For anyone interested in the UPnP daemon, I have a (semi) working one up for download.
It is terribly unsecure, probably unstable, and will need alot of work. That said, it does compile and run, and allows a MSN Messenger clinet to both initiated and accept voice and video traffic from behind a netfilter NAT box. You can get more information and grab it from http://home.ericwirt.com/ics/ I figured that actually having some (semi) working code might help some of you get a better handle on what things need to be addressed on the netfilter side. Eric Wirt [EMAIL PROTECTED] ----- Original Message ----- From: "Harald Welte" <[EMAIL PROTECTED]> To: "Henrik Nordstrom" <[EMAIL PROTECTED]> Cc: "Eric Wirt" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, April 07, 2002 5:12 AM Subject: Re: [UPnP-SDK-discuss] UPNP Server/Application Gateway for Linux > On Sun, Apr 07, 2002 at 12:55:37AM +0200, Henrik Nordstrom wrote: > > On Sunday 07 April 2002 00:09, Eric Wirt wrote: > > > > > 1) I'm not terribly familiar with the netfilter architecture. > > > Maybe one of the netfilter developers can chime in and tell me what > > > the proper way to hook into netfilter would be? > > > > Not being a core developer, but clearly the correct approach to UPnP > > is a userspace daemon responding to UPnP messages, and reconfiguring > > the iptables kernel as needed. > > To be more precise: A userspace daemon using the upcoming ctnetlink > interface to add connection tracking entries / nat mappings and > ip_conntrack_expect's to the firewall. > > Dynamically inserting/removing rules seems like a big hack, but not like > a solution. > > > Regards > > Henrik Nordström > > MARA Systems AB, Sweden > > -- > Live long and prosper > - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ > ============================================================================ > GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ > V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*) >
