UPnP support

sullrich

@rsw686:

@sullrich:

Single WAN only ATM.

I could be wrong on this but can't they just use the external address field to specify which wan to use? This would require have a static ip or a dynamic one that rarely changes.

It needs to also add reply-to against the firewall rules to make this work properly iirc.

tmetz

Outstanding work all!

I haven't seen anyone else bring this up but I don't see the port mappings on the status page. I know the daemon is working.

If I type:

pfctl -aminiupnpd -sn

rdr log on vr1 inet proto tcp from any to any port = 6881 label "utorrent" -> 192.168.10.149 port 6881

pfctl -aminiupnpd -sr

pass in log quick on vr1 inet proto tcp from any to any port = 6881 keep state label "utorrent"

I see my mappings but they never show up on https://pfsense/status_upnp.php. In Firefox 2.0 I do see a table with blank rows, if there is one mapping I see one blank row, if there are 4 mappings I see 4 blank rows. In IE6 I see no table at all.

Thx,

Tim

rsw686

@tmetz:

Outstanding work all!

I haven't seen anyone else bring this up but I don't see the port mappings on the status page. I know the daemon is working.

If I type:

pfctl -aminiupnpd -sn

rdr log on vr1 inet proto tcp from any to any port = 6881 label "utorrent" -> 192.168.10.149 port 6881

pfctl -aminiupnpd -sr

pass in log quick on vr1 inet proto tcp from any to any port = 6881 keep state label "utorrent"

I see my mappings but they never show up on https://pfsense/status_upnp.php. In Firefox 2.0 I do see a table with blank rows, if there is one mapping I see one blank row, if there are 4 mappings I see 4 blank rows. In IE6 I see no table at all.

Thx,

Tim

Thats really weird. I just tested on both Firefox 2.0 and IE6. Mine shows the mappings. Remove and reinstall the package and see if that fixes it.

tmetz

@rsw686:

@tmetz:

Outstanding work all!

I haven't seen anyone else bring this up but I don't see the port mappings on the status page. I know the daemon is working.

If I type:

pfctl -aminiupnpd -sn

rdr log on vr1 inet proto tcp from any to any port = 6881 label "utorrent" -> 192.168.10.149 port 6881

pfctl -aminiupnpd -sr

pass in log quick on vr1 inet proto tcp from any to any port = 6881 keep state label "utorrent"

I see my mappings but they never show up on https://pfsense/status_upnp.php. In Firefox 2.0 I do see a table with blank rows, if there is one mapping I see one blank row, if there are 4 mappings I see 4 blank rows. In IE6 I see no table at all.

Thx,

Tim

Thats really weird. I just tested on both Firefox 2.0 and IE6. Mine shows the mappings. Remove and reinstall the package and see if that fixes it.

I went so far as to remove all my packages, rename the admin account back to admin (I had changed it), then re-installed. Same behavior.
Tried multiple PC's and even one at work via a port forward on the wan interface. Same behavior.
I then turned off SSL and went back to http. Same behavior.
Went to upnp settings and unchecked both Log packets handled by miniupnpd rules? and Use system uptime instead of miniupnpd uptime? and now it's working!
checked both boxes again, NOT working
uncheck both boxes, working.
check log packets, not working
uncheck log packets, working
check uptime box, not working

in between all these checks, I would restart utorrent and run pfctl -aminiupnpd -sn ensuring there was data to display.

My current state is SSL back on, both upnp boxes unchecked and I can see my current mappings.

I'm baffled but happy to see my mappings.

Tim

rsw686

Thanks for figuring that out. I have verified this behavior and will try and fix it. It only happens on my box if log packets is checked. This is what you found right?

EDIT: I found the issue. I wll commit this in a few and you can either reinstall the package again or in the web gui goto diagnostics -> edit file.

Open /usr/local/www/status_upnp.php

Find the following line

if (preg_match("/rdr on (.) inet proto (.) from any to any port = (.) label "(.)" -> (.) port (.)/", $rdr_entry, $matches))

and remove "rdr ". It should look like the below

if (preg_match("/on (.) inet proto (.) from any to any port = (.) label "(.)" -> (.) port (.)/", $rdr_entry, $matches))

tmetz

@rsw686:

Thanks for figuring that out. I have verified this behavior and will try and fix it. It only happens on my box if log packets is checked. This is what you found right?

EDIT: I found the issue. I wll commit this in a few and you can either reinstall the package again or in the web gui goto diagnostics -> edit file.

