UPnP support
-
It appears this wil be going into base instead of a package although that is still up for discussion
It does make sense for some corporate workplaces though. If you have a lot of skype and videoconferencing then upnp is a good solution and far more granular then opening port ranges or creating static port ranges with static IP's.
A socks proxy is even worse because then you can tunnel anything in and out.
Cheers,
-
Can you see what has been opened by UPNP? IE can a corporate firewall administrator who in a fit of insanity allows uPnP at least see what is going on with it?
-
Not yet.
-
pfctl -aminiupnpd -sr
pfctl -aminiupnpd -sn -
I have tested it and I think I have gone wrong some ware because I get this
XML error: not well-formed (invalid token) at line 99
-
That's very interesting. I have not seen that happen on 3 different hosts I tried it on.
What does the config.xml look like at line 99?
It should (probably) be in the interfaces, lan section
Which should have a <enableupnp>tag.</enableupnp> -
well I have just tryed it on my other PFsense box and it works. Hmm I must of broken something when I was playing around.
-
Okay, I just tested the latest version of miniupnpd…this time I decided to reboot to make sure to clear the tables...and I noticed a small bug, perhaps unique to me, but maybe not.
Miniupnpd did not restart at reboot. I had to go to the LAN page > disable it > apply > enable it > apply again, and then it was running.
Oh, and not much is being logged anymore.
-
It might not be included in the startup scripts. I think the code in HEAD does do this.
I have not rebooted my box yet. So I have not noticed.
-
I am unable to get it working properly.
First I tried utorrent and it seems to of half worked. I never turned green but the port was open doing a port scan…
Then I tried the following program to test http://fp.mgillespie.plus.com/upnphelp.htmhttp://fp.mgillespie.plus.com/upnphelp.htm. There is a link there to download. The program fails tests 7 and 8. In my experience if you pass his test uPnP will work. If you fail his test, it will be hit and miss at best. It of course could just be my setup.
I have my LAN set to 192.168.17.x (just incase there is a buglet there which I doubt), and am using PPPoE (which again I doubt has any effect).
If you have any other program you want me to test with just tell me please. -
to make it startup on reboot
replace /etc/inc/pfsense-utils.inc with http://iserv.nl/files/pfsense/pfsense-utils.inc
replace /etc/inc/system.inc with http://iserv.nl/files/pfsense/system.inc
fetch -o /usr/local/sbin/miniupnpd http://iserv.nl/files/pfsense/miniupnpd
chmod +x /usr/local/sbin/miniupnpdalso updated the miniupnpd binary so it logs properly.
About that test program, ignore it. What it does is connect from the LAN to the WAN on the opened port and then gets bitten by the fact that there is not NAT reflection for that port.
I do not plan on adding that. Furthermore, Azureus does not have this problem (which is what I test with).
-
Okay, I tried this all out. Logging is working properly, but the daemon still doesn't seem to restart after a reboot. I'll check over all the files to make sure they're right, but I did follow all the directions…
-
I still get nothing in my log from UPNP. What should I be expecting? Is there anyway we can get another section added to the logs from upnp? It seems to me it is important enough it should have it's own log section.
-
replace /etc/rc.bootup with http://iserv.nl/files/pfsense/rc.bootup.txt
This works for me.
And the binary which is currently on my site is logging for me. Although it does core dump immediately after reboot :-/
Something to do with azureus referencing non-existant rules after a reboot I think.I have updated system.inc and pfsense-utils.inc as well.
-
I just updated all relevant files again (including system.ini and pfsense-utils.inc) as well as the bootup. I rebooted my PfSense and it started on bootup, and NOW is logging. Now that I see how much it is logging I can tell you before it definately was not logging anything.
I will probably now turn of uPnP as I don't actually want it running on my network but I think it is a major addition to PfSense and am happy to help test it.
-
I also can confirm that it is logging fine and that it starts at bootup!! Cool!!
Thanks!
-
This leaves the following points I want fixed.
- The firewall rule needs to be stricter in the destination address.
- The firewall rule needs to have a label with a description the program provides.
- It needs to clear the redirect and rules table when stopping or restarting miniupnpd.
- We need a page to list the port redirections with the label description.
I would like to claim this bounty and on payment this program will be made into a package for 1.0.
Payment may be sent to seth.mos@xs4all.nl -
Cool, how does the payment process work? (Yes, bradenmcg and I will pay.. :) )
Do we pay after the items you listed to be fixed are fixed?
Also, the OP stated that he would like this to not be a package as he is using this on a soekris box with no access to the package system. Is there a way for him to install it by just replacing files as we have been doing so far? I'm sure that would be OK with him..
Thanks!!
Riley -
The payment can be sent using PayPal to the email address seth.mos@xs4all.nl
From the issues, 1 - currently on hold for a bit, 2 - working on it, 3 - allready fixed (not online yet), 4 - needs labels on rules first.
Replacing files on the embedded platform works exactly the same. And the binary is not large either. So he can test it as it stands now.
Cheers
-
I believe my original post mentioned that I want it in the main system… I use a soekris (CF-based) embedded box so it's useless to me as a package. I'm willing and able to pay bounty but I need to be able to use it first. :)
[edit]
OK, I'll give the above a try. What base revision should I be running? I think I'm still on beta2 or something (since the embedded stuff is such a pain in the arse to flash, I've been putting it off). I'm also going to be putting it to the extreme test - I want to see how it functions with the Xbox 360. The 360 and Azureus are the two reasons I wanted UPnP at all.