can be found. -- Antoine