-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jens Rehaag wrote: > Hi, > > long story told shortly: I am running a MythTV backend (with UPnP > server) inside a XEN DomU. Everything works fine, except for the UPnP > part. Before I migrated the server to the virtual machine, also that was > working well (broadcasting to a PS3 on the local net, and also to other > UPnP software clients). Now, the clients don't see the server any more. > > My XEN/Shorewall setup is based on this guide: running Shorewall in a > routed Dom0 <http://www.shorewall.net/XenMyWay-Routed.html>. Main > difference is that I did not (yet) make a separate zone for the WLAN. > > Current environment: > eth0: External interface (net) (to the Internet router), 192.168.200.1 > eth1: Internal interface (loc), 192.168.100.1 > eth4: UPnP server ($TEST_IF), 192.168.200.1 > The internal address of the UPnP server is 192.168.100.3. > Client used for testing: 192.168.100.222 (loc) > > After a lot of trial/error, and also a lot of googling, I'm stuck... I'm > pretty sure I just overlooked one tiny detail, but can't see it. Can > anyone give me a hint, please? > > Sorry if this was handled earlier on the list, but my search didn't turn > it up. > > You'll find a shorewall dump in the attachment.
Sorry -- I don't understand your configuration at all. You say: > eth4: UPnP server ($TEST_IF), 192.168.200.1 That isn't the server -- that is an interface on the firewall. - From the dump: > Chain PREROUTING (policy ACCEPT 176 packets, 40630 bytes) > pkts bytes target prot opt in out source destination > 0 0 UPnP all -- eth0 * 0.0.0.0/0 0.0.0.0/0 > 0 0 UPnP all -- eth3 * 0.0.0.0/0 0.0.0.0/0 > 26 6595 UPnP all -- eth1 * 0.0.0.0/0 0.0.0.0/0 > 44 14522 UPnP all -- eth4 * 0.0.0.0/0 0.0.0.0/0 > 0 0 UPnP all -- vnet0 * 0.0.0.0/0 0.0.0.0/0 > 0 0 UPnP all -- vif10.0 * 0.0.0.0/0 0.0.0.0/0 Looks like you kept adding 'upnp' to your interfaces until you ran out of interfaces??? This is also curious: > Chain eth0_masq (1 references) > pkts bytes target prot opt in out source destination > 1 76 SNAT all -- * * 192.168.100.0/24 0.0.0.0/0 /* Masquerade Local Network */ to:192.168.200.1 > 0 0 SNAT all -- * * 169.254.0.0/16 0.0.0.0/0 /* Masquerade Local Network */ to:192.168.200.1 > 0 0 SNAT all -- * * 239.0.0.0/8 0.0.0.0/0 /* Masquerade Local Network */ to:192.168.200.1 > 0 0 SNAT all -- * * 224.0.0.0/4 0.0.0.0/0 /* Masquerade Local Network */ to:192.168.200.1 What is all of this masquerading for? Clearly the multicast addresses in the 'source' column are ridiculous which makes me think that you have an interface name in the SOURCE column of /etc/shorewall/masq. It looks to me like you have taken a server that depends on broadcast and have moved it to the other side of a router from its clients; that's usually a losing strategy. Do you have any web references about how this whole thing is supposed to work? My experience with UPnP is in the classic case where linux-idg is running on a gateway which this doesn't appear to be. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkrT0ocACgkQO/MAbZfjDLLS2gCeKyWDMpI/1TVSIjDI09pUgtmM q8wAoKN3CNYM2VQulQX0DUyhBqAWgqoa =LG3j -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
