Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    UPnP support

    Scheduled Pinned Locked Moved Expired/Withdrawn Bounties
    363 Posts 28 Posters 420.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      databeestje
      last edited by

      It appears this wil be going into base instead of a package although that is still up for discussion

      It does make sense for some corporate workplaces though. If you have a lot of skype and videoconferencing then upnp is a good solution and far more granular then opening port ranges or creating static port ranges with static IP's.

      A socks proxy is even worse because then you can tunnel anything in and out.

      Cheers,

      1 Reply Last reply Reply Quote 0
      • N
        nsumner
        last edited by

        Can you see what has been opened by UPNP? IE can a corporate firewall administrator who in a fit of insanity allows uPnP at least see what is going on with it?

        1 Reply Last reply Reply Quote 0
        • D
          databeestje
          last edited by

          Not yet.

          1 Reply Last reply Reply Quote 0
          • D
            databeestje
            last edited by

            pfctl -aminiupnpd -sr
            pfctl -aminiupnpd -sn

            1 Reply Last reply Reply Quote 0
            • J
              Jonb
              last edited by

              I have tested it and I think I have gone wrong some ware because I get this

              XML error: not well-formed (invalid token) at line 99

              Hosted desktops and servers with support without complication.
              www.blueskysystems.co.uk

              1 Reply Last reply Reply Quote 0
              • D
                databeestje
                last edited by

                That's very interesting. I have not seen that happen on 3 different hosts I tried it on.

                What does the config.xml look like at line 99?

                It should (probably)  be in the interfaces, lan section
                Which should have a <enableupnp>tag.</enableupnp>

                1 Reply Last reply Reply Quote 0
                • J
                  Jonb
                  last edited by

                  well I have just tryed it on my other PFsense box and it works.  Hmm I must of broken something when I was playing around.

                  Hosted desktops and servers with support without complication.
                  www.blueskysystems.co.uk

                  1 Reply Last reply Reply Quote 0
                  • S
                    Superman
                    last edited by

                    Okay, I just tested the latest version of miniupnpd…this time I decided to reboot to make sure to clear the tables...and I noticed a small bug, perhaps unique to me, but maybe not.

                    Miniupnpd did not restart at reboot. I had to go to the LAN page > disable it > apply > enable it > apply again, and then it was running.

                    Oh, and not much is being logged anymore.

                    1 Reply Last reply Reply Quote 0
                    • D
                      databeestje
                      last edited by

                      It might not be included in the startup scripts. I think the code in HEAD does do this.

                      I have not rebooted my box yet. So I have not noticed.

                      1 Reply Last reply Reply Quote 0
                      • N
                        nsumner
                        last edited by

                        I am unable to get it working properly.

                        First I tried utorrent and it seems to of half worked. I never turned green but the port was open doing a port scan…

                        Then I tried the following program to test http://fp.mgillespie.plus.com/upnphelp.htmhttp://fp.mgillespie.plus.com/upnphelp.htm. There is a link there to download. The program fails tests 7 and 8. In my experience if you pass his test uPnP will work. If you fail his test, it will be hit and miss at best. It of course could just be my setup.

                        I have my LAN set to 192.168.17.x (just incase there is a buglet there which I doubt), and am using PPPoE (which again I doubt has any effect).
                        If you have any other program you want me to test with just tell me please.

                        1 Reply Last reply Reply Quote 0
                        • D
                          databeestje
                          last edited by

                          to make it startup on reboot

                          replace /etc/inc/pfsense-utils.inc with http://iserv.nl/files/pfsense/pfsense-utils.inc
                          replace /etc/inc/system.inc with http://iserv.nl/files/pfsense/system.inc
                          fetch -o /usr/local/sbin/miniupnpd http://iserv.nl/files/pfsense/miniupnpd
                          chmod +x /usr/local/sbin/miniupnpd

                          also updated the miniupnpd binary so it logs properly.

