UPnP support
-
replace /etc/inc/system.inc with http://iserv.nl/files/pfsense/system.inc
replace /etc/inc/filter.inc with http://iserv.nl/files/pfsense/filter.inc
replace /usr/local/www/interfaces_lan.php with http://iserv.nl/files/pfsense/interfaces_lan.txt
replace /usr/local/www/interfaces_opt.php with http://iserv.nl/files/pfsense/interfaces_opt.txt
execute this command, fetch -o /usr/local/sbin/miniupnpd http://iserv.nl/files/pfsense/miniupnpd
execute this command, chmod +x /usr/local/sbin/miniupnpdenable it on the lan interface.
Check the sytem logs.
Currently unsupported
-
Okay, files updated, service enabled. Stuff is happening in the system logs when I open uTorrent or MSN Messenger. I'll have to close some of my presently opened & NATed ports and check it out…
Thanks!
-
Further testing seems to indicate that it's working properly.
I removed my NAT & Firewall Rules entries for uTorrent, enabled UPnP in the program, and it all worked!!
The port was opened when I opened the program.
And it seemed to be closed after I exited the program as indicated from a external port probe.It passes these simple tests anyway!
Thanks again!
-
Minor update.
I did see this one error in the logs. It doesn't seem to stop it from working, but just for completeness here it is.
miniupnpd[46767]: /dummy not found, responding ERROR 404 -
That's a feature. No fix for that. The computer is requesting something from the daemon which it does not comprehend.
Nice hearing that it appears working.
It does need further fixing though. It currently does not remove the firewall rules, only the port forwards to the inside host. I hope to fix that at a later time.
Cheers.
-
Cool!!
It would be nice to have it as a package even in this state so we won't lose it across updates!
Plus it would be easier to install! ;) Not that it's terribly difficult, but… :DIt may not be the best feature in a corporate environment, but it sure is nice in a small home/office setup!
Thanks for your hard work so far!! :D
JC (aka Superman)
-
Cool great!!
I'll have to give this a try and I'll let the OP (bradenmcg) know there has been progress as he is at the desk next to me.. :)
Riley
-
It appears this wil be going into base instead of a package although that is still up for discussion
It does make sense for some corporate workplaces though. If you have a lot of skype and videoconferencing then upnp is a good solution and far more granular then opening port ranges or creating static port ranges with static IP's.
A socks proxy is even worse because then you can tunnel anything in and out.
Cheers,
-
Can you see what has been opened by UPNP? IE can a corporate firewall administrator who in a fit of insanity allows uPnP at least see what is going on with it?
-
Not yet.
-
pfctl -aminiupnpd -sr
pfctl -aminiupnpd -sn -
I have tested it and I think I have gone wrong some ware because I get this
XML error: not well-formed (invalid token) at line 99
-
That's very interesting. I have not seen that happen on 3 different hosts I tried it on.
What does the config.xml look like at line 99?
It should (probably) be in the interfaces, lan section
Which should have a <enableupnp>tag.</enableupnp> -
well I have just tryed it on my other PFsense box and it works. Hmm I must of broken something when I was playing around.
-
Okay, I just tested the latest version of miniupnpd…this time I decided to reboot to make sure to clear the tables...and I noticed a small bug, perhaps unique to me, but maybe not.
Miniupnpd did not restart at reboot. I had to go to the LAN page > disable it > apply > enable it > apply again, and then it was running.
Oh, and not much is being logged anymore.
-
It might not be included in the startup scripts. I think the code in HEAD does do this.
I have not rebooted my box yet. So I have not noticed.
-
I am unable to get it working properly.
First I tried utorrent and it seems to of half worked. I never turned green but the port was open doing a port scan…
Then I tried the following program to test http://fp.mgillespie.plus.com/upnphelp.htmhttp://fp.mgillespie.plus.com/upnphelp.htm. There is a link there to download. The program fails tests 7 and 8. In my experience if you pass his test uPnP will work. If you fail his test, it will be hit and miss at best. It of course could just be my setup.
I have my LAN set to 192.168.17.x (just incase there is a buglet there which I doubt), and am using PPPoE (which again I doubt has any effect).
If you have any other program you want me to test with just tell me please. -
to make it startup on reboot
replace /etc/inc/pfsense-utils.inc with http://iserv.nl/files/pfsense/pfsense-utils.inc
replace /etc/inc/system.inc with http://iserv.nl/files/pfsense/system.inc
fetch -o /usr/local/sbin/miniupnpd http://iserv.nl/files/pfsense/miniupnpd
chmod +x /usr/local/sbin/miniupnpdalso updated the miniupnpd binary so it logs properly.
About that test program, ignore it. What it does is connect from the LAN to the WAN on the opened port and then gets bitten by the fact that there is not NAT reflection for that port.
I do not plan on adding that. Furthermore, Azureus does not have this problem (which is what I test with).
-
Okay, I tried this all out. Logging is working properly, but the daemon still doesn't seem to restart after a reboot. I'll check over all the files to make sure they're right, but I did follow all the directions…
-
I still get nothing in my log from UPNP. What should I be expecting? Is there anyway we can get another section added to the logs from upnp? It seems to me it is important enough it should have it's own log section.