OpenWrt stuff

I use OpenWrt on a number of devices, despite its likely pronunciation. Even though I’m usually a bleeding-edge sort of guy, I run OpenWrt White Russian because, frankly, the newer Kamikaze version has historically been too unstable and has been progressing very slowly.

miniupnpd for OpenWrt White Russian

Recently, I got tired of having to maintain my own fixed port mappings on my OpenWrt devices. netfilter/iptables are pretty flexible, but in 2009, there shouldn’t be any reason to have to configure temporary port mappings manually. This is exactly the problem that UPnP IGD was meant to solve in 2001, and more recently, what the superior NAT-PMP solves. The problem is that until recently, there was no easy way to implement either UPnP IGD or NAT-PMP on an OpenWrt White Russian system.

MiniUPnPd is a relatively new UPnP IGD implementation, and more recently, a NAT-PMP implementation has been added to it. A miniupnpd package for OpenWrt Kamikaze (source) is readily available, but as there is no new official development for White Russian, existing systems are left in the dark. The X-Wrt project has a miniupnpd backport package (source) available, but I found that it was outdated, the FTP server that distributes it was down when I needed it, it depended on a backport of the Kamikaze configuration system, and the included scripts failed to start miniupnpd. Come on, we can do better than that, can’t we?

I’ve prepared my own miniupnpd package for White Russian to fill the void. It’s based on miniupnpd 20081009, slightly newer than version 1.2, and doesn’t depend on any Kamikaze configuration stuff that’s alien to a White Russian system. You can install it on a White Russian system with:

wrt# ipkg install

I’ve also provided some more notes on the build procedure, in case anyone else wants to try, or more likely, in case I ever need to build it again.

lsof for OpenWrt White Russian

Once I had fired up my miniupnpd build, I noticed a few extra IPv4 sockets open on the wildcard address. I’m understandably not too keen on allowing anyone on the big bad Internet define their own port mappings on my equipment, so I was sure to lock these down with the netfilter/iptables-based firewall. While perusing the netstat output, I also noticed something waiting for UDP packets on port 67, the DHCP server port, also using the wildcard address. I suspected it might be dnsmasq, and wanted to turn to my trusty friend lsof, but again found that while an lsof package for OpenWrt Kamikaze (source) was readily available, none was available for White Russian. Here we go again…

Starting with the Kamikaze package source, I set up a White Russian backport. Fortunately, lsof doesn’t depend on any funky bits of configuration, so this was very straightforward, and within minutes I had an lsof package for OpenWrt White Russian. I went with lsof 4.77 as used by the Kamikaze package instead of the now-current 4.80 because by this point, I was in no mood to play games, and really, how much difference can 0.03 make? The build procedure notes are also available, or you can just skip ahead to installing the package:

wrt# ipkg install

For what it’s worth, dnsmasq was the port-67 culprit (of course!) I was actually kind of surprised, seeing as how I regard dnsmasq as pretty high-quality, and how I have bind-interfaces configured. Apparently that only affects dnsmasq’s DNS server and not its DHCP server. Oh well, here comes another firewall rule.

More stuff

There might not be any more stuff, but if there is, you’ll find it, unsorted, here.

Pick a different trade.

Mark Mentovai
2009 January 6