Upnp woes …

RonpfS

@rsw686:

I thought the issue of having UPnP enabled on multiple interfaces was already resolved. However I guess there are still some limitations. I won't be able to look into this until after next week.

Nope there is no UPnP on the WAN interface. Like most other UPnP routers you need to have a public IP on the pfSense box for UPnP to work.

Why not remove the Speedstream router or if it is a modem/router use it in bridge mode. Then pfSense will have a public IP and UPnP will work correctly.

Tried it a few times, LAN only ok, DMZ only ok, BOTH enabled only LAN worked.
I can live with the limitation as the seed box is on the DMZ.

I did removed the router and I am now using the modem in bridge mode. Just that for the initial testing it would have made life easier . ;)

RonpfS

Here is an update on the UPnP multiple interface issue

Now with LAN, DMZ, DMZ2  interface , I can get DMZ and DMZ2 Upnp working fine
but when I enable the 3 interfaces UPnP only work on the LAN interface …

Fire rules on the LAN interface:
Pass, Log * LAN Net * LAN Net * *
Pass        * LAN Net * *          * *

rsw686

@RonpfS:

Here is an update on the UPnP multiple interface issue

Now with LAN, DMZ, DMZ2  interface , I can get DMZ and DMZ2 Upnp working fine
but when I enable the 3 interfaces UPnP only work on the LAN interface …

Fire rules on the LAN interface:
Pass, Log * LAN Net * LAN Net * *
Pass        * LAN Net * *          * *

Thanks for the testing. I'll have to look into this. My schedule is packed this week, but I'll see what I can do. It might take some time as I need to setup a test network in VMWare.

RonpfS

@rsw686:

Thanks for the testing. I'll have to look into this. My schedule is packed this week, but I'll see what I can do. It might take some time as I need to setup a test network in VMWare.

No problem, kinda doing nothing at home these days … I have time to play with things  ;)

This doesn`t seems to be a big issue ... (no one in this thread  ;D)
There is no rush on my side anyway.

Yet another thing I found strange ... on DMZ2,
One computer (192.168.218.128) is using Skype and dna
normaly I see the correct IP in  Upnp Status:

Port  	Protocol  	Internal IP  	Description
25166 	tcp 	192.168.218.128 	Skype
25166 	udp 	192.168.218.128 	Skype
14299 	tcp 	192.168.218.128 	dna

However, when he started his VPN to his office
(tunnel running on the PC no VPN on the pfsense)

I was getting this:

Port  	Protocol  	Internal IP  	Description
25166 	tcp 	192.168.1.246	Skype
25166 	udp 	192.168.1.246   Skype
14299 	tcp 	192.168.1.246 	dna

Until I blocked the Private Networks on the OPT2 interface with:

Pass  * