-1

So I run a VPN business. When users want to port forward ports, I use DNAT.

Is it possible to make the ports automatically go open like upnp?

I've heard something that masquerade can do this.

Niel
  • 11
  • 2

1 Answers1

2

Well, as you already named it, UPnP would do that. UPnP implementations for Linux which would modify iptables rules accordingly do exist but obviously UPnP needs applicaion support for the appropriate control requests. The Gentoo Wiki has a short howto for setting up linux-igd (the UPnP daemon implementation) to alter iptables rules.

As you might have noted, the important point about DNAT rules is to know where to DNAT to - the destination has to be explicitly stated. As there is no universal way to guess that, an automatic translation would be impossible unless you have found a different way of signaling the request - this is what UPnP is doing. A masquerade rule on the contrary is an SNAT-type rule, the address to use for the SNAT is determined by just taking the IP address of the outbound interface. Although this might be wrong for odd setups, for most use cases it works out quite fine.

the-wabbit
  • 40,737
  • 13
  • 111
  • 174
  • You know any tutorial on how to install upnp, can't find much about it. – Niel Jan 02 '13 at 01:14
  • @CloudVPN The [***Gentoo Wiki has a short howto***](http://en.gentoo-wiki.com/wiki/UPnP#Embedding_linux-igd_into_iptables) for setting up linux-igd (the UPnP daemon implementation) to alter iptables rules. – the-wabbit Jan 02 '13 at 08:09