On Sunday 07 April 2002 12:07, Brian J. Murrell wrote: > > Dynamically inserting/removing rules seems like a big hack, but > > not like a solution. > > Why? I thought that userspace solutions were _always_ considered > "the better way(tm)" to do things when possible. What is a better > solution to UPnP than a userspace daemon manipulating netfilter > rules?
How I understood Harald is that he do not regard a userspace daemon who dynamically changes the iptables ruleset as the correct approach, but the correct approach rather a userspace daemon who directly insert new connection tracking/NAT session entries as being the correct approach. > Perhaps you prefer the UPnP daemon to act more like a true > application proxy and do application level forwarding to satisfy > the requests made of it? This may also be an possibility, but not as efficient or flexible, and I don't think this is how UPnP can be used. Also I don't think this is anywhere close where Harald was aiming. > On a side note, does UPnP do anything more/better than SOCKS5? Did > MS needlessly invent another protocol again? I was always under > the impression that SOCKS5 allowed UDP as well as requesting TCP > and UDP listeners. >From my understanding the two provide similar functionality yes, but using different technology. SOCKS5 uses proxying, where the client uses the SOCKS gateway/proxy for networking. UPnP is more for session establishment, where networking is done direcly by the endpoints, not a intermediary proxy. SOCKS5 requires a relatively resource intensive proxy server component. UPnP fits easily into simple and cheap NAT and packet filtering devices. Both require support from the client software. Both can have this support wrapped by the OS with some limitations. Regards Henrik Nordström
