MINIUPNPD-PCP-PEER => MINIUPNPD-POSTROUTING
renamed miniupnpd_peer_chain = "MINIUPNPD-PCP-PEER" to miniupnpd_nat_postrouting_chain = "MINIUPNPD-POSTROUTING";
This commit is contained in:
Thomas Bernard
parent
ba91c4ec23
commit
1ba4362910
|
|
@ -6,7 +6,7 @@ IPTABLES=/sbin/iptables
|
|||
$IPTABLES -v -n -t nat -L PREROUTING
|
||||
$IPTABLES -v -n -t nat -L MINIUPNPD
|
||||
$IPTABLES -v -n -t nat -L POSTROUTING
|
||||
$IPTABLES -v -n -t nat -L MINIUPNPD-PCP-PEER
|
||||
$IPTABLES -v -n -t nat -L MINIUPNPD-POSTROUTING
|
||||
$IPTABLES -v -n -t mangle -L PREROUTING
|
||||
$IPTABLES -v -n -t mangle -L MINIUPNPD
|
||||
$IPTABLES -v -n -t filter -L FORWARD
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ IPTABLES=/sbin/iptables
|
|||
|
||||
#flush all rules owned by miniupnpd
|
||||
$IPTABLES -t nat -F MINIUPNPD
|
||||
$IPTABLES -t nat -F MINIUPNPD-PCP-PEER
|
||||
$IPTABLES -t nat -F MINIUPNPD-POSTROUTING
|
||||
$IPTABLES -t filter -F MINIUPNPD
|
||||
$IPTABLES -t mangle -F MINIUPNPD
|
||||
|
||||
|
|
|
|||
|
|
@ -26,5 +26,5 @@ $IPTABLES -t filter -N MINIUPNPD
|
|||
$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j MINIUPNPD
|
||||
|
||||
#adding the MINIUPNPD chain for nat
|
||||
$IPTABLES -t nat -N MINIUPNPD-PCP-PEER
|
||||
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MINIUPNPD-PCP-PEER
|
||||
$IPTABLES -t nat -N MINIUPNPD-POSTROUTING
|
||||
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MINIUPNPD-POSTROUTING
|
||||
|
|
|
|||
|
|
@ -26,8 +26,8 @@ $IPTABLES -t filter -F MINIUPNPD
|
|||
$IPTABLES -t filter -D FORWARD -i $EXTIF ! -o $EXTIF -j MINIUPNPD
|
||||
$IPTABLES -t filter -X MINIUPNPD
|
||||
|
||||
#removing the MINIUPNPD-PCP-PEER chain for nat
|
||||
$IPTABLES -t nat -F MINIUPNPD-PCP-PEER
|
||||
#removing the rule to MINIUPNPD-PCP-PEER
|
||||
$IPTABLES -t nat -D POSTROUTING -o $EXTIF -j MINIUPNPD-PCP-PEER
|
||||
$IPTABLES -t nat -X MINIUPNPD-PCP-PEER
|
||||
#removing the MINIUPNPD-POSTROUTING chain for nat
|
||||
$IPTABLES -t nat -F MINIUPNPD-POSTROUTING
|
||||
#removing the rule to MINIUPNPD-POSTROUTING
|
||||
$IPTABLES -t nat -D POSTROUTING -o $EXTIF -j MINIUPNPD-POSTROUTING
|
||||
$IPTABLES -t nat -X MINIUPNPD-POSTROUTING
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
/* $Id: iptcrdr.c,v 1.53 2015/02/08 09:10:00 nanard Exp $ */
|
||||
/* MiniUPnP project
|
||||
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
||||
* (c) 2006-2015 Thomas Bernard
|
||||
* (c) 2006-2016 Thomas Bernard
|
||||
* This software is subject to the conditions detailed
|
||||
* in the LICENCE file provided within the distribution */
|
||||
#include <stdio.h>
|
||||
|
|
@ -528,18 +528,18 @@ get_peer_rule_by_index(int index,
|
|||
iptc_strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
if(!iptc_is_chain(miniupnpd_peer_chain, h))
|
||||
if(!iptc_is_chain(miniupnpd_nat_postrouting_chain, h))
|
||||
{
|
||||
syslog(LOG_ERR, "chain %s not found", miniupnpd_peer_chain);
|
||||
syslog(LOG_ERR, "chain %s not found", miniupnpd_nat_postrouting_chain);
|
||||
}
|
||||
else
|
||||
{
|
||||
#ifdef IPTABLES_143
|
||||
for(e = iptc_first_rule(miniupnpd_peer_chain, h);
|
||||
for(e = iptc_first_rule(miniupnpd_nat_postrouting_chain, h);
|
||||
e;
|
||||
e = iptc_next_rule(e, h))
|
||||
#else
|
||||
for(e = iptc_first_rule(miniupnpd_peer_chain, &h);
|
||||
for(e = iptc_first_rule(miniupnpd_nat_postrouting_chain, &h);
|
||||
e;
|
||||
e = iptc_next_rule(e, &h))
|
||||
#endif
|
||||
|
|
@ -785,11 +785,11 @@ delete_redirect_and_filter_rules(unsigned short eport, int proto)
|
|||
i = 0;
|
||||
/* we must find the right index for the filter rule */
|
||||
#ifdef IPTABLES_143
|
||||
for(e = iptc_first_rule(miniupnpd_peer_chain, h);
|
||||
for(e = iptc_first_rule(miniupnpd_nat_postrouting_chain, h);
|
||||
e;
|
||||
e = iptc_next_rule(e, h), i++)
|
||||
#else
|
||||
for(e = iptc_first_rule(miniupnpd_peer_chain, &h);
|
||||
for(e = iptc_first_rule(miniupnpd_nat_postrouting_chain, &h);
|
||||
e;
|
||||
e = iptc_next_rule(e, &h), i++)
|
||||
#endif
|
||||
|
|
@ -818,7 +818,7 @@ delete_redirect_and_filter_rules(unsigned short eport, int proto)
