File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / miniupnpd / INSTALL
Revision 1.1.1.3 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Mon Jul 22 00:32:35 2013 UTC (11 years, 5 months ago) by misho
Branches: miniupnpd, elwix, MAIN
CVS tags: v1_8p0, v1_8, HEAD
1.8

    1: MiniUPnP project.
    2: (c) 2006-2012 Thomas Bernard
    3: Homepage : http://miniupnp.free.fr/
    4: Mirror: http://miniupnp.tuxfamily.org/
    5: github: https://github.com/miniupnp/miniupnp
    6: 
    7: miniupnpd is still under active developpement. This documentation is
    8: likely to be a little outdated when you read it. So please go on the
    9: web forum http://miniupnp.tuxfamily.org/ if you need more information.
   10: 
   11: ================================ *BSD/pf =================================
   12: To Build and Install :
   13: 
   14: - use BSD make to compile.
   15: - you can first 'make config.h' then edit config.h to your preferences and
   16:   finally 'make'
   17:   Alternatively to editing config.h, options can be passed to genconfig.sh
   18:   For more details :
   19:   > ./genconfig.sh -h
   20: - add "rdr-anchor miniupnpd" and "anchor miniupnpd" lines to /etc/pf.conf
   21: - some FreeBSD users reported that it is also necessary for them
   22:   to explicitly allow udp traffic on 239.0.0.0/8 by adding the two following
   23:   lines to /etc/pf.conf :
   24:    pass out on $int_if from any to 239.0.0.0/8 keep state
   25:    pass in on $int_if from any to 239.0.0.0/8 keep state
   26: - dont forget to " pfctl -f /etc/pf.conf "
   27: - you can check your modifications are taken into accout with
   28:   "pfctl -s nat" and "pfctl -s rule". Look for the "rdr-anchor miniupnpd"
   29:   and "anchor miniupnpd" lines.
   30: - install as root using :
   31:   # make install
   32:   or
   33:   # PREFIX=/usr/local make install
   34: - run as root : The daemon needs rights to modify pf rules.
   35: 
   36: edit the /etc/miniupnpd.conf file to set options. Almost all options are also
   37: available through command line switches.
   38: To stop the daemon use :
   39:   > kill `cat /var/run/miniupnpd.pid`
   40: 
   41: =========================== *BSD,*Solaris/ipf =============================
   42: 
   43: genconfig.sh and the Makefile try to detect wether ipf or pf should be
   44: used. If it fails, edit config.h and Makefile by hand.
   45: In Makefile, the FWNAME variable value should be pf or ipf.
   46: Installation steps are allmost the same as with pf.
   47: 
   48: *Solaris users would be interested in reading informations from :
   49: http://blogs.sun.com/avalon/category/IPFilter
   50: 
   51: ============================= Mac OS X/ipfw ===============================
   52: 
   53: - To enable non standard compilation options,
   54:   > ./genconfig.sh -h
   55:   Or edit config.h after it has been generated by genconfig.sh
   56: - use 'bsdmake' or 'make -f Makefile.macosx' to build
   57: 
   58: ============================ Linux/netfilter ==============================
   59: To Build and install :
   60: 
   61: - make sure you have libiptc available on your system :
   62:   if you are using debian, "apt-get install iptables-dev"
   63:   Some versions of the iptables-dev package don't include the
   64:   necessary files : read "how to get libiptc with its headers on debian" below.
   65:   In anycase, libiptc is available in iptables sources packages
   66:   from http://netfilter.org
   67: - edit and run netfilter/iptables_init.sh shell script.
   68:   This script must allways be run before the daemon
   69:   to set up intial rules and chains.
   70: - Build and edit the config.h file
   71:   > make -f Makefile.linux config.h
   72:   > vi config.h
   73: - Build the daemon
   74:   > make -f Makefile.linux
   75:   If not using iptables from your system,
   76:   > IPTABLESPATH=/path/to/iptables-1.4.1 make -f Makefile.linux
   77:   note : make sure you have iptables with static libraries compiled.
   78:   use "./configure --enable-static" before compiling iptables
   79: - install as root using :
   80:   > make -f Makefile.linux install
   81: - A miniupnpd script should be installed to /etc/init.d
   82:   and the configuration files to /etc/miniupnpd
   83: - anytime, you can use the netfilter/iptables_flush.sh
   84:   script to flush all rules added by the daemon.
   85: - after killing the daemon, you can get back to
   86:   iptables initial state by runing the netfilter/iptables_removeall.sh
   87:   script. Don't forget to edit the script to your convinience.
   88: 
   89: NOTE: a /etc/init.d/miniupnpd script will be installed.
   90:   If it suits you, you can use is with start, stop or restart argument.
   91:   # /etc/init.d/miniupnpd restart
   92: 
   93: 
   94: How to get libiptc with its headers on debian :
   95: (Note: that should be useless now that netfilter/tiny_nf_nat.h is included)
   96: - Use apt-get to get sources :
   97:   > apt-get source iptables
   98:   you should then have an iptables-x.x.x/ directory.
   99: - configure and compile :
  100:   > cd iptables-x.x.x/
  101:   > ./configure --enable-static
  102:   > make
  103: - it is now possible to compile miniupnpd using the following command :
  104:   > IPTABLESPATH=§path/to/iptables-x.x.x make -f Makefile.linux
  105: 
  106: =========================== Configuration =============================
  107: Edit the /etc/miniupnpd.conf file to set options. Almost all options are
  108: also available through command line switches.
  109: 
  110: Miniupnpd supports some kind of security check for allowing or disallowing
  111: redirection to be made. The UPnP permission rules are read from the
  112: miniupnpd.conf configuration file.
  113: When a new redirection is asked, permission rules are evaluated in top-down
  114: order and the first permission rule matched gives the answer : redirection
  115: allowed or denied. If no rule is matching, the redirection is allowed, so
  116: it is a good practice to have a "catch all" deny permission rule at the end
  117: of your mermission ruleset.
  118: Sample permission ruleset :
  119: allow 4662-4672 192.168.1.34/32 4662-4672
  120: deny 0-65535 192.168.1.34/32 0-65535
  121: allow 1024-65535 192.168.1.0/24 1024-65535
  122: deny 0-65535 0.0.0.0/0 0-65535
  123: With this ruleset, redirections are allowed only for host on the subnet
  124: 192.168.1.0/255.255.255.0 for the ports 1024 or above. There is an exception
  125: for the host 192.168.1.34 for which only redirections from/to port 4662 to
  126: 4672 are allowed.
  127: 
  128: You can generate the uuid for your UPnP device with the uuidgen available
  129: under linux. The following following OpenBSD package is also providing
  130: a "uuid" tool :
  131: http://www.openbsd.org/4.0_packages/i386/uuid-1.5.0.tgz-long.html
  132: An web based uuid generator is also available :
  133: http://kruithof.xs4all.nl/uuid/uuidgen
  134: 
  135: On linux systems, one could also use the command
  136: 'cat /proc/sys/kernel/random/uuid' to generate an uuid.
  137: 
  138: More simple, use the genuuid makefile target :
  139: > make genuuid
  140: or
  141: > make -f Makefile.linux genuuid
  142: This target is needed by the "install" target, so it should be done
  143: automatically.
  144: 
  145: To stop the daemon use :
  146:   # kill `cat /var/run/miniupnpd.pid`
  147: or if your linux system use /etc/init.d/
  148:   # /etc/init.d/miniupnpd stop
  149: 
  150: 

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>