-
Hello,
I have a pfsense 1.2 with a Wan on PPoE , a Lan and a DMZ
Upnp work ok on Lan, or on DMZ,
However when I enable both Lan & DMZ only one work (Lan and not DMZ) Is this a limitation?Also, I guess there is no Upnp client on the pfsense WAN. When pfsense is behind a Speedstream router with fw and upnp.
DHCP on the Wan interface you get the ip gw and dns ok
But if a client on Lan of pfsense try to open a port outside, pfsense open the port ok (as i see in upnp/status) but it does not go thru the router. This isn't an issue anymore on my install cause I use PPoE now. -
I thought the issue of having UPnP enabled on multiple interfaces was already resolved. However I guess there are still some limitations. I won't be able to look into this until after next week.
Nope there is no UPnP on the WAN interface. Like most other UPnP routers you need to have a public IP on the pfSense box for UPnP to work.
Why not remove the Speedstream router or if it is a modem/router use it in bridge mode. Then pfSense will have a public IP and UPnP will work correctly.
-
I thought the issue of having UPnP enabled on multiple interfaces was already resolved. However I guess there are still some limitations. I won't be able to look into this until after next week.
Nope there is no UPnP on the WAN interface. Like most other UPnP routers you need to have a public IP on the pfSense box for UPnP to work.
Why not remove the Speedstream router or if it is a modem/router use it in bridge mode. Then pfSense will have a public IP and UPnP will work correctly.
Tried it a few times, LAN only ok, DMZ only ok, BOTH enabled only LAN worked.
I can live with the limitation as the seed box is on the DMZ.I did removed the router and I am now using the modem in bridge mode. Just that for the initial testing it would have made life easier . ;)
-
Here is an update on the UPnP multiple interface issue
Now with LAN, DMZ, DMZ2 interface , I can get DMZ and DMZ2 Upnp working fine
but when I enable the 3 interfaces UPnP only work on the LAN interface …Fire rules on the LAN interface:
Pass, Log * LAN Net * LAN Net * *
Pass * LAN Net * * * * -
Here is an update on the UPnP multiple interface issue
Now with LAN, DMZ, DMZ2 interface , I can get DMZ and DMZ2 Upnp working fine
but when I enable the 3 interfaces UPnP only work on the LAN interface …Fire rules on the LAN interface:
Pass, Log * LAN Net * LAN Net * *
Pass * LAN Net * * * *Thanks for the testing. I'll have to look into this. My schedule is packed this week, but I'll see what I can do. It might take some time as I need to setup a test network in VMWare.
-
Thanks for the testing. I'll have to look into this. My schedule is packed this week, but I'll see what I can do. It might take some time as I need to setup a test network in VMWare.
No problem, kinda doing nothing at home these days … I have time to play with things ;)
This doesn`t seems to be a big issue ... (no one in this thread ;D)
There is no rush on my side anyway.Yet another thing I found strange ... on DMZ2,
One computer (192.168.218.128) is using Skype and dna
normaly I see the correct IP in Upnp Status:Port Protocol Internal IP Description 25166 tcp 192.168.218.128 Skype 25166 udp 192.168.218.128 Skype 14299 tcp 192.168.218.128 dna
However, when he started his VPN to his office
(tunnel running on the PC no VPN on the pfsense)I was getting this:
Port Protocol Internal IP Description 25166 tcp 192.168.1.246 Skype 25166 udp 192.168.1.246 Skype 14299 tcp 192.168.1.246 dna
Until I blocked the Private Networks on the OPT2 interface with:
Pass * DMZ2 Net * DMZ2 Net * * Block * DMZ2 Net * PrivateLanD * * Pass * DMZ2 Net * ! PrivateLanD * * Block * PrivateLanD * * * * DMZ2 Net: 192.168.218.0/24 PrivateLanD: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
now I see this:
Port Protocol Internal IP Description 25166 tcp 192.168.218.128 Skype 25166 udp 192.168.218.128 Skype 14299 tcp 192.168.1.246 dna
???
I don't see any states related to 192.168.1 …
the 218.128 PC is on a WIFI router, maybe the router is acting up also ...
This is not an issue for me as the router and PC will be gone in a few days ::) -
Not sure on that. I did work on updating upnp to the latest release. Try installing it via the instructions on the below thread. Since you have a setup to test with we could see if the multiple interface issue was resolved in the later release.
http://forum.pfsense.org/index.php/topic,6594.msg47191.html#msg47191
-
Not sure on that. I did work on updating upnp to the latest release. Try installing it via the instructions on the below thread. Since you have a setup to test with we could see if the multiple interface issue was resolved in the later release.
http://forum.pfsense.org/index.php/topic,6594.msg47191.html#msg47191
Yup I could try it, even now ;O) … if it works ;o) what is involved in "restoring the old files" part?
i don't mind reverting things but a full reinstall of 1.2 is kinda long ... 1 hour downtime ... -
reapply the firmwareupdate of 1.2 and you'll be back to the original files. It only takes a reboot and downtime of a few minutes.