|
|||
|
||||
index = i;
|
||||
syslog(LOG_INFO, "Trying to delete peer rule at index %u", index);
|
||||
r2 = delete_rule_and_commit(index, h, miniupnpd_peer_chain, "delete_peer_rule");
|
||||
r2 = delete_rule_and_commit(index, h, miniupnpd_nat_postrouting_chain, "delete_peer_rule");
|
||||
h = NULL;
|
||||
break;
|
||||
}
|
||||
|
|
@ -1171,7 +1171,7 @@ addnatrule(int proto, unsigned short eport,
|
|||
/* for "Port Triggering"
|
||||
* Section 2.5.16 figure 2.2 in UPnP-gw-WANIPConnection-v2-Service.pdf
|
||||
* iptables -t nat -I POSTROUTING -o extif -s iaddr -p UDP --sport iport -j MASQUERADE --to-ports eport
|
||||
* iptables -t nat -A MINIUPNPD-PCP-PEER -o extif -s iaddr -p UDP --sport iport -j MASQUERADE --to-ports eport
|
||||
* iptables -t nat -A MINIUPNPD-POSTROUTING -o extif -s iaddr -p UDP --sport iport -j MASQUERADE --to-ports eport
|
||||
*/
|
||||
static int
|
||||
addmasqueraderule(int proto,
|
||||
|
|
@ -1235,14 +1235,14 @@ addmasqueraderule(int proto,
|
|||
e->ip.dmsk.s_addr = INADDR_NONE;
|
||||
}
|
||||
|
||||
r = iptc_init_verify_and_append("nat", miniupnpd_peer_chain, e, "addmasqueraderule");
|
||||
r = iptc_init_verify_and_append("nat", miniupnpd_nat_postrouting_chain, e, "addmasqueraderule");
|
||||
free(target);
|
||||
free(match);
|
||||
free(e);
|
||||
return r;
|
||||
}
|
||||
|
||||
/* iptables -t nat -A MINIUPNPD-PCP-PEER -s iaddr -d rhost
|
||||
/* iptables -t nat -A MINIUPNPD-POSTROUTING -s iaddr -d rhost
|
||||
* -p proto --sport iport --dport rport -j SNAT
|
||||
* --to-source ext_ip:eport */
|
||||
static int
|
||||
|
|
@ -1306,7 +1306,7 @@ addpeernatrule(int proto,
|
|||
e->ip.dmsk.s_addr = INADDR_NONE;
|
||||
}
|
||||
|
||||
r = iptc_init_verify_and_append("nat", miniupnpd_peer_chain, e, "addpeernatrule");
|
||||
r = iptc_init_verify_and_append("nat", miniupnpd_nat_postrouting_chain, e, "addpeernatrule");
|
||||
free(target);
|
||||
free(match);
|
||||
free(e);
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
#ifdef USE_NETFILTER
|
||||
const char * miniupnpd_nat_chain = "MINIUPNPD";
|
||||
const char * miniupnpd_peer_chain = "MINIUPNPD-PCP-PEER";
|
||||
const char * miniupnpd_nat_postrouting_chain = "MINIUPNPD-POSTROUTING";
|
||||
const char * miniupnpd_forward_chain = "MINIUPNPD";
|
||||
#endif /* USE_NETFILTER */
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
/* $Id: upnpglobalvars.c,v 1.39 2014/12/10 09:49:22 nanard Exp $ */
|
||||
/* MiniUPnP project
|
||||
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
||||
* (c) 2006-2014 Thomas Bernard
|
||||
* (c) 2006-2016 Thomas Bernard
|
||||
* This software is subject to the conditions detailed
|
||||
* in the LICENCE file provided within the distribution */
|
||||
|
||||
|
|
@ -93,7 +93,7 @@ const char * tag = 0;
|
|||
/* chain name to use, both in the nat table
|
||||
* and the filter table */
|
||||
const char * miniupnpd_nat_chain = "MINIUPNPD";
|
||||
const char * miniupnpd_peer_chain = "MINIUPNPD-PCP-PEER";
|
||||
const char * miniupnpd_nat_postrouting_chain = "MINIUPNPD-POSTROUTING";
|
||||
const char * miniupnpd_forward_chain = "MINIUPNPD";
|
||||
#ifdef ENABLE_UPNPPINHOLE
|
||||
const char * miniupnpd_v6_filter_chain = "MINIUPNPD";
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
/* $Id: upnpglobalvars.h,v 1.38 2014/03/10 11:04:53 nanard Exp $ */
|
||||
/* MiniUPnP project
|
||||
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
|
||||
* (c) 2006-2014 Thomas Bernard
|
||||
* (c) 2006-2016 Thomas Bernard
|
||||
* This software is subject to the conditions detailed
|
||||
* in the LICENCE file provided within the distribution */
|
||||
|
||||
|
|
@ -121,7 +121,7 @@ extern const char * tag;
|
|||
|
||||
#ifdef USE_NETFILTER
|
||||
extern const char * miniupnpd_nat_chain;
|
||||
extern const char * miniupnpd_peer_chain;
|
||||
extern const char * miniupnpd_nat_postrouting_chain;
|
||||
extern const char * miniupnpd_forward_chain;
|
||||
#ifdef ENABLE_UPNPPINHOLE
|
||||
extern const char * miniupnpd_v6_filter_chain;
|
||||
|
|
|
|||
Loading…
Reference in New Issue