nixos/tests/upnp.nix

   1 # This tests whether UPnP port mappings can be created using Miniupnpd
   2 # and Miniupnpc.
   3 # It runs a Miniupnpd service on one machine, and verifies
   4 # a client can indeed create a port mapping using Miniupnpc. If
   5 # this succeeds an external client will try to connect to the port
   6 # mapping.
   7
   8 import ./make-test-python.nix ({ pkgs, ... }:
   9
  10 let
  11   internalRouterAddress = "192.168.3.1";
  12   internalClient1Address = "192.168.3.2";
  13   externalRouterAddress = "80.100.100.1";
  14   externalClient2Address = "80.100.100.2";
  15 in
  16 {
  17   name = "upnp";
  18   meta = with pkgs.lib.maintainers; {
  19     maintainers = [ bobvanderlinden ];
  20   };
  21
  22   nodes =
  23     {
  24       router =
  25         { pkgs, nodes, ... }:
  26         { virtualisation.vlans = [ 1 2 ];
  27           networking.nat.enable = true;
  28           networking.nat.internalInterfaces = [ "eth2" ];
  29           networking.nat.externalInterface = "eth1";
  30           networking.firewall.enable = true;
  31           networking.firewall.trustedInterfaces = [ "eth2" ];
  32           networking.interfaces.eth1.ipv4.addresses = [
  33             { address = externalRouterAddress; prefixLength = 24; }
  34           ];
  35           networking.interfaces.eth2.ipv4.addresses = [
  36             { address = internalRouterAddress; prefixLength = 24; }
  37           ];
  38           services.miniupnpd = {
  39             enable = true;
  40             externalInterface = "eth1";
  41             internalIPs = [ "eth2" ];
  42             appendConfig = ''
  43               ext_ip=${externalRouterAddress}
  44             '';
  45           };
  46         };
  47
  48       client1 =
  49         { pkgs, nodes, ... }:
  50         { environment.systemPackages = [ pkgs.miniupnpc pkgs.netcat ];
  51           virtualisation.vlans = [ 2 ];
  52           networking.defaultGateway = internalRouterAddress;
  53           networking.interfaces.eth1.ipv4.addresses = [
  54             { address = internalClient1Address; prefixLength = 24; }
  55           ];
  56           networking.firewall.enable = false;
  57
  58           services.httpd.enable = true;
  59           services.httpd.virtualHosts.localhost = {
  60             listen = [{ ip = "*"; port = 9000; }];
  61             adminAddr = "foo@example.org";
  62             documentRoot = "/tmp";
  63           };
  64         };
  65
  66       client2 =
  67         { pkgs, ... }:
  68         { environment.systemPackages = [ pkgs.miniupnpc ];
  69           virtualisation.vlans = [ 1 ];
  70           networking.interfaces.eth1.ipv4.addresses = [
  71             { address = externalClient2Address; prefixLength = 24; }
  72           ];
  73           networking.firewall.enable = false;
  74         };
  75     };
  76
  77   testScript =
  78     { nodes, ... }:
  79     ''
  80       start_all()
  81
  82       # Wait for network and miniupnpd.
  83       router.wait_for_unit("network-online.target")
  84       # $router.wait_for_unit("nat")
  85       router.wait_for_unit("firewall.service")
  86       router.wait_for_unit("miniupnpd")
  87
  88       client1.wait_for_unit("network-online.target")
  89
  90       client1.succeed("upnpc -a ${internalClient1Address} 9000 9000 TCP")
  91
  92       client1.wait_for_unit("httpd")
  93       client2.wait_until_succeeds("curl -f http://${externalRouterAddress}:9000/")
  94     '';
  95
  96 })