-
reapply the firmwareupdate of 1.2 and you'll be back to the original files. It only takes a reboot and downtime of a few minutes.
Ok, jumping now ;D
I enable on LAN opt1 and opt2 and I get:
The following input errors were detected:
* You must fill in both 'Maximum Download Speed' and 'Maximum Upload Speed' fields
However, with LAN, OPT1 and OPT2 Upnp enabled,
it seems to be functional, but this time only on the OPT1 and OPT2 interface
and in Diagnostics: Show States, it only show UDP:1900 on the OPT1 and 2 interfaceWith LAN only … boohoohoo no UPnP :o
so I will enable it on the two OPT interface to make some users happy !
here is the status after 10 minutes:
Port Protocol Internal IP Description 14298 tcp 192.168.1.246 dna
I enabled the Log Packets, System Uptime, Secure mode options
I still see the VPN ip but no skype … ( then again I did do the mod online and I don't have access to the clients)The other DMZ is doing fine with Utorrent
-
The following input errors were detected:
* You must fill in both 'Maximum Download Speed' and 'Maximum Upload Speed' fields
Sorry this was a logic error. I have correct this. Just re-run the ./upnp_support update command.
-
With LAN only … boohoohoo no UPnP :o
Huh ??? I am running this version on my main pfSense box with UPnP on the LAN only and it works great.
-
2nd update …
now UpNp on OPT2 only !!!
:-[
can I get the one before :D
-
reapply the firmwareupdate of 1.2 and you'll be back to the original files. It only takes a reboot and downtime of a few minutes.
Is this the same as Reinstall Packages in Diagnostics: Backup/Restore
:o
never mind, installing firmware now >:(
-
2nd update …
now UpNp on OPT2 only !!!
:-[
can I get the one before :D
[/quote]Its the same miniupnpd binary. Just the check for the webgui field completion was changed.
-
Yes the webgui completion was fine with the 2nd update …
I reapply the firmware, it is long ... 20 30 min :'(
Add another 3 min cause it stall at Syncing system time
Looks like the ng0 is not up , or DNS before syncing ...
then the PPoE WAN connection starts at some point before the OpenNTP time client start,Takes 2 min to upgrade and 45 to revert :-[ [move]Hum i'm dreaming of a fetch h ttp://wgnrs.dynalias.com/pfsense/miniupnpd/upnp_support_1.2 for next time :o
So back to square one: :D
I see the pfsense router in the Network Connections of XP on both LAN and OPT1
Only Utorrent on the LAN interface can open a port, no port opening on the OPT1
so I revert back to OPT1 and OPT2 UPnP enabled, no UPnP on LANthis is the rules on LAN interface
Pass,Log * LAN Net * LAN Net * * Pass,Log * LAN Net * DMZ Net * * Block,Log * LAN Net * PrivateLanD * * Pass.Log * LAN Net * ! PrivateLanD * * LAN Net: 172.18.0.0/16 PrivateLanD: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
-
Takes 2 min to upgrade and 45 to revert :-[ [move]Hum i'm dreaming of a fetch h ttp://wgnrs.dynalias.com/pfsense/miniupnpd/upnp_support_1.2 for next time :o
Reapplying the firmware update is just the easy way of restoring. If you took a look at the upnp_support file you'll notice it only updates 4 files. You could easily grab those files from pfSense and restore them. This script was more for my use.
If the newer version made no difference I would've just left it installed. That is the version I'm going to be putting into 1.3.
-
Takes 2 min to upgrade and 45 to revert :-[ [move]Hum i'm dreaming of a fetch h ttp://wgnrs.dynalias.com/pfsense/miniupnpd/upnp_support_1.2 for next time :o
Reapplying the firmware update is just the easy way of restoring. If you took a look at the upnp_support file you'll notice it only updates 4 files. You could easily grab those files from pfSense and restore them. This script was more for my use.
If the newer version made no difference I would've just left it installed. That is the version I'm going to be putting into 1.3.
Yup I saw the files it updated while it was running, should have open it before running it :-[, but that was to late.
I'm kinda new to FreeBSD, so I guess I should have backup the .inc,.php,.xml files, or get them back from the iso, or fetch them from? ….The newest version, that is the 2nd update I applied, was only working on the OPT2 interface ... so I revert to the 1.2 one in order to get OPT1 and OPT2 with UPnP enabled.
The 1st update (WebGui message about the Speed) was ok with both OPT, but no UPnP on LAN -
With 1.2:
If I enable Upnp on both LAN and OPT1, on OPT1 the pfsense router is seen with the LAN address , but Utorrent can not open port with UpNp, maybe because I block the OPT1 -> LAN in the firewall rules. So I added a rule OPT1 -> Lan Address but still no port opening.If I enable OPT1 only, pfsense is seen with the OPT1 address and Utorrent can open port with Upnp