UPnP support
-
Reflash your box with RC2 and upgrade to RC2e following these instructions: http://forum.pfsense.org/index.php/topic,1820.msg10603.html#msg10603 (yes, it works for embeddeds too).
-
OK, it's working well with Azureus, but not with an Xbox (360, although the normal one should behave the same way).
Bunch of this in the logs:
Aug 18 01:22:22 miniupnpd[682]: Unknown udp packet received from 192.168.42.36:1025 Aug 18 01:22:22 miniupnpd[682]: Unknown udp packet received from 192.168.42.36:1025 Aug 18 01:22:22 miniupnpd[682]: Unknown udp packet received from 192.168.42.36:4776 Aug 18 01:22:22 miniupnpd[682]: Unknown udp packet received from 192.168.42.36:4776 Aug 18 01:22:22 last message repeated 9 times Aug 18 01:22:23 miniupnpd[682]: ST: urn:schemas-upnp-org:service:WANIPConnection:1 Aug 18 01:22:23 miniupnpd[682]: SSDP M-SEARCH packet received from 192.168.42.36:3039 Aug 18 01:22:23 miniupnpd[682]: ST: urn:schemas-upnp-org:service:WANPPPConnection:1 Aug 18 01:22:23 miniupnpd[682]: SSDP M-SEARCH packet received from 192.168.42.36:2306 Aug 18 01:22:23 miniupnpd[682]: ST: urn:schemas-upnp-org:service:WANIPConnection:1 Aug 18 01:22:23 miniupnpd[682]: SSDP M-SEARCH packet received from 192.168.42.36:3039 Aug 18 01:22:22 last message repeated 9 timespfctl -aminiupnpd -sn (and -sr) don't show anything mapping to the Xbox (it is .36 here, the pfsense is 42.1).
I can probably provide an ethereal/tcpdump capture of the wire from the 360 while it is starting up/probing for UPnP if that would be helpful, but don't expect it until Saturday or Sunday (I'm busy Friday and Saturday and probably won't get to a dump until Sat. PM or Sunday).
I found a bit more info about Microsoft's requirements for an "XBox Live compatible router"…
The Xbox implementation of UPnP follows the InternetGatewayDevice:1 specification- more information is available at http://www.upnp.org.
I didn't read through the specs at all, are you following this specification or is it a more limited implementation?
They also make a stink about UDP port assignment and which method they "prefer":
- The NAT can assign one UDP port to each UDP source port used by a client device, regardless of the destination of the UDP packet. We call this “minimal port assignment policy” because it results in the minimum number of UDP ports being assigned by the NAT. This is also sometimes called a “cone” NAT.
- The NAT can assign a different UDP port for each UDP destination. We call this an “aggressive port assignment policy” because it results in the NAT assigning many ports. This is also sometimes called a “symmetric” NAT.
Microsoft specifies a "cone" NAT device as their favorite. I'm not sure which method pf follows since I haven't been watching it that closely. ;)
The full document about Xbox-Live compatible routers is found at Microsoft in a Word Doc. Google does have it cached & available in HTML too though. I obviously don't expect pfSense to be shooting for MS Logo certification here or anything, I just want UPnP to work so I can have multiple XBoxes behind a single pf router/firewall.
Thanks for all your work so far, it's very impressive!
-
PfSense uses symetric NAT. You might have better luck if you switch to static port assignments under outgoing NAT (advanced) on your PfSense box. I am sure others can tell you more but, that might indeed help/fix the problem for you.
-
I will need a packet capture at least since I do not have a Xbox, 360 or not. Although I am tempted to buy one because of Dead Rising.
Anyhoo, I'll see if I can find some information on what the Xbox sends to a Upnp igd. The miniupnpd device we have actually is a IGD.
If you use upnptest.exeNormally the host request a portmap using http (the Xbox should not be different) you can see these when you start or stop Azureus.
You would see a AddPortMapping and DeletePortMapping message in the eventlog.
Similar to this.Aug 18 00:18:19 miniupnpd[88250]: AddportMapping UDP, for 192.168.11.19, description : Azureus UPnP 36981 UDP -
Somebody should donate a xbox to databeestje for his work on this feature and to improve it ;)
-
Good news, eventough I am completely unfamiliar with C i have managed to create a proper miniupnpd.
In a bad patch I made the serial was one character too long which meant discovery did not work.It appears that Azureus did not care :-)
The latest version has the firewall rules set correctly.
The rule Labels have the description the program provides.
The serial number was corrected.This leaves a status page.
Since miniupnpd is a work in progress I have no clue if a XBOX should be expected to work.http://miniupnp.free.fr/
Cheers
-
I just re-downloaded the miniupnpd and updated all the other file (the only one that seems update was pfsense-utils.inc. UPNP now appears to be 100% broken… Using Utorrent the port is not forwarding and nothing is showing up in the system logs. As well when I run upnptest.exe I get nothing in the logs etc.
-
reboot
-
Give me some credit. I did. I also tried disabling a re-enabling UPNP both before and after I reboot.
-
I can't smell that from here :-)
Anyhoo. I have updated all the files directly from my testbox where everything appears to work.
so that is pfsense-utils.inc, system.inc, rc.bootup and miniupnpd.
Perhaps the patches from RC2e affected this.
Also check with ps auxw|grep mini if it is actually running.
If the miniupnpd binary is not executable it will not start. -
I have an original Xbox i could probably send to you, but it's useless without an Xbox Live account (which you'd have to pay for). The 360, on the other hand, comes with basic Live functionality "for free" which would allow you to test fully. It even has a nice "live connectivity test" that will show you what it thinks about your router - if it can't establish UPnP port mappings properly the page will never show "open" for the router (and the Xbox will never be able to properly host a session).
Dead Rising is nearly worth the cost of a 360 by itself though. :D That + Project Gotham 3 + Halo 3 (coming eventually) are enough to push any moderate gamer into buying one. ;D
I'll get you a packet capture as soon as I can, and I'll update to the latest "release" first. What files have you changed since yesterday? I just installed yesterday and I don't see any point to overwriting everything if there are only 2 files I need.
Also, as a good-faith gesture, I'm going to send you $50 paypal now since we do have something working. Just want to insure you (and the rest of the site) that I'm not a deadbeat when it comes to bounties.
-
I can confirm that Utorrent and MSN do not like to talk too upnpd.
The author of that program is 2 weeks on vacation. So I'm not sure I can fix that quickly.
I am still wondering why something like azureus "just works" and other programs have issues.
I have just done a bid on a xbox with a couple of games for 75 euro closeby. That would help me at least.
And I have not played Halo 2 either :-) -
Poking at it some more found some issues. I now got utorrent opening a port and MSN attempting to open a port.
However MSN is trying to be witty and adds a port mapping, then it tries to see if that worked, then tries to map the port again and then removes the port mapping. Very weird.
It's a start though!
Thank you for donating, this will give me resolve to finish this at least and not run away at the halfway point because it is upnp after all.
-
Thank you for donating, this will give me resolve to finish this at least and not run away at the halfway point because it is upnp after all.
Seems to be coming along nicely, great work Seth!
-
UTorrent as you note now works. It actually worked before and then got broken somewhere along the way (when you updated to fix the serial number issue it seems). As well I noticed the little UPNP test program that I generall use now reports a complete success! Actually right now trying 3 different programs they all either work or report UPNP is working properly.
-
replace /etc/inc/system.inc with http://iserv.nl/files/pfsense/system.inc
replace /etc/inc/filter.inc with http://iserv.nl/files/pfsense/filter.inc
replace /usr/local/www/interfaces_lan.php with http://iserv.nl/files/pfsense/interfaces_lan.txt
replace /usr/local/www/interfaces_opt.php with http://iserv.nl/files/pfsense/interfaces_opt.txt
execute this command, fetch -o /usr/local/sbin/miniupnpd http://iserv.nl/files/pfsense/miniupnpd
execute this command, chmod +x /usr/local/sbin/miniupnpdenable it on the lan interface.
Check the sytem logs.
–-
to make it startup on reboot
replace /etc/inc/pfsense-utils.inc with http://iserv.nl/files/pfsense/pfsense-utils.inc
replace /etc/inc/system.inc with http://iserv.nl/files/pfsense/system.inc
fetch -o /usr/local/sbin/miniupnpd http://iserv.nl/files/pfsense/miniupnpd
chmod +x /usr/local/sbin/miniupnpd
replace /etc/rc.bootup with http://iserv.nl/files/pfsense/rc.bootup.txt
This works for me.
Are these the instructions for installing this on the embedded platofrm? If not how do I go about doing it? I would like to test this out.
Perferably it would be nice if this was included in the base as packages since packages arn't supported on the embedded platform, which I know has been stated throughout this thread. I know that probably wouldn't happen for the 1.0 release as features aren't being added, but for the next release this would be a great addition.
Alot of the home network appliances that are coming out require upnp, and almost every off the shelf home router supports this. However stability and other functionality isn't there on these home routers. Also the nat reflection for upnp would be an added bouns.
-
Works on embedded or full installation.
/etc/rc.conf_mount_rw will force the CF RW so you can make these changes. Or use the edit file feature from diagnostics (and command prompt).
-
I have taken Seths great work and created a package under System -> Packages. If you are on a Full Installation then please try it out. Embedded users we will get to you in a bit, please hold the comments to yourself. Thanks!
-
I have taken Seths great work and created a package under System -> Packages. If you are on a Full Installation then please try it out. Embedded users we will get to you in a bit, please hold the comments to yourself. Thanks!
Thanks, I'll be waiting for it. Might just throw a hard drive in the ip330 so I can use the packages. I really appreciate all the work everybody has put into pfsense as a whole.
-
Hi
I have install the Package on the RC2f it works fine :) , but i become follow message in my logfile.
greatly work.
Logfile.
Aug 20 18:12:02 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:12:17 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:13:26 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:14:02 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:14:02 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:14:02 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:14:03 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:14:03 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:14:03 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:14:03 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:14:03 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:14:03 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:14:03 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:14:03 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:15:12 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:15:55 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:15:55 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:15:55 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:15:55 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:15:55 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:15:55 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:15:55 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:15:55 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:15:55 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:15:55 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:15:55 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:16:07 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:16:07 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:16:07 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:16:07 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:16:07 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:16:07 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:16:07 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:16:07 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:16:07 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:16:07 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:16:07 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:16:07 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:16:07 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:16:07 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:16:07 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:16:07 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:16:07 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:16:07 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:16:07 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:16:07 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:16:07 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:16:07 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:16:37 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:16:53 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:17:01 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:17:41 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:17:41 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:17:47 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:17:47 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:17:47 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:17:47 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:17:47 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:17:47 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:17:47 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:17:47 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:17:47 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:17:57 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:17:59 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:19:12 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:19:12 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:19:12 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:19:12 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:19:12 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:19:12 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:19:12 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:19:12 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:19:12 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:19:12 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:19:13 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:19:18 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:19:18 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:19:34 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:19:36 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:19:36 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:19:36 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:19:36 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:19:36 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:19:36 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:19:36 miniupnpd[679]: HTTP REQUEST : SUBSCRIBE /event/WANIPConnection (HTTP/1.1)
Aug 20 18:19:36 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:19:36 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE
Aug 20 18:19:36 miniupnpd[679]: Unsupported HTTP Command SUBSCRIBE