Iwamotoです。 On Sat, 16 Aug 2003 23:58:40 +0900 Kenji Nagoshi <nagoshi@xxxxxxxxxxx> wrote: > 》同様にFORWARDもこのソフトの必要性に応じ空けてやらないと機能しない > 》のでは? > > こっちが理解出来なかったのですが、upnpdはこれを自動でやってくれるの > ですよね? upnpdはDNATを追加したり削除したりするだけです。 まずFORWARDをACCEPTで実験してみてください。 以下「README」と「INSTALL」からの抜粋です。 NOTE: This program basically assumes that you have a DEFAULT policy of ACCEPT on your FORWARD chain in iptables, as well as an ACCEPT verdict on the input chain for your client machine to the firewall for all tcp and udp. (Actually, it really only uses ports up above 1024, but which ones are completely random). NOTE: This program only creates DNAT (portmap) entries in you firewall on the external interface (public ip). Any other firewall code must be set to allow basically all tcp and udp through the FORWARD chain to your client machines, and the client machines must be able to contact the firewall using tcp and udp through the firewall's INPUT chain on it internal interface. We will be adding some checks to see if FORWARD has a default policy of DROP or REJECT, however placing rules once we determine this is a bit tricky. There's at the moment no real way to check to see if a packet matchin this rule will pass through any additional rules that may be located above it. Also, we will probably need to check for any rules below as well. Hopefully we can get this implemented soon. K.Iwamoto mailto:burn@xxxxxxxxxxxxxxxx