[BACK]Return to INSTALL CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / miniupnpd
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / miniupnpd / INSTALL
Revision 1.1.1.2 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue May 29 12:55:57 2012 UTC (12 years, 1 month ago) by misho
Branches: miniupnpd, elwix, MAIN
CVS tags: v1_6elwix, HEAD
miniupnpd 1.6+patches

    1: MiniUPnP project.
    2: (c) 2006-2011 Thomas Bernard
    3: Homepage : http://miniupnp.free.fr/
    4: Mirror: http://miniupnp.tuxfamily.org/
    5: 
    6: miniupnpd is still under active developpement. This documentation is
    7: likely to be a little outdated when you read it. So please go on the
    8: web forum http://miniupnp.tuxfamily.org/ if you need more information.
    9: 
   10: ================================ *BSD/pf =================================
   11: To Build and Install :
   12: 
   13: - use BSD make to compile.
   14: - you can first 'make config.h' then edit config.h to your preferences and
   15:   finally 'make'
   16: - add "rdr-anchor miniupnpd" and "anchor miniupnpd" lines to /etc/pf.conf
   17: - some FreeBSD users reported that it is also necessary for them
   18:   to explicitly allow udp traffic on 239.0.0.0/8 by adding the two following
   19:   lines to /etc/pf.conf :
   20:    pass out on $int_if from any to 239.0.0.0/8 keep state
   21:    pass in on $int_if from any to 239.0.0.0/8 keep state
   22: - dont forget to " pfctl -f /etc/pf.conf "
   23: - you can check your modifications are taken into accout with
   24:   "pfctl -s nat" and "pfctl -s rule". Look for the "rdr-anchor miniupnpd"
   25:   and "anchor miniupnpd" lines.
   26: - install as root using :
   27:   # make install
   28:   or  
   29:   # PREFIX=/usr/local make install
   30: - run as root : The daemon needs rights to modify pf rules.
   31: 
   32: edit the /etc/miniupnpd.conf file to set options. All options are also
   33: available through command line switches.
   34: To stop the daemon use :
   35:   > kill `cat /var/run/miniupnpd.pid`
   36: 
   37: =========================== *BSD,*Solaris/ipf =============================
   38: 
   39: genconfig.sh and the Makefile try to detect wether ipf or pf should be
   40: used. If it fails, edit config.h and Makefile by hand.
   41: In Makefile, the FWNAME variable value should be pf or ipf.
   42: Installation steps are allmost the same as with pf.
   43: 
   44: *Solaris users would be interested in reading informations from :
   45: http://blogs.sun.com/avalon/category/IPFilter
   46: 
   47: ============================= Mac OS X/ipfw ===============================
   48: 
   49: - use 'bsdmake' or 'make -f Makefile.macosx' to build
   50: 
   51: 
   52: ============================ Linux/netfilter ==============================
   53: To Build and install :
   54: 
   55: - make sure you have libiptc available on your system :
   56:   if you are using debian, "apt-get install iptables-dev"
   57:   Some versions of the iptables-dev package don't include the
   58:   necessary files : read "how to get libiptc with its headers on debian" below.
   59:   In anycase, libiptc is available in iptables sources packages
   60:   from http://netfilter.org
   61: - edit and run netfilter/iptables_init.sh shell script.
   62:   This script must allways be run before the daemon
   63:   to set up intial rules and chains.
   64: - Build and edit the config.h file
   65:   > make -f Makefile.linux config.h
   66:   > vi config.h
   67: - Build the daemon
   68:   > make -f Makefile.linux
   69:   If not using iptables from your system, 
   70:   > IPTABLESPATH=/path/to/iptables-1.4.1 make -f Makefile.linux
   71:   note : make sure you have iptables with static libraries compiled.
   72:   use "./configure --enable-static" before compiling iptables
   73: - install as root using :
   74:   > make -f Makefile.linux install
   75: - A miniupnpd script should be installed to /etc/init.d
   76:   and the configuration files to /etc/miniupnpd
   77: - anytime, you can use the netfilter/iptables_flush.sh
   78:   script to flush all rules added by the daemon.
   79: - after killing the daemon, you can get back to
   80:   iptables initial state by runing the netfilter/iptables_removeall.sh
   81:   script. Don't forget to edit the script to your convinience.
   82: 
   83: NOTE: a /etc/init.d/miniupnpd script will be installed.
   84:   If it suits you, you can use is with start, stop or restart argument.
   85:   # /etc/init.d/miniupnpd restart
   86: 
   87: 
   88: How to get libiptc with its headers on debian :
   89: - Use apt-get to get sources :
   90:   > apt-get source iptables
   91:   you should then have an iptables-x.x.x/ directory.
   92: - configure and compile :
   93:   > cd iptables-x.x.x/
   94:   > ./configure --enable-static
   95:   > make
   96: - it is now possible to compile miniupnpd using the following command :
   97:   > IPTABLESPATH=§path/to/iptables-x.x.x make -f Makefile.linux
   98: 
   99: =========================== Configuration =============================
  100: Edit the /etc/miniupnpd.conf file to set options. All options are also
  101: available through command line switches.
  102: 
  103: Miniupnpd supports some kind of security check for allowing or disallowing
  104: redirection to be made. The UPnP permission rules are read from the
  105: miniupnpd.conf configuration file.
  106: When a new redirection is asked, permission rules are evaluated in top-down
  107: order and the first permission rule matched gives the answer : redirection
  108: allowed or denied. If no rule is matching, the redirection is allowed, so
  109: it is a good practice to have a "catch all" deny permission rule at the end
  110: of your mermission ruleset.
  111: Sample permission ruleset :
  112: allow 4662-4672 192.168.1.34/32 4662-4672
  113: deny 0-65535 192.168.1.34/32 0-65535
  114: allow 1024-65535 192.168.1.0/24 1024-65535
  115: deny 0-65535 0.0.0.0/0 0-65535
  116: With this ruleset, redirections are allowed only for host on the subnet
  117: 192.168.1.0/255.255.255.0 for the ports 1024 or above. There is an exception
  118: for the host 192.168.1.34 for which only redirections from/to port 4662 to
  119: 4672 are allowed.
  120: 
  121: You can generate the uuid for your UPnP device with the uuidgen available
  122: under linux. The following following OpenBSD package is also providing
  123: a "uuid" tool :
  124: http://www.openbsd.org/4.0_packages/i386/uuid-1.5.0.tgz-long.html
  125: An web based uuid generator is also available :
  126: http://kruithof.xs4all.nl/uuid/uuidgen
  127: 
  128: On linux systems, one could also use the command
  129: 'cat /proc/sys/kernel/random/uuid' to generate an uuid.
  130: 
  131: More simple, use the genuuid makefile target :
  132: > make genuuid
  133: or
  134: > make -f Makefile.linux genuuid
  135: This target is needed by the "install" target, so it should be done
  136: automatically.
  137: 
  138: To stop the daemon use :
  139:   # kill `cat /var/run/miniupnpd.pid`
  140: or if your linux system use /etc/init.d/ 
  141:   # /etc/init.d/miniupnpd stop
  142: 
  143:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>