Saturday, July 4, 2009

Enable UPnP support in Mandriva with Shorewall

I found that in order to enable UPnP support in Shorewall, I need to have linux-igd installed. However, I couldn't find a ready-to-install linux-igd RPM for Mandriva. Therefore, I had to perform the following
  • Downloaded the linux-igd-1.0-7 RPM for Fedora 10 from here
  • Install libupnp3-1.6.6-1mdv2009.0 by running urpmi libupnp3
  • Install the linux-igd in Mandriva by running rpm -Uvh --nodeps linux-igd-1.0-7.fc10.i386.rpm.rpm
  • Update the file  /etc/sysconfig/upnpd  with the right interfaces
  • Make the following changes in /etc/init.d/upnpd to make it compatible with MSN/Windows live messenger. (I used the tag <pre name="code" class="cpp"></pre> to embed code here)
9a10,16
> #
> ### BEGIN INIT INFO
> # Provides: upnpd
> # Default-Start: 3 4 5
> # Short-Description: Internet Gateway Device
> # Description: Emulates Microsoft's Internet Connection Service (ICS)
> ### END INIT INFO
15c22
< allow_multicast="no"> ALLOW_MULTICAST=yes
36c43
<           [ "$ALLOW_MULTICAST" != "no" ] && route add -net 239.0.0.0 netmask 255.0.0.0 $INTIFACE --- >           [ "$ALLOW_MULTICAST" != "no" ] && route add -net 224.0.0.0 netmask 240.0.0.0 $INTIFACE
50c57
<       [ "$ALLOW_MULTICAST" != "no" ] && route del -net 239.0.0.0 netmask 255.0.0.0 $INTIFACE --- >       [ "$ALLOW_MULTICAST" != "no" ] && route del -net 224.0.0.0 netmask 240.0.0.0 $INTIFACE
63c70,71
<>       stop
>       start

and the following changes to /etc/upnpd.conf as described in ShoreWall and UPnP.
51c51
< forward_chain_name =" FORWARD"> forward_chain_name = forwardUPnP
57c57
< prerouting_chain_name =" PREROUTING"> prerouting_chain_name = UPnP
63c63
< upstream_bitrate =" 512000"> upstream_bitrate = 384000
69c69
< downstream_bitrate =" 512000"> downstream_bitrate = 1000000

I also made the following changes to the ShoreWall configuration files (my loc->fw policy is already ACCEPT)
grep -i pnp /etc/shorewall/*    
/etc/shorewall/interfaces:net     eth1            detect dhcp,tcpflags,nosmurfs,routefilter,upnp
/etc/shorewall/rules:forwardUPnP     net        loc

Finally I started the upnpd daemon by servcie upnpd start and chkconfig --add upnpd then service shorewall restart.

After a windows workstation initiated a video call in MSN messenger, the following ports were opened:
iptables -t nat -L UPnP
Chain UPnP (1 references)
target     prot opt source               destination         
DNAT       udp  --  anywhere             anywhere            udp dpt:36481 to:192.168.0.113:16727 
DNAT       tcp  --  anywhere             anywhere            tcp dpt:32995 to:192.168.0.113:9049

The version of relevant packages:
Kernel: 2.6.29.1-server-4mnb
Iptables: 1.4.3.1-3mnb2
Shorewall: 4.2.10-1mdv2010.0
Posted by at
Labels:

1 comment:

Unknown said...

Perfect, u should post at mandrivausers for sticky. this was exactly what was needed to help me make upnp work with my external router and internal linux router.

January 18, 2010 at 8:37 PM

Post a Comment

Subscribe to: Post Comments (Atom)