From e49d44f700355552c45a95c1e067e4a815479557 Mon Sep 17 00:00:00 2001
From: Chen Minqiang <ptpt52@gmail.com>
Date: Tue, 21 Apr 2020 07:41:58 +0800
Subject: [PATCH] miniupnpd: set SNAT to support bidirectional mapping

we cannot expect that iport == eport on all the case in firewall.

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
---
 miniupnpd/netfilter/iptcrdr.c | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/miniupnpd/netfilter/iptcrdr.c b/miniupnpd/netfilter/iptcrdr.c
index efb7dd5..0d97981 100644
--- a/miniupnpd/netfilter/iptcrdr.c
+++ b/miniupnpd/netfilter/iptcrdr.c
@@ -224,17 +224,13 @@ add_redirect_rule2(const char * ifname,
 	if(r >= 0) {
 		add_redirect_desc(eport, proto, desc, timestamp);
 #ifdef ENABLE_PORT_TRIGGERING
-		/* http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html#ss6.3
-		 * The default behavior is to alter the connection as little
-		 * as possible, within the constraints of the rule given by
-		 * the user.
-		 * This means we won't remap ports unless we have to. */
-		if(iport != eport) {
-			/* TODO : check if this should be done only with UDP */
-			r = addmasqueraderule(proto, eport, iaddr, iport, rhost/*, ifname*/);
-			if(r < 0) {
-				syslog(LOG_NOTICE, "add_redirect_rule2(): addmasqueraderule returned %d", r);
-			}
+		/* we now always setup SNAT to support bidirectional mapping
+		 * we cannot expect that iport == eport on all the firewall.
+		 */
+		/* TODO : check if this should be done only with UDP */
+		r = addmasqueraderule(proto, eport, iaddr, iport, rhost/*, ifname*/);
+		if(r < 0) {
+			syslog(LOG_NOTICE, "add_redirect_rule2(): addmasqueraderule returned %d", r);
 		}
 #endif /* ENABLE_PORT_TRIGGERING */
 	}