UPnP support
-
I upgraded to RC2i. Obviously in doing so UPnP was broken. I decided to install the package. I installed the package and it doesn't even begin to work. If I enable it on the LAN interface when I hit save I get the following error.
Fatal error: Call to undefined function: system_start_upnp_daemon() in /usr/local/www/interfaces_lan.php on line 118
I am going to remove the package and then install it manually (and I am guessing it will work). But perhaps the package should be removed until things are a little more settled.
-
I just noticed the author of miniupnpd posted a new version of the source that already has most of the changes I worked all night to implement…
Well there goes one day of hard slave labor :(
Here's a binary version that should work on the embedded platforms: www.sloservers.com/miniupnpd
Try that out with your xboxes--it should work.
-
Will upnp break traffic shape?
I don't see why it would… The biggest issue would be that if you have certain ports shaped and a workstation decides to use one of those ports for UPnP it will get shaped. I.e. you have the range 5000-5100 shaped to low priority as ports for IRC DCC sending, and then an XBox decides to use 5051 or something, it is going to be put in the low priority queue.
ollopa - I'll give that new binary a try tonight. Any other changes I need to make? Also, I'm still running RC2e, will this matter?
-
@bradenmcg:
ollopa - I'll give that new binary a try tonight. Any other changes I need to make? Also, I'm still running RC2e, will this matter?
All the previous patches still have to be applied to for UPnP. Just use the binary I posted instead of the other one. If you've already installed miniupnpd on your RC2e then just replace the miniupnpd binary and try it out.
I found a smarter way to enable UPnP on bridged interfaces, BTW (LAN+WIRELESS for example). I'm going to try patch my pfSense install to use this method. I'll report back later.
Is anybody working on GUI pages for UPnP? I don't want to duplicate another person's efforts (again).
-
I saw your email re: wireless… I do not have a wireless card in my pf box. I have one AP (wired) hanging off a switch that is on the LAN - that AP runs WPA2/AES and I consider it to be as secured as any of my wired PCs.
I have a second AP that is wide open, and it is on its own interface on the soekris/pfsense, but it's routed on its own subnet. I used to use bridge mode between my LAN and WAN (pfsense as a bridging firewall) but that was only so I could use a different router for UPnP. ;)
-
Well I updated the latest release of miniupnpd. It's possible to pass the uuid string to the device with the -u parameter now (this is only to support multiple instances of miniupnpd on the same network). I also implemented SSDP announcements and fixed a minor bug in the SSDP implementation.
The lastest binary (compiled for 486 and up) is on my website here www.sloservers.com/miniupnpd
Can anybody test it out and report results?
-
Well, the latest miniupnp daemon is working with the xbox 360, or at least, the 360 says (During the xbox live test) that my NAT status is "open." Open is the best, the other two options are "filtered" and "strict". PF was showing as "strict" before.
-
Sweet, could you post diff's or possibly contribute the code back to http://miniupnp.free.fr/ ? I'm unfortunately currently running OpenBSD. Of course I promised the $15 bounty, so just let me know where to send it.
bradenmcg, you'll have to add me to your Friends list so we can try a voice chat or game.
-
I did send a patch back to the original author but I'm not sure how much of it he's going to accept or when he'll get it merged and posted online.
I'll give up my source and the latest compiled binary (for 486 and up) here: http://www.sloservers.com/miniupnp
(note the lack of a d on miniupnp this time).The source is is in a tgz. Compile on *BSD with gmake or just link the object files by hand…
Paypal contributions to rick@sloservers.com would be appreciated. I will continue work on the daemon if there are any bugs, features, etc.
-
FWIW, it's still not perfect as when the Xbox 360 starts, miniupnpd is confused by something and it logs a few "unknown packet" errors. However, it's implementing enough of the protocol to satisfy the xbox so it will map ports OK… If you want pcap-style network dumps of the conversation between the 360 and your current build of miniupnpd i can provide... also if you want to give me a debug version of the daemon that spits out more on the log that is cool too.
-
Actually I saw the startup capture you posted previously.
What's going on is that the Xbox is announcing its presense and miniupnpd is ignoring the packet and logging that it received something other than an M-SEARCH.
miniupnpd doesn't need to act on this information but it also shouldn't give an error message.
I will patch miniupnpd to handle notifies from other devices without giving an error message.Look back here in 10 minutes.Done.
Try the version that is in this folder: http://www.sloservers.com/miniupnp
Right-click miniupnpd and save-as. -
Thanks for your work on this. the pfSense team will be sending 25$ as promised.
-
if all is well the author of miniupnp will get back to you. I see that his version was update the 9th september, I'll see if I can break something tomorrow and get the upnp package for pfSense current with both codebases.
Some merging to do at least. I know that at least our -o option for a external IP did not make it.
Furthermore, the package include a status_upnp.php so you can see if ports are being forwarded.
On the broken client side, I found that the current Hamachi 1.0 beta only adds ports and does not remove them.
I have about 60 of those now. 2 added after each reboot.Note that pressing save on the interface configuration page will reset all port forwards. Most upnp devices will readd your port within 10 minutes. They poll every 5 minutes or so if it is still valid.
I'll resume work tomorrow, i've been gone for a few weeks and needed some time.
-
I did upload the latest miniupnpd file to /usr/local/sbin, the service is running, but Windows Live Messenger still says I am using a "symetrical NAT non-UPNP network".
-
For me, Windows live messenger (installed for 5 minutes then uninstalled) says I am connected through a UPnP symetric NAT.
-
MSN messenger 7.5 says symmetric UPnP NAT for me.
MSN Live Messenger also say UPnP symmetric NAT.
Download this UPnP tester here http://noeld.com/programs.asp?cat=dstools#upnptest and look for root devices.
The latest version should show up as miniupnp daemon. If not, then you have a problem with your firewall settings or your miniupnpd installation. -
Will upnp break traffic shape?
Depending on where the anchor for miniupnp is placed you'll probably see all traffic that matches your upnp rule(s) fall into the default queue.
–Bill
-
If there are 2 router with UPNP, will clients get wrong gateway upnp ip? Not all client are using same gateway.
-
It will likely depend upon your client's implementation.
It's up to your client to determine which UPnP device to use.
-
Just out of interest what is happening in regards to the UPNP support. Will it be in the next release as a switch on function??? I have tested wail databeestje was programing and it did work with some apps. ollopa seems to of done some good updates to make the Upnp function more.