                          About that test program, ignore it. What it does is connect from the LAN to the WAN on the opened port and then gets bitten by the fact that there is not NAT reflection for that port.

                          I do not plan on adding that. Furthermore, Azureus does not have this problem (which is what I test with).

                          1 Reply Last reply Reply Quote 0
                          • S
                            Superman
                            last edited by

                            Okay, I tried this all out. Logging is working properly, but the daemon still doesn't seem to restart after a reboot. I'll check over all the files to make sure they're right, but I did follow all the directions…

                            1 Reply Last reply Reply Quote 0
                            • N
                              nsumner
                              last edited by

                              I still get nothing in my log from UPNP. What should I be expecting? Is there anyway we can get another section added to the logs from upnp? It seems to me it is important enough it should have it's own log section.

                              1 Reply Last reply Reply Quote 0
                              • D
                                databeestje
                                last edited by

                                replace /etc/rc.bootup with http://iserv.nl/files/pfsense/rc.bootup.txt

                                This works for me.

                                And the binary which is currently on my site is logging for me. Although it does core dump immediately after reboot :-/
                                Something to do with azureus referencing non-existant rules after a reboot I think.

                                I have updated system.inc and pfsense-utils.inc as well.

                                1 Reply Last reply Reply Quote 0
                                • N
                                  nsumner
                                  last edited by

                                  I just updated all relevant files again (including system.ini and pfsense-utils.inc) as well as the bootup. I rebooted my PfSense and it started on bootup, and NOW is logging. Now that I see how much it is logging I can tell you before it definately was not logging anything.

                                  I will probably now turn of uPnP as I don't actually want it running on my network but I think it is a major addition to PfSense and am happy to help test it.

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    Superman
                                    last edited by

                                    I also can confirm that it is logging fine and that it starts at bootup!! Cool!!

                                    Thanks!

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      databeestje
                                      last edited by

                                      This leaves the following points I want fixed.

                                      • The firewall rule needs to be stricter in the destination address.
                                      • The firewall rule needs to have a label with a description the program provides.
                                      • It needs to clear the redirect and rules table when stopping or restarting miniupnpd.
                                      • We need a page to list the port redirections with the label description.

                                      I would like to claim this bounty and on payment this program will be made into a package for 1.0.
                                      Payment may be sent to seth.mos@xs4all.nl

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        Skud
                                        last edited by

                                        Cool, how does the payment process work? (Yes, bradenmcg and I will pay.. :) )

                                        Do we pay after the items you listed to be fixed are fixed?

                                        Also, the OP stated that he would like this to not be a package as he is using this on a soekris box with no access to the package system. Is there a way for him to install it by just replacing files as we have been doing so far? I'm sure that would be OK with him..

                                        Thanks!!
                                        Riley

                                        1 Reply Last reply Reply Quote 0
                                        • D
                                          databeestje
                                          last edited by

                                          The payment can be sent using PayPal to the email address seth.mos@xs4all.nl

                                          From the issues, 1 - currently on hold for a bit, 2 - working on it, 3 - allready fixed (not online yet), 4 - needs labels on rules first.

                                          Replacing files on the embedded platform works exactly the same. And the binary is not large either. So he can test it as it stands now.

                                          Cheers

                                          1 Reply Last reply Reply Quote 0
                                          • Z
                                            ZPrime
                                            last edited by

                                            I believe my original post mentioned that I want it in the main system…  I use a soekris (CF-based) embedded box so it's useless to me as a package.  I'm willing and able to pay bounty but I need to be able to use it first.  :)
                                            [edit]
                                            OK, I'll give the above a try.  What base revision should I be running?  I think I'm still on beta2 or something (since the embedded stuff is such a pain in the arse to flash, I've been putting it off).  I'm also going to be putting it to the extreme test - I want to see how it functions with the Xbox 360.  The 360 and Azureus are the two reasons I wanted UPnP at all.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.