Posts Tagged ‘NAT-PMP’

PPPoE fixes for natpmpd

Friday, December 16th, 2011

I recently started using the pppoe(4) driver on OpenBSD, and with it found a few small bugs in how natpmpd handles these sorts of dynamic interfaces.

One simple bug being it refused to start up if the interface didn’t already exist and also it considered as a valid IP address and would broadcast that to any clients on the network. This situation happened due to the way pppoe(4) interfaces are initially set up and would correct itself quickly once the PPPoE session was negotiated.

Both of these bugs should be fixed so natpmpd should now correctly deny any request until the interface gets created and negotiates a normal IP address, (normal Ethernet interface behaviour should be unchanged).

NAT-PMP fixes for Transmission

Sunday, November 7th, 2010

I recently had a desire to play some old Amiga games in UAE and so I needed the Kickstart ROMs. Rather than dig out my old A1200 and somehow get the ROM image from that I attempted to just download them, (naughty, I know).

All I could find were BitTorrent links so I needed a BitTorrent client. I picked Transmission as it looked a decent OS X client and grabbed the Kickstart ROMs.

In the course of doing that I noticed a couple of small NAT-PMP related bugs, thanks to being more than slightly familiar with the protocol.

So once bugs #3727 and #3728 are fixed hopefully Transmission will play even better with natpmpd.

Alignment fixes for natpmpd

Sunday, October 24th, 2010

A one line fix and natpmpd should now work on OpenBSD platforms that have stricter code alignment requirements than i386 or amd64 such as armish and sparc64. Fairly amazed that was the only breakage.

Next release should hopefully have privilege separation now that the various imsg_*(3) functions will be easily available in the 4.8 release.

Back to My Mac and an OpenBSD firewall

Friday, August 27th, 2010

As I recently wrote, I’ve been playing with the Back to My Mac feature of MobileMe on my Macs. Put simply it’s a VPN for your Macs, you can access one remotely from another as if they were on the same LAN either at home or work.

Assuming you’ve entered all of your MobileMe account details, it should just be a case of going to the Back to My Mac tab in the MobileMe preferences and starting it up on each Mac you own.

However, with the first Mac I tried this on I hit this problem:

Back to My Mac Warning Screenshot

The router that OS X is complaining about in this case is a Soekris net4501 running OpenBSD, (well to be pedantic, there’s actually two of them in a failover configuration). OpenBSD doesn’t support NAT-PMP or UPnP out of the box, so I had a look for some additional software I could run that might support either protocol.

I came across MiniUPnPd which claimed to support both protocols and run on OpenBSD so I grabbed the source and compiled it up to try it. At the time I was still running OpenBSD 4.6 but was planning to do the upgrade to 4.7 soon, I noted that there was reports of MiniUPnPd not working properly on 4.7.

After configuring it and starting it up, it didn’t seem to work properly. After eliminating any obvious reasons, the Macs still didn’t think that the router supported either NAT-PMP or UPnP, and my Sony Playstation 3 which supports UPnP only, claimed UPnP was unavailable when I ran a network diagnostic but this seems to be a known issue with the Playstation 3. So MiniUPnPd wasn’t looking too useful to me.

Out of curiosity I investigated how complicated the NAT-PMP and UPnP protocols are as the specifications for both should be publicly available. The first one I looked at was UPnP as at the time this seemed the more well known of the two. UPnP appears be a fairly bewildering set of standards, even though it seemed the bit I only need to care about is the Internet Gateway Device (IGD) protocol. It also depends heavily on XML which I loath the more I have to deal with it.

NAT-PMP on the other hand seemed a far simpler protocol, the IETF draft was straightforward by comparison and as it was authored by Apple themselves, it should be the better supported of the two, at least on my Apple hardware. After a day or two of coding, I have a fully standalone NAT-PMP daemon – natpmpd, which I’m making available under the BSD licence.

The dedicated page documents the gory details on how to get it set up, but suffice to say once installed and running, I now get the following on each Mac:

Back to My Mac Working Screenshot

To test, I simply disconnected my MacBook Pro from my home network and instead connected through my mobile phone via 3G. The remaining Macs on the home network are still visible in the Finder and Screen and File sharing remain accessible. On my OpenBSD router using tcpdump(8) I can see the encrypted VPN traffic flowing between the remote and local Macs.