Log / routing full of upnp related messages
-
I was looking through my logs today and noticed that the System / Routing log was full of messages related to miniupnpd.
And all of it for PC's that are not in the ACL list of allowed IP's. What is this and why is it being logged? I don't even have logging turned on for upnp...
-
That check box seems to indicate it is for logging packets "HANDLED" by UPnP.
Since the packet was not handled and the connection failed, it logs the failure. (which would seem to be a good thing)Personally I would not have UPNP enable on my network. Not a fan of allowing applications to decide what is allowed in. That is a different discussion though.
A couple ways to deal these log entries that I can think of are:
- go to the denied workstations and disable UPnP services. Since your not allowing it anyway
- disable UPnP service on PFSense and add specific NAT entries and rules for what you wish to allow on your network.
- ignore these log entries for the specific devices since you know and understand why they are there.
I am running Version: 24.03-RELEASE and have the UPnP service disabled. I do specific NAT rules for inbound traffic. I do not see these log entries at all.
Hope this helps,
Mike -
Yup that adds logging to the firewall rules created by UPnP so you see traffic actually passed by it. It doesn't affect logging from the daemon itself.
-
@mikek @stephenw10 Yeah that makes sense and I guess there is no way to turn of logging for UPnP completely? And I understand it's just for information and not indicating any problem, it's just that it fills up that log...
@mikek I do have UPnP enabled for two gaming PC's and just a few ports that I have narrowed it down to. And there is one game in particular that simply will not show Open NAT unless UPnP is enabled, which messes up some online gaming unfortunately.
-
Mmm, not seeing a way to do that. You can increase logging by starting it with -v or -vv but I don't see anything else either as a switch or in the conf file.
-
Did you add matching rule for upnp on the access control lists?
Check out this guide to make sure you didn't miss anything you never know...
https://docs.netgate.com/pfsense/en/latest/services/upnp.html
-
This post is deleted! -
@JonathanLee said in Log / routing full of upnp related messages:
add matching rule for upnp on the access control lists
By matching rule do you mean the ACL entries as in:
-
@Gblenn Yes does your ip schema still the same?
-
@JonathanLee said in Log / routing full of upnp related messages:
Yes does your ip schema still the same
Hmm? Does my IP schema still ?look? the same??
The LAN, where UPnP is enabled has two of the Static IP's (gaming PCs) which in the ACL list (192.168.1.92) and they have the same port range allowed.
The IP's that show up in the log are all from the DHCP range .130 and above.
