UPnP support
-
that clarifies things. p2pcatchall it is then.
-
that clarifies things. p2pcatchall it is then.
Yep…although I think this has the same issue ;-P Since the anchor for miniupnpd doesn't specify a queue, the default queue is used. p2pcatchall doesn't work the way you think it does - it doesn't make the default queue p2p, it drops everything that isn't matched by another more explicit policy into the p2p queue. And the rules dropping it into the p2p queue are evaluated before the miniupnpd anchor; so it's already going to be allowed (or denied) by user rules before reaching the miniupnpd anchor (assuming it does since user rules are 'quick'). If it does eventually reach miniupnpd, the queue will change based on the last rule it matches...if no queue is specified on that rule, it will use the 'default' queue.
In other words. miniupnpd and shaper are incompatible in the sense that shaping will work, it just won't work as expected. You can still limit bandwidth, just don't expect anything that isn't prioritized above default to work worth a damn.
--Bill
-
What we need now is a way to tell miniupnpd to attach a queue to it's rules.
Seth?
-
Current 20060924 upstream merged. This should have the XML fixes.
If you want the latest, reinstall the package.
The queues is just simply a pain. Although I am pretty sure you can attach a queue to it I think it's a bit of a problem.
We can not assume it's a p2p either. If you have a XBOX you want the game to have a higher priority. Making a choice in the shaper configuration to dump it into either p2p or games or skype or voipbuster or MSN.
pondering…
For now it is as it is. The good thing is that rules ahead of it match. So stick your p2p thingie in a normal user rule and it will apply to the right queue. All the rest of the random ports for MSN skype and Xbox would "just work" although no specific priority would be applied. Which would still be above p2p.
-
Current 20060924 upstream merged. This should have the XML fixes.
If you want the latest, reinstall the package.
The queues is just simply a pain. Although I am pretty sure you can attach a queue to it I think it's a bit of a problem.
We can not assume it's a p2p either. If you have a XBOX you want the game to have a higher priority. Making a choice in the shaper configuration to dump it into either p2p or games or skype or voipbuster or MSN.
pondering…
For now it is as it is. The good thing is that rules ahead of it match. So stick your p2p thingie in a normal user rule and it will apply to the right queue. All the rest of the random ports for MSN skype and Xbox would "just work" although no specific priority would be applied. Which would still be above p2p.
Yep. I think you have to know what queue number the queue is to add it. You can't just call SIOCADDRULE (or whatever the ioctl is…don't recall the exact name) with the character array representation of the queue, it's gotta be whatever pfctl numbered it.
--Bill
-
I'd be nice to have a page showing the current upnp forwarded ports and the ability to close them off. When I was testing out upnp I had a case were the application didn't close the port due to a crash and then when the app was opened and closed again since the port was already forwarded it wouldn't close it.
-
There is a page that does this, IIRC.
-
Ok, with the latest version, it works perfectly from MSN, but I cant see Internet Connection anymore as shown above.
-
package updated. it should install again.
Cheers,
Seth
-
package updated. it should install again.
Cheers,
Seth
Thanks for all the hard work on this package. I finally got around to making a custom image with the miniupnpd files and my config so I could just write it to the compact flash card and start the box up.
Happy to say that the miniupnpd package is outstanding. Azereus maps/unmaps ports correctly. I was even surprised that the Internet Connection Advaced Services tab in WinXP Network Connections is able to map/unmap ports as well. Really satisified.
Only minor thing I see is in the system logs
miniupnpd[787]: Unknown soap method
Also clicking on the miniupnpd on the pfsense admin pages shows the settings, would perfer it to show the status first as that will be used more than the settings for which interface its configured on. Also the tabs are missing on the status page.
Both those are minor issues.
–---
Note: I used the words attached files in writing the below. Well I can't attach files with extensions sh, xml, tar.gz. So instead I provided links to them at the end of the text. I would've renamed the extensions to txt but I thought that might get confusing.
For anybody else wanting to make a custom image to flash for the embedded platform its quite simple.
I use FreeSBIE in VMware. However you can use any freebsd platform of your choice.
Either use the attached miniupnpd.tar.gz file or follow the steps below to create one with the newest version of the files.
Grab the latest files from http://www.pfsense.com/packages/config/miniupnpd/. This should include miniupnpd, miniupnpd.inc, miniupnpd.xml, status_upnp.php.
Put the files above and the miniupnpd.sh file attached in a directory you create named miniupnpd. Tar the directory using
"tar cfz miniupnpd.tar.gz miniupnpd/"
Now use the attached script sh-add-miniupnpd.sh to add the miniupnpd files to the pfSense.img file (successfully used on snapshot 9-27-06). The script uses the miniupnpd.tar.gz file to extract and add those to the pfSense.img file. You will need to chmod +x sh-add-miniupnpd.sh to give it execute permissions.
Yes, you could modify the script so you wouldn't have to tar the files and just stick them all in the script directory. However, since I use this in VMware I find its easier to keep track of fewer files when copying them back and forth. Plus I can name the miniupnpd tar file so I know which one is the working version and which is the one containing the new files I just grabbed from the web. ;)
"chmod +x sh-add-miniupnpd.sh"
"./sh-add-miniupnpd.sh miniupnpd.tar.gz pfSense.img"Replace the <installedpackages>section in your personalized config you downloaded from your current pfsense box with the supplied <installedpackages>section in the attached cfg-add-miniupnpd.xml file.
Use the attached script sh-replace-config.sh to replace the default config in the pfSense.img file with the config you just created.
"chmod +x sh-replace-config.sh"
"./sh-replace-config.sh yourconfig.xml pfSense.img"Your image is ready. Flash it to the device and enjoy.
Thanks to Seth for helping me out getting this to work. He gave me the <installedpackages>section of the config along answering multiple questions I had about miniupnpd.
Files:
http://wgnrs.dynalias.com:81/pfsense/cfg-add-miniupnpd.xml
http://wgnrs.dynalias.com:81/pfsense/miniupnpd.sh
http://wgnrs.dynalias.com:81/pfsense/miniupnpd.tar.gz
http://wgnrs.dynalias.com:81/pfsense/sh-add-miniupnpd.sh
http://wgnrs.dynalias.com:81/pfsense/sh-replace-config.sh</installedpackages></installedpackages></installedpackages> -
I have just commited these changes.
-
Added -o WAN override option
-
Now defaults to status page
-
If not setup prior, redirects to settings tab
-
Removed Status entry. Now defaults to Services -> Miniupnpd
-
-
I have just commited these changes.
-
Added -o WAN override option
-
Now defaults to status page
-
If not setup prior, redirects to settings tab
What flags the page to know if its setup prior or not. I just grabbed the latest files again and reflashed my device. Now on the status page it shows the tabs and on the settings page I have the wan override box. However it still shows the settings page when clicking miniupnpd, even hitting change on the settings page.
I see this line
['installedpackages']['miniupnpd']['config']
Does that point to the config xml file? I'm almost positive it does. I just did a backup of the config file from the webgui and I have the miniupnpd config section sepcifing the interface_arry.
-
-
Go to System -> Packages -> Installed -> Click reinstall for miniupnpd.
I just commited something a few minutes ago.
-
Okay will do that. Is there a way to kill the firewall log entries for the upnp mapped ports. Azereus fills up the log real quick.
-
Looks like the logging flag is being enabled in the rule. It should be trivial to turn off but the binary will need to be recompiled, etc.
pass in log quick on fxp0 inet proto udp from any to any port = 30492 keep state label "Azureus UPnP 30492 UDP"
Seth, is this something you want to handle?
-
Looks like the logging flag is being enabled in the rule. It should be trivial to turn off but the binary will need to be recompiled, etc.
pass in log quick on fxp0 inet proto udp from any to any port = 30492 keep state label "Azureus UPnP 30492 UDP"
Seth, is this something you want to handle?
While your recompiling the binary the other issue is that no nat reflection rules are being created eventhough i have the disable nat reflection box unchecked. This would be really nice to have fixed. As with Azereus if I want to host trackers I can't check them from my house. It also makes Azereus think its behind a "firewall" due to it not being able to see itself.
-
While your recompiling the binary the other issue is that no nat reflection rules are being created eventhough i have the disable nat reflection box unchecked. This would be really nice to have fixed. As with Azereus if I want to host trackers I can't check them from my house. It also makes Azereus think its behind a "firewall" due to it not being able to see itself.
Really sorry but this will not be fixed. Reflection is a mess as it is and I am not adding that complexity to something like this since we are on the road to being released.
-
While your recompiling the binary the other issue is that no nat reflection rules are being created eventhough i have the disable nat reflection box unchecked. This would be really nice to have fixed. As with Azereus if I want to host trackers I can't check them from my house. It also makes Azereus think its behind a "firewall" due to it not being able to see itself.
Really sorry but this will not be fixed. Reflection is a mess as it is and I am not adding that complexity to something like this since we are on the road to being released.
I understand the focus is on clearing up whatever bugs are left. Let me ask this though, if nat reflection was to be added to upnp it would be in the miniupnpd binary, correct? Since I have some free time (college student) I would like to attempt to make the modifications my self for my own learning. Is the source available for this binary and where? Thanks for your help.
-
No, that would be in the pfSense code which is frozen. The only reason your even seeing this package is because its a package and doesnt touch the main code besides a simple table.
-
That's weird. Cause it works for me.