--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=natpmp
+PKG_VERSION:=0.2.1
+PKG_RELEASE:=1
+
+PKG_SOURCE_URL:=http://download.savannah.nongnu.org/releases/natpmp/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_MD5SUM:=b0b1fea34ecd2c99f75c01a6728c9a7b
+
+PKG_CAT:=zcat
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/natpmp
+ SECTION:=net
+ CATEGORY:=Network
+ DEPENDS:=+ip
+ TITLE:=A daemon implementing NAT-PMP
+ URL:=http://savannah.nongnu.org/projects/natpmp
+endef
+
+define Package/natpmp/description
+ stunnel replacement based on xyssl
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+ rm -rf $(PKG_INSTALL_DIR)
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ $(TARGET_CONFIGURE_OPTS) \
+ CC=$(TARGET_CC) \
+ LD=$(TARGET_CC) \
+ CFLAGS="$(strip $(TARGET_CFLAGS))" \
+ CPPFLAGS="$$$$CPPFLAGS -I$(STAGING_DIR)/usr/include" \
+ LDFLAGS="-L$(STAGING_DIR)/usr/lib" \
+ prefix="$(PKG_INSTALL_DIR)/usr"
+ mkdir -p $(PKG_INSTALL_DIR)/usr/sbin
+ $(CP) $(PKG_BUILD_DIR)/natpmp $(PKG_INSTALL_DIR)/usr/sbin
+endef
+
+define Package/natpmp/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/natpmp $(1)/usr/sbin
+ $(RSTRIP) $(1)/usr/sbin/natpmp
+
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_DATA) ./files/natpmp.config $(1)/etc/config/natpmp
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/natpmp.init $(1)/etc/init.d/natpmp
+endef
+
+$(eval $(call BuildPackage,natpmp))
--- /dev/null
+config natpmp
+ option outbound_interface vlan0
+ option inbound_interfaces br-lan eth1
+ option iptables_chain natpmp
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+START=70
+
+IP=$(which ip)
+IPTABLES=$(which iptables)
+NATPMP=/usr/sbin/natpmp
+PIDFILE=/var/run/natpmp.pid
+
+natpmp_config() {
+ local cfg="$1"
+
+ config_get PUBLIC_IF "$cfg" outbound_interface
+ config_get PRIVATE_IFS "$cfg" inbound_interfaces
+ config_get IPTABLES_CHAIN "$cfg" iptables_chain
+}
+
+start() {
+ config_load natpmp
+ config_foreach natpmp_config natpmp
+
+ # Flush all the rules in the natpmp chain, or create it, if it doesn't exists.
+ $IPTABLES -t nat -F $IPTABLES_CHAIN 2>/dev/null || \
+ $IPTABLES -t nat -N $IPTABLES_CHAIN
+
+ # Handle all incoming connections in the natpmp chain.
+ $IPTABLES -t nat -D PREROUTING -j $IPTABLES_CHAIN 2>/dev/null || true
+ $IPTABLES -t nat -A PREROUTING -j $IPTABLES_CHAIN
+
+ # Iterate through the private interfaces.
+ BIND_ARGS=""
+ for IF in $PRIVATE_IFS; do
+ # Get the IP address of this interface.
+ ADDR=`$IP addr show dev $IF 2>/dev/null | grep "^ *inet .* $IF\$" | cut -d " " -f 6 | cut -d / -f 1`
+ if [ -n "$ADDR" ] ; then
+ # Add the IP address to the argument list.
+ BIND_ARGS="$BIND_ARGS -a $ADDR"
+ else
+ echo "Could not get IP address of interface $IF. Skipping." >&2
+ fi
+ done
+
+ if [ -z "$BIND_ARGS" ] ; then
+ echo "No IP addresses to bind to. Exiting." >&2
+ exit 1
+ fi
+
+ $NATPMP -p $PIDFILE -b -i "$PUBLIC_IF" $BIND_ARGS -- "$IPTABLES_CHAIN"
+}
+
+stop() {
+ config_load natpmp
+ config_foreach natpmp_config natpmp
+
+ # Unlink chain
+ $IPTABLES -t nat -D PREROUTING -j $IPTABLES_CHAIN 2>/dev/null || true
+
+ # Flush all the rules in the natpmp chain
+ $IPTABLES -t nat -F $IPTABLES_CHAIN 2>/dev/null && \
+ $IPTABLES -t nat -X $IPTABLES_CHAIN
+
+ kill $(cat $PIDFILE)
+}