Annotation of embedaddon/miniupnpd/INSTALL, revision 1.1.1.2
1.1 misho 1: MiniUPnP project.
1.1.1.2 ! misho 2: (c) 2006-2011 Thomas Bernard
1.1 misho 3: Homepage : http://miniupnp.free.fr/
4: Mirror: http://miniupnp.tuxfamily.org/
5:
6: miniupnpd is still under active developpement. This documentation is
7: likely to be a little outdated when you read it. So please go on the
8: web forum http://miniupnp.tuxfamily.org/ if you need more information.
9:
10: ================================ *BSD/pf =================================
11: To Build and Install :
12:
13: - use BSD make to compile.
14: - you can first 'make config.h' then edit config.h to your preferences and
15: finally 'make'
16: - add "rdr-anchor miniupnpd" and "anchor miniupnpd" lines to /etc/pf.conf
17: - some FreeBSD users reported that it is also necessary for them
18: to explicitly allow udp traffic on 239.0.0.0/8 by adding the two following
19: lines to /etc/pf.conf :
20: pass out on $int_if from any to 239.0.0.0/8 keep state
21: pass in on $int_if from any to 239.0.0.0/8 keep state
22: - dont forget to " pfctl -f /etc/pf.conf "
23: - you can check your modifications are taken into accout with
24: "pfctl -s nat" and "pfctl -s rule". Look for the "rdr-anchor miniupnpd"
25: and "anchor miniupnpd" lines.
26: - install as root using :
27: # make install
28: or
29: # PREFIX=/usr/local make install
30: - run as root : The daemon needs rights to modify pf rules.
31:
32: edit the /etc/miniupnpd.conf file to set options. All options are also
33: available through command line switches.
34: To stop the daemon use :
35: > kill `cat /var/run/miniupnpd.pid`
36:
37: =========================== *BSD,*Solaris/ipf =============================
38:
39: genconfig.sh and the Makefile try to detect wether ipf or pf should be
40: used. If it fails, edit config.h and Makefile by hand.
41: In Makefile, the FWNAME variable value should be pf or ipf.
42: Installation steps are allmost the same as with pf.
43:
44: *Solaris users would be interested in reading informations from :
45: http://blogs.sun.com/avalon/category/IPFilter
46:
1.1.1.2 ! misho 47: ============================= Mac OS X/ipfw ===============================
! 48:
! 49: - use 'bsdmake' or 'make -f Makefile.macosx' to build
! 50:
! 51:
1.1 misho 52: ============================ Linux/netfilter ==============================
53: To Build and install :
54:
55: - make sure you have libiptc available on your system :
56: if you are using debian, "apt-get install iptables-dev"
1.1.1.2 ! misho 57: Some versions of the iptables-dev package don't include the
! 58: necessary files : read "how to get libiptc with its headers on debian" below.
1.1 misho 59: In anycase, libiptc is available in iptables sources packages
60: from http://netfilter.org
61: - edit and run netfilter/iptables_init.sh shell script.
62: This script must allways be run before the daemon
63: to set up intial rules and chains.
64: - Build and edit the config.h file
65: > make -f Makefile.linux config.h
66: > vi config.h
67: - Build the daemon
68: > make -f Makefile.linux
69: If not using iptables from your system,
70: > IPTABLESPATH=/path/to/iptables-1.4.1 make -f Makefile.linux
71: note : make sure you have iptables with static libraries compiled.
72: use "./configure --enable-static" before compiling iptables
73: - install as root using :
74: > make -f Makefile.linux install
75: - A miniupnpd script should be installed to /etc/init.d
76: and the configuration files to /etc/miniupnpd
77: - anytime, you can use the netfilter/iptables_flush.sh
78: script to flush all rules added by the daemon.
79: - after killing the daemon, you can get back to
80: iptables initial state by runing the netfilter/iptables_removeall.sh
81: script. Don't forget to edit the script to your convinience.
82:
83: NOTE: a /etc/init.d/miniupnpd script will be installed.
84: If it suits you, you can use is with start, stop or restart argument.
85: # /etc/init.d/miniupnpd restart
86:
1.1.1.2 ! misho 87:
! 88: How to get libiptc with its headers on debian :
! 89: - Use apt-get to get sources :
! 90: > apt-get source iptables
! 91: you should then have an iptables-x.x.x/ directory.
! 92: - configure and compile :
! 93: > cd iptables-x.x.x/
! 94: > ./configure --enable-static
! 95: > make
! 96: - it is now possible to compile miniupnpd using the following command :
! 97: > IPTABLESPATH=§path/to/iptables-x.x.x make -f Makefile.linux
! 98:
1.1 misho 99: =========================== Configuration =============================
100: Edit the /etc/miniupnpd.conf file to set options. All options are also
101: available through command line switches.
102:
103: Miniupnpd supports some kind of security check for allowing or disallowing
104: redirection to be made. The UPnP permission rules are read from the
105: miniupnpd.conf configuration file.
106: When a new redirection is asked, permission rules are evaluated in top-down
107: order and the first permission rule matched gives the answer : redirection
108: allowed or denied. If no rule is matching, the redirection is allowed, so
109: it is a good practice to have a "catch all" deny permission rule at the end
110: of your mermission ruleset.
111: Sample permission ruleset :
112: allow 4662-4672 192.168.1.34/32 4662-4672
113: deny 0-65535 192.168.1.34/32 0-65535
114: allow 1024-65535 192.168.1.0/24 1024-65535
115: deny 0-65535 0.0.0.0/0 0-65535
116: With this ruleset, redirections are allowed only for host on the subnet
117: 192.168.1.0/255.255.255.0 for the ports 1024 or above. There is an exception
118: for the host 192.168.1.34 for which only redirections from/to port 4662 to
119: 4672 are allowed.
120:
121: You can generate the uuid for your UPnP device with the uuidgen available
122: under linux. The following following OpenBSD package is also providing
123: a "uuid" tool :
124: http://www.openbsd.org/4.0_packages/i386/uuid-1.5.0.tgz-long.html
125: An web based uuid generator is also available :
126: http://kruithof.xs4all.nl/uuid/uuidgen
127:
128: On linux systems, one could also use the command
129: 'cat /proc/sys/kernel/random/uuid' to generate an uuid.
130:
1.1.1.2 ! misho 131: More simple, use the genuuid makefile target :
! 132: > make genuuid
! 133: or
! 134: > make -f Makefile.linux genuuid
! 135: This target is needed by the "install" target, so it should be done
! 136: automatically.
! 137:
1.1 misho 138: To stop the daemon use :
139: # kill `cat /var/run/miniupnpd.pid`
140: or if your linux system use /etc/init.d/
141: # /etc/init.d/miniupnpd stop
142:
143:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to INSTALL CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / miniupnpd