SG-3100 upgrade to 24.03 seems to have broken UPnP
-
@fred7911 I don't know about uPnP. None of our clients are using it on a 3100.
Downgrading would require a reinstall, and restore a 23.09.1 config file. You can get an installer image via a free ticket from Netgate.
https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/reinstall-pfsense.html -
UPnP is a base pkg it should still be working in 24.03.
Do you see any open ports in Status > UPnP?
-
That is the strange part: I can see some ports opened, but right now only 1 port per local IP / server,
So not all are getting opened... and servers that are using UPnP (FluxOS) are reporting dysfunctional UPnP (it was working fine before the upgrade to 24.03)
And it's concerning 8 VMs, so it's not isolated...
-
Hmm, do you see anything in the main system logs when that happens?
-
S stephenw10 moved this topic from Problems Installing or Upgrading pfSense Software on
-
The 2 main suprising logs are
In System > Routing logs, from the miniupnpd process
miniupnpd 88484 ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_ADD_TAIL: File existsAnd also from the xinetd right after restarting the UPnP service, many "readjusting service" logs in System > General
xinetd 41470 readjusting service 19001-udp xinetd 41470 readjusting service 19001-tcp -
@fred7911 said in SG-3100 upgrade to 24.03 seems to have broken UPnP:
xinetd 41470 readjusting service 19001-udp
xinetd 41470 readjusting service 19001-tcpThose are almost certainly because you have NAT reflection enabled in NAT+Proxy mode? Probably not required but also not a problem.
When UPnP is working as expected what status do you see? A large number of open ports to each host? Range of ports?
-
Yes I'm also using an "Override WAN address" setting in my "UPnP & NAT-PMP Settings" for this specific subnet (the only one with UPnP enabled)
Usually each inside server opens 8-10 ports (at least) on WAN to be able to communicate. Sometimes in range, sometimes not, it actually depends on the need...
-
Hmm, failing to replicate that. I can open multiple ports to an internal host on a 3100:
-
Could it be related to the upgrade somehow? That's why I posted here initially, because it was immediate after the final reboot for the upgrade to 24.03
-
That could be a clue: https://github.com/miniupnp/miniupnp/issues/715
I checked and the "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_ADD_TAIL: File exists" message was not present in logs with 23.09 -
Yup looks like that. Interesting that bug is shown against FreeBSD 14 though. So perhaps this is unrelated to the pfSense upgrade; 23.09.1 was built on 14.
-
For information, I rolled back the Netgate 3100 to version 23.09.1 and everything is working smoothly, without changing anything on the servers using UPnP.
It could be interesting to have further testings, and maybe see if it could be related to a specific setting (as you could make it work). The main one I could imagine is the "Override WAN address" in the UPnP config.
-
I had to use 'Override WAN address' because my 3100 here does not have a public IP on the WAN. miniUPnP will not add forwards from a private IP address. Which is inconvenient!
-
The only thing I noticed with the latest upgrade is that UPnP is not closing any open ports on its own anymore.
-
Hmm, like at all?
They should have a lifetime set when created, like 1h default.Edit: Doesn't seem to be expiring though....
-