Open /usr/local/www/status_upnp.php

Find the following line

if (preg_match("/rdr on (.) inet proto (.) from any to any port = (.) label "(.)" -> (.) port (.)/", $rdr_entry, $matches))

and remove "rdr ". It should look like the below

if (preg_match("/on (.) inet proto (.) from any to any port = (.) label "(.)" -> (.) port (.)/", $rdr_entry, $matches))

Great, thx! Yes, I just retested and the problem was only with log packets and not the time option.

Tim

charincol

Just want to say thanks to all who made this package work so well.  I was able to remove the forwarded port mappings for uTorrent and eMule and both are opening and closing the needed ports perfectly.  I tested this with Windows SSDP and UPnP services disabled and both still work.  uTorrent has UPnP built into it, but you have to use the eMule MorphXT version of eMule to get UPnP built in.

mbedyn

hello
Great work.. but seams to  MiniUpnpd service is attached to BASE system and additionally, still exist in packages available to install.
Now, I have two the same entries in menu  ;D

regards
Michael

billm

@mbedyn:

hello
Great work.. but seams to  MiniUpnpd service is attached to BASE system and additionally, still exist in packages available to install.
Now, I have two the same entries in menu  ;D

regards
Michael

De-install the package, then reapply the update.  We'll pull it from the packages list once we have an actual release that contains this in base :)

–Bill

trendchiller

BTW:
uPNP is not too important for me, but nice that it works, but:

cosmetically it would look much better when called uPNP in the GUI, not miniupnpd i think…

and would it be possible to have a checkbox to activate or deactivate, since it's built in to pfsense by now ?

as in the RIP package, there is a way to enable or disable... would be some kind of essential i think...

regards,

Martin

rsw686

@trendchiller:

BTW:
uPNP is not too important for me, but nice that it works, but:

cosmetically it would look much better when called uPNP in the GUI, not miniupnpd i think…

and would it be possible to have a checkbox to activate or deactivate, since it's built in to pfsense by now ?

as in the RIP package, there is a way to enable or disable... would be some kind of essential i think...

regards,

Martin

Don't select any interfaces and its not enabled. If you've selected an interface and want to deselect it hold the ctrl key and click the selected interface. Save the settings. Look in the log it will say something like

miniupnpd: syncing package
miniupnpd: no interfaces found stopping service

hoba

Can you add this as description somewhere in the gui? I think this will become a faq if it's not noted there.

rsw686

@hoba:

Can you add this as description somewhere in the gui? I think this will become a faq if it's not noted there.

I'll do that as well as removing the the syslog messages unless the service is active. That way there is no confusion whether its active or not.

hoba

Great  :)

Skud

If it's just as easy, why not put an "Enable UPnP" checkbox? That way there is no confusion and if it's unchecked you KNOW that it's not running..

Again, if it's just as easy..

Thanks!!
Riley

trendchiller

I'd find it better, too… with a checkbox...

else, why is the miniupnpd listed in the packages tab when it's included in the pfsense itself ?

rsw686

@trendchiller:

I'd find it better, too… with a checkbox...

else, why is the miniupnpd listed in the packages tab when it's included in the pfsense itself ?

Its listed in the packages tab because its not included in an official release yet. Once it is, it will be removed from the packages list.

Yes its easy to add a checkbox, but I really don't understand why. Its redundant to the interfaces box. A check is just as easy to spot as a highlighted interface.  ;) ;)

The thing is then if you select the checkbox miniupnpd might not be running because no interfaces are selected.

Let me discuss this and I'll get back to you two on it.

billm

@trendchiller:

I'd find it better, too… with a checkbox...

else, why is the miniupnpd listed in the packages tab when it's included in the pfsense itself ?

I answered that something like 5 posts back.

–Bill

rsw686

I updated miniupnpd to version 20061214. I added the checkbox to enable it, and changed the format of miniupnpd to MiniUPnPd on the menu. Let me know if theres anything else you see that should be changed.

valnar

Sorry I haven't read through this whole thread, but I have a question.

I'm coming as a m0n0wall user that needs UPnP support.  Do any of the later builds have this already installed in pfsense?  Or is it still a manual process to get it added?  I need this functionality to make an H.323 video application work.  http://www.polycom.com/products_services/0,,pw-4367,00.html

I'll be using the embedded (WRAP) image.

Thanks!
Robert