Thursday, March 24, 2016

upnp on mikrotik and linux server

UPnP (Universal Plug and Play) is the way to enable port forwarding automatically without administrator's intervention, for example printer, personal computer or any other network device talk to router directly and ask to permit the port forwarding to themselves.

*** info ***
mikrotik internet interface ip: 192.168.56.2, ether1
               internal interface ip: 192.168.202.7, ether4
local server: apache2 port: 80
                      ip: 192.168.202.23

***mikrotik***
1- enable upnp and add interface to upnp according to their type.
/ip upnp set enabled=yes
/ip upnp interfaces add interface=ether1 type=external
/ip upnp interfaces add interface=ether4 type=internal

***linux server***
1- installation
$ sudo apt-get install miniupnpc

2- add our web server to upnp to enable port redirect to port 80 on the router
$ upnpc -a 192.168.202.23 80 80 tcp
upnpc : miniupnpc library test client. (c) 2006-2011 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://192.168.202.7:2828/gateway.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://192.168.202.7:2828/upnp/control/wanipconn-1
Local LAN ip address : 192.168.202.23
ExternalIPAddress = 192.168.56.2
InternalIP:Port = 192.168.202.23:80
external 192.168.56.2:80 TCP is redirected to internal 192.168.202.23:80 (duration=0)


3- list the upnp port forwording
$ upnpc -l
upnpc : miniupnpc library test client. (c) 2006-2011 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://192.168.202.7:2828/gateway.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://192.168.202.7:2828/upnp/control/wanipconn-1
Local LAN ip address : 192.168.202.23
Connection Type : IP_Routed
Status : Connected, uptime=1959s, LastConnectionError : ERROR_NONE
  Time started : Thu Mar 24 05:14:39 2016
MaxBitRateDown : 10000000 bps (10.0 Mbps)   MaxBitRateUp 10000000 bps (10.0 Mbps)
ExternalIPAddress = 192.168.56.2
 0 TCP     0->0.0.0.0:0     'Dummy inactive rule for windows to work' '' 0
 1 TCP    80->192.168.202.23:80    'libminiupnpc' '' 0
GetGenericPortMappingEntry() returned 713 (SpecifiedArrayIndexInvalid) on router


 or you can view the nat status to on mikrotik router (the dynamic rule),
 /ip firewall nat print all
Flags: X - disabled, I - invalid, D - dynamic
 0   chain=srcnat action=masquerade

 1 D chain=dstnat action=dst-nat to-addresses=192.168.202.23 to-ports=80
     protocol=tcp dst-address=192.168.56.2 dst-port=80 





access 192.168.56.2 with port 80 will redirect to  apache  web server




No comments:

Post a Comment