diff --git a/miniupnpd/netfilter/iptables_display.sh b/miniupnpd/netfilter/iptables_display.sh index 2cc8a29..8901334 100755 --- a/miniupnpd/netfilter/iptables_display.sh +++ b/miniupnpd/netfilter/iptables_display.sh @@ -6,7 +6,7 @@ IPTABLES=/sbin/iptables $IPTABLES -v -n -t nat -L PREROUTING $IPTABLES -v -n -t nat -L MINIUPNPD $IPTABLES -v -n -t nat -L POSTROUTING -$IPTABLES -v -n -t nat -L MINIUPNPD-PCP-PEER +$IPTABLES -v -n -t nat -L MINIUPNPD-POSTROUTING $IPTABLES -v -n -t mangle -L PREROUTING $IPTABLES -v -n -t mangle -L MINIUPNPD $IPTABLES -v -n -t filter -L FORWARD diff --git a/miniupnpd/netfilter/iptables_flush.sh b/miniupnpd/netfilter/iptables_flush.sh index 6628447..0258a74 100755 --- a/miniupnpd/netfilter/iptables_flush.sh +++ b/miniupnpd/netfilter/iptables_flush.sh @@ -4,7 +4,7 @@ IPTABLES=/sbin/iptables #flush all rules owned by miniupnpd $IPTABLES -t nat -F MINIUPNPD -$IPTABLES -t nat -F MINIUPNPD-PCP-PEER +$IPTABLES -t nat -F MINIUPNPD-POSTROUTING $IPTABLES -t filter -F MINIUPNPD $IPTABLES -t mangle -F MINIUPNPD diff --git a/miniupnpd/netfilter/iptables_init.sh b/miniupnpd/netfilter/iptables_init.sh index bf64340..2088f13 100755 --- a/miniupnpd/netfilter/iptables_init.sh +++ b/miniupnpd/netfilter/iptables_init.sh @@ -26,5 +26,5 @@ $IPTABLES -t filter -N MINIUPNPD $IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j MINIUPNPD #adding the MINIUPNPD chain for nat -$IPTABLES -t nat -N MINIUPNPD-PCP-PEER -$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MINIUPNPD-PCP-PEER +$IPTABLES -t nat -N MINIUPNPD-POSTROUTING +$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MINIUPNPD-POSTROUTING diff --git a/miniupnpd/netfilter/iptables_removeall.sh b/miniupnpd/netfilter/iptables_removeall.sh index 5e10d0b..3cc8620 100755 --- a/miniupnpd/netfilter/iptables_removeall.sh +++ b/miniupnpd/netfilter/iptables_removeall.sh @@ -26,8 +26,8 @@ $IPTABLES -t filter -F MINIUPNPD $IPTABLES -t filter -D FORWARD -i $EXTIF ! -o $EXTIF -j MINIUPNPD $IPTABLES -t filter -X MINIUPNPD -#removing the MINIUPNPD-PCP-PEER chain for nat -$IPTABLES -t nat -F MINIUPNPD-PCP-PEER -#removing the rule to MINIUPNPD-PCP-PEER -$IPTABLES -t nat -D POSTROUTING -o $EXTIF -j MINIUPNPD-PCP-PEER -$IPTABLES -t nat -X MINIUPNPD-PCP-PEER +#removing the MINIUPNPD-POSTROUTING chain for nat +$IPTABLES -t nat -F MINIUPNPD-POSTROUTING +#removing the rule to MINIUPNPD-POSTROUTING +$IPTABLES -t nat -D POSTROUTING -o $EXTIF -j MINIUPNPD-POSTROUTING +$IPTABLES -t nat -X MINIUPNPD-POSTROUTING diff --git a/miniupnpd/netfilter/iptcrdr.c b/miniupnpd/netfilter/iptcrdr.c index 8b4831f..52e6bb1 100644 --- a/miniupnpd/netfilter/iptcrdr.c +++ b/miniupnpd/netfilter/iptcrdr.c @@ -1,7 +1,7 @@ /* $Id: iptcrdr.c,v 1.53 2015/02/08 09:10:00 nanard Exp $ */ /* MiniUPnP project * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ - * (c) 2006-2015 Thomas Bernard + * (c) 2006-2016 Thomas Bernard * This software is subject to the conditions detailed * in the LICENCE file provided within the distribution */ #include @@ -528,18 +528,18 @@ get_peer_rule_by_index(int index, iptc_strerror(errno)); return -1; } - if(!iptc_is_chain(miniupnpd_peer_chain, h)) + if(!iptc_is_chain(miniupnpd_nat_postrouting_chain, h)) { - syslog(LOG_ERR, "chain %s not found", miniupnpd_peer_chain); + syslog(LOG_ERR, "chain %s not found", miniupnpd_nat_postrouting_chain); } else { #ifdef IPTABLES_143 - for(e = iptc_first_rule(miniupnpd_peer_chain, h); + for(e = iptc_first_rule(miniupnpd_nat_postrouting_chain, h); e; e = iptc_next_rule(e, h)) #else - for(e = iptc_first_rule(miniupnpd_peer_chain, &h); + for(e = iptc_first_rule(miniupnpd_nat_postrouting_chain, &h); e; e = iptc_next_rule(e, &h)) #endif @@ -785,11 +785,11 @@ delete_redirect_and_filter_rules(unsigned short eport, int proto) i = 0; /* we must find the right index for the filter rule */ #ifdef IPTABLES_143 - for(e = iptc_first_rule(miniupnpd_peer_chain, h); + for(e = iptc_first_rule(miniupnpd_nat_postrouting_chain, h); e; e = iptc_next_rule(e, h), i++) #else - for(e = iptc_first_rule(miniupnpd_peer_chain, &h); + for(e = iptc_first_rule(miniupnpd_nat_postrouting_chain, &h); e; e = iptc_next_rule(e, &h), i++) #endif @@ -818,7 +818,7 @@ delete_redirect_and_filter_rules(unsigned short eport, int proto) index = i; syslog(LOG_INFO, "Trying to delete peer rule at index %u", index); - r2 = delete_rule_and_commit(index, h, miniupnpd_peer_chain, "delete_peer_rule"); + r2 = delete_rule_and_commit(index, h, miniupnpd_nat_postrouting_chain, "delete_peer_rule"); h = NULL; break; } @@ -1171,7 +1171,7 @@ addnatrule(int proto, unsigned short eport, /* for "Port Triggering" * Section 2.5.16 figure 2.2 in UPnP-gw-WANIPConnection-v2-Service.pdf * iptables -t nat -I POSTROUTING -o extif -s iaddr -p UDP --sport iport -j MASQUERADE --to-ports eport - * iptables -t nat -A MINIUPNPD-PCP-PEER -o extif -s iaddr -p UDP --sport iport -j MASQUERADE --to-ports eport + * iptables -t nat -A MINIUPNPD-POSTROUTING -o extif -s iaddr -p UDP --sport iport -j MASQUERADE --to-ports eport */ static int addmasqueraderule(int proto, @@ -1235,14 +1235,14 @@ addmasqueraderule(int proto, e->ip.dmsk.s_addr = INADDR_NONE; } - r = iptc_init_verify_and_append("nat", miniupnpd_peer_chain, e, "addmasqueraderule"); + r = iptc_init_verify_and_append("nat", miniupnpd_nat_postrouting_chain, e, "addmasqueraderule"); free(target); free(match); free(e); return r; } -/* iptables -t nat -A MINIUPNPD-PCP-PEER -s iaddr -d rhost +/* iptables -t nat -A MINIUPNPD-POSTROUTING -s iaddr -d rhost * -p proto --sport iport --dport rport -j SNAT * --to-source ext_ip:eport */ static int @@ -1306,7 +1306,7 @@ addpeernatrule(int proto, e->ip.dmsk.s_addr = INADDR_NONE; } - r = iptc_init_verify_and_append("nat", miniupnpd_peer_chain, e, "addpeernatrule"); + r = iptc_init_verify_and_append("nat", miniupnpd_nat_postrouting_chain, e, "addpeernatrule"); free(target); free(match); free(e); diff --git a/miniupnpd/testportinuse.c b/miniupnpd/testportinuse.c index 4e2625e..48504bc 100644 --- a/miniupnpd/testportinuse.c +++ b/miniupnpd/testportinuse.c @@ -16,7 +16,7 @@ #ifdef USE_NETFILTER const char * miniupnpd_nat_chain = "MINIUPNPD"; -const char * miniupnpd_peer_chain = "MINIUPNPD-PCP-PEER"; +const char * miniupnpd_nat_postrouting_chain = "MINIUPNPD-POSTROUTING"; const char * miniupnpd_forward_chain = "MINIUPNPD"; #endif /* USE_NETFILTER */ diff --git a/miniupnpd/upnpglobalvars.c b/miniupnpd/upnpglobalvars.c index e515fe1..e477c2f 100644 --- a/miniupnpd/upnpglobalvars.c +++ b/miniupnpd/upnpglobalvars.c @@ -1,7 +1,7 @@ /* $Id: upnpglobalvars.c,v 1.39 2014/12/10 09:49:22 nanard Exp $ */ /* MiniUPnP project * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ - * (c) 2006-2014 Thomas Bernard + * (c) 2006-2016 Thomas Bernard * This software is subject to the conditions detailed * in the LICENCE file provided within the distribution */ @@ -93,7 +93,7 @@ const char * tag = 0; /* chain name to use, both in the nat table * and the filter table */ const char * miniupnpd_nat_chain = "MINIUPNPD"; -const char * miniupnpd_peer_chain = "MINIUPNPD-PCP-PEER"; +const char * miniupnpd_nat_postrouting_chain = "MINIUPNPD-POSTROUTING"; const char * miniupnpd_forward_chain = "MINIUPNPD"; #ifdef ENABLE_UPNPPINHOLE const char * miniupnpd_v6_filter_chain = "MINIUPNPD"; diff --git a/miniupnpd/upnpglobalvars.h b/miniupnpd/upnpglobalvars.h index b0f954f..205d413 100644 --- a/miniupnpd/upnpglobalvars.h +++ b/miniupnpd/upnpglobalvars.h @@ -1,7 +1,7 @@ /* $Id: upnpglobalvars.h,v 1.38 2014/03/10 11:04:53 nanard Exp $ */ /* MiniUPnP project * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ - * (c) 2006-2014 Thomas Bernard + * (c) 2006-2016 Thomas Bernard * This software is subject to the conditions detailed * in the LICENCE file provided within the distribution */ @@ -121,7 +121,7 @@ extern const char * tag; #ifdef USE_NETFILTER extern const char * miniupnpd_nat_chain; -extern const char * miniupnpd_peer_chain; +extern const char * miniupnpd_nat_postrouting_chain; extern const char * miniupnpd_forward_chain; #ifdef ENABLE_UPNPPINHOLE extern const char * miniupnpd_v6_filter_chain;