Do UPnP rules not expire?
-
@Wolf666 said in Do UPnP rules not expire?:
Tested after I removed manually the states:
Like you just deleted the firewall states in Diag > States?
-
@stephenw10
No, I just manually cleared the mapped ports from UPnP status page. I used wrong wording. -
Hmm, it's odd that it doesn't show a session time for the port forward. Does it ever show a time? If you check just after it's been opened?
Does the error in the log appear after, say, 1 hr?
-
@stephenw10
Just clear all mapped ports while PS% was on, started to play Destiny:PS C:\upnpc> ./upnpc-static -l upnpc : miniupnpc library test client, version 2.2.3. (c) 2005-2022 Thomas Bernard. Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/ for more information. List of UPNP devices found on the network : desc: http://192.168.1.10:2189/rootDesc.xml st: urn:schemas-upnp-org:device:InternetGatewayDevice:1 Found valid IGD : http://192.168.1.10:2189/ctl/IPConn Local LAN ip address : 192.168.1.81 Connection Type : IP_Routed Status : Connected, uptime=76s, LastConnectionError : ERROR_NONE Time started : Mon Dec 23 18:09:32 2024 MaxBitRateDown : 1000000000 bps (1000.0 Mbps) MaxBitRateUp 300000000 bps (300.0 Mbps) ExternalIPAddress = 82.84.92.142 i protocol exPort->inAddr:inPort description remoteHost leaseTime 0 UDP 3074->192.168.1.50:3074 'DemonwarePortMapping' '' 0 GetGenericPortMappingEntry() returned 713 (SpecifiedArrayIndexInvalid) PS C:\upnpc>
Now I will close the game, switch off the PS5 and see what's going to happen in 1 hour.
-
Still shows 0 leasetime though. I'm not sure how it determines when to 'expire' it.
-
@stephenw10
In fact the mapped port 3074 is still there.
There is only 1 state active not related to upnp:WAN tcp 82.84.92.142:65206 (192.168.1.50:65206) -> 34.214.130.96:443 ESTABLISHED:ESTABLISHED 714 / 364 50 KiB / 32 KiB
I am not an IT expert and I really don’t have any further idea on this.
-
Do you still see the error in the upnp logs showing it failing to remove the forward though?
It looks like the forward is being opened without a leasetime and I'm unsure what should happen in that situation. I can create a similar lease manually by defining 0s specifically:
steve@steve-NUC9i9QNX:~$ upnpc -l upnpc : miniupnpc library test client, version 2.2.3. (c) 2005-2021 Thomas Bernard. Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/ for more information. List of UPNP devices found on the network : desc: http://172.21.16.1:2189/rootDesc.xml st: urn:schemas-upnp-org:device:InternetGatewayDevice:1 Found valid IGD : http://172.21.16.1:2189/ctl/IPConn Local LAN ip address : 172.21.16.8 Connection Type : IP_Routed Status : Connected, uptime=1291945s, LastConnectionError : ERROR_NONE Time started : Mon Dec 9 00:31:38 2024 MaxBitRateDown : 1000000000 bps (1000.0 Mbps) MaxBitRateUp 1000000000 bps (1000.0 Mbps) ExternalIPAddress = 45.89.45.8 i protocol exPort->inAddr:inPort description remoteHost leaseTime 0 UDP 8889->172.21.16.8:8889 'Test2' '' 0 GetGenericPortMappingEntry() returned 713 (SpecifiedArrayIndexInvalid)
I'll see what happens.
-
Also by omitting a lease time value.
I wonder if it should add a default and is not....
-
Mmm, this thread seems pretty revealing: https://miniupnp.tuxfamily.org/forum/viewtopic.php?p=5727#5727
Seems like the behaviour you're seeing is expected is the client opens forward with no lease time.
-
@stephenw10
Yes that forum thread explains the behavior. I cannot do anything except removing mapped port manually. From a security point of view the consoles have their own IP assigned so it is ok if the mapped port are there until I remove them manually. Only consoles have access to UPnP service with proper “allow” and IP, other IP are denied by default in the Service ACL.
Thanks for help and time. -
Mmm, I tried added min and max lifetime options to the conf and it made absolutely no difference I could see!