Annotation of embedaddon/miniupnpd/INSTALL, revision 1.1
1.1 ! misho 1: MiniUPnP project.
! 2: (c) 2006-2009 Thomas Bernard
! 3: Homepage : http://miniupnp.free.fr/
! 4: Mirror: http://miniupnp.tuxfamily.org/
! 5:
! 6: miniupnpd is still under active developpement. This documentation is
! 7: likely to be a little outdated when you read it. So please go on the
! 8: web forum http://miniupnp.tuxfamily.org/ if you need more information.
! 9:
! 10: ================================ *BSD/pf =================================
! 11: To Build and Install :
! 12:
! 13: - use BSD make to compile.
! 14: - you can first 'make config.h' then edit config.h to your preferences and
! 15: finally 'make'
! 16: - add "rdr-anchor miniupnpd" and "anchor miniupnpd" lines to /etc/pf.conf
! 17: - some FreeBSD users reported that it is also necessary for them
! 18: to explicitly allow udp traffic on 239.0.0.0/8 by adding the two following
! 19: lines to /etc/pf.conf :
! 20: pass out on $int_if from any to 239.0.0.0/8 keep state
! 21: pass in on $int_if from any to 239.0.0.0/8 keep state
! 22: - dont forget to " pfctl -f /etc/pf.conf "
! 23: - you can check your modifications are taken into accout with
! 24: "pfctl -s nat" and "pfctl -s rule". Look for the "rdr-anchor miniupnpd"
! 25: and "anchor miniupnpd" lines.
! 26: - install as root using :
! 27: # make install
! 28: or
! 29: # PREFIX=/usr/local make install
! 30: - run as root : The daemon needs rights to modify pf rules.
! 31:
! 32: edit the /etc/miniupnpd.conf file to set options. All options are also
! 33: available through command line switches.
! 34: To stop the daemon use :
! 35: > kill `cat /var/run/miniupnpd.pid`
! 36:
! 37: =========================== *BSD,*Solaris/ipf =============================
! 38:
! 39: genconfig.sh and the Makefile try to detect wether ipf or pf should be
! 40: used. If it fails, edit config.h and Makefile by hand.
! 41: In Makefile, the FWNAME variable value should be pf or ipf.
! 42: Installation steps are allmost the same as with pf.
! 43:
! 44: *Solaris users would be interested in reading informations from :
! 45: http://blogs.sun.com/avalon/category/IPFilter
! 46:
! 47: ============================ Linux/netfilter ==============================
! 48: To Build and install :
! 49:
! 50: - make sure you have libiptc available on your system :
! 51: if you are using debian, "apt-get install iptables-dev"
! 52: In anycase, libiptc is available in iptables sources packages
! 53: from http://netfilter.org
! 54: - edit and run netfilter/iptables_init.sh shell script.
! 55: This script must allways be run before the daemon
! 56: to set up intial rules and chains.
! 57: - Build and edit the config.h file
! 58: > make -f Makefile.linux config.h
! 59: > vi config.h
! 60: - Build the daemon
! 61: > make -f Makefile.linux
! 62: If not using iptables from your system,
! 63: > IPTABLESPATH=/path/to/iptables-1.4.1 make -f Makefile.linux
! 64: note : make sure you have iptables with static libraries compiled.
! 65: use "./configure --enable-static" before compiling iptables
! 66: - install as root using :
! 67: > make -f Makefile.linux install
! 68: - A miniupnpd script should be installed to /etc/init.d
! 69: and the configuration files to /etc/miniupnpd
! 70: - anytime, you can use the netfilter/iptables_flush.sh
! 71: script to flush all rules added by the daemon.
! 72: - after killing the daemon, you can get back to
! 73: iptables initial state by runing the netfilter/iptables_removeall.sh
! 74: script. Don't forget to edit the script to your convinience.
! 75:
! 76: NOTE: a /etc/init.d/miniupnpd script will be installed.
! 77: If it suits you, you can use is with start, stop or restart argument.
! 78: # /etc/init.d/miniupnpd restart
! 79:
! 80: =========================== Configuration =============================
! 81: Edit the /etc/miniupnpd.conf file to set options. All options are also
! 82: available through command line switches.
! 83:
! 84: Miniupnpd supports some kind of security check for allowing or disallowing
! 85: redirection to be made. The UPnP permission rules are read from the
! 86: miniupnpd.conf configuration file.
! 87: When a new redirection is asked, permission rules are evaluated in top-down
! 88: order and the first permission rule matched gives the answer : redirection
! 89: allowed or denied. If no rule is matching, the redirection is allowed, so
! 90: it is a good practice to have a "catch all" deny permission rule at the end
! 91: of your mermission ruleset.
! 92: Sample permission ruleset :
! 93: allow 4662-4672 192.168.1.34/32 4662-4672
! 94: deny 0-65535 192.168.1.34/32 0-65535
! 95: allow 1024-65535 192.168.1.0/24 1024-65535
! 96: deny 0-65535 0.0.0.0/0 0-65535
! 97: With this ruleset, redirections are allowed only for host on the subnet
! 98: 192.168.1.0/255.255.255.0 for the ports 1024 or above. There is an exception
! 99: for the host 192.168.1.34 for which only redirections from/to port 4662 to
! 100: 4672 are allowed.
! 101:
! 102: You can generate the uuid for your UPnP device with the uuidgen available
! 103: under linux. The following following OpenBSD package is also providing
! 104: a "uuid" tool :
! 105: http://www.openbsd.org/4.0_packages/i386/uuid-1.5.0.tgz-long.html
! 106: An web based uuid generator is also available :
! 107: http://kruithof.xs4all.nl/uuid/uuidgen
! 108:
! 109: On linux systems, one could also use the command
! 110: 'cat /proc/sys/kernel/random/uuid' to generate an uuid.
! 111:
! 112: To stop the daemon use :
! 113: # kill `cat /var/run/miniupnpd.pid`
! 114: or if your linux system use /etc/init.d/
! 115: # /etc/init.d/miniupnpd stop
! 116:
! 117:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to INSTALL CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / miniupnpd