UPnP support
-
I'm just wondering if there has been an update to this?
I'd be willing to throw in a little cashola for this as well..
UPnP would make my Pfsense box the perfect home firewall IMO..
Riley
-
No, I am affraid not. Seth talked about working on it so maybe push him over the edge with a bounty :)
It requires some c work, so it's not a trivial patch to bring to life.
-
Unfortunately, things may be a little tight for a bit as I'm moving to a new place, but I would offer up $50. It's not much I'm afraid..
So, uPnP support bounty is up to $150 now I guess.. :)
Riley
-
I am currently having a poke at it. I require at least a week.
Also, other upnp software came available that has no silly depencies which might make it easier to work on.
-
I have some proof of concept code and was wondering if there are any testers available.
-
I'll try it out. Do you have a link or a file with some instructions?
-
replace /etc/inc/system.inc with http://iserv.nl/files/pfsense/system.inc
replace /etc/inc/filter.inc with http://iserv.nl/files/pfsense/filter.inc
replace /usr/local/www/interfaces_lan.php with http://iserv.nl/files/pfsense/interfaces_lan.txt
replace /usr/local/www/interfaces_opt.php with http://iserv.nl/files/pfsense/interfaces_opt.txt
execute this command, fetch -o /usr/local/sbin/miniupnpd http://iserv.nl/files/pfsense/miniupnpd
execute this command, chmod +x /usr/local/sbin/miniupnpdenable it on the lan interface.
Check the sytem logs.
Currently unsupported
-
Okay, files updated, service enabled. Stuff is happening in the system logs when I open uTorrent or MSN Messenger. I'll have to close some of my presently opened & NATed ports and check it out…
Thanks!
-
Further testing seems to indicate that it's working properly.
I removed my NAT & Firewall Rules entries for uTorrent, enabled UPnP in the program, and it all worked!!
The port was opened when I opened the program.
And it seemed to be closed after I exited the program as indicated from a external port probe.It passes these simple tests anyway!
Thanks again!
-
Minor update.
I did see this one error in the logs. It doesn't seem to stop it from working, but just for completeness here it is.
miniupnpd[46767]: /dummy not found, responding ERROR 404 -
That's a feature. No fix for that. The computer is requesting something from the daemon which it does not comprehend.
Nice hearing that it appears working.
It does need further fixing though. It currently does not remove the firewall rules, only the port forwards to the inside host. I hope to fix that at a later time.
Cheers.
-
Cool!!
It would be nice to have it as a package even in this state so we won't lose it across updates!
Plus it would be easier to install! ;) Not that it's terribly difficult, but… :DIt may not be the best feature in a corporate environment, but it sure is nice in a small home/office setup!
Thanks for your hard work so far!! :D
JC (aka Superman)
-
Cool great!!
I'll have to give this a try and I'll let the OP (bradenmcg) know there has been progress as he is at the desk next to me.. :)
Riley
-
It appears this wil be going into base instead of a package although that is still up for discussion
It does make sense for some corporate workplaces though. If you have a lot of skype and videoconferencing then upnp is a good solution and far more granular then opening port ranges or creating static port ranges with static IP's.
A socks proxy is even worse because then you can tunnel anything in and out.
Cheers,
-
Can you see what has been opened by UPNP? IE can a corporate firewall administrator who in a fit of insanity allows uPnP at least see what is going on with it?
-
Not yet.
-
pfctl -aminiupnpd -sr
pfctl -aminiupnpd -sn -
I have tested it and I think I have gone wrong some ware because I get this
XML error: not well-formed (invalid token) at line 99
-
That's very interesting. I have not seen that happen on 3 different hosts I tried it on.
What does the config.xml look like at line 99?
It should (probably) be in the interfaces, lan section
Which should have a <enableupnp>tag.</enableupnp> -
well I have just tryed it on my other PFsense box and it works. Hmm I must of broken something when I was playing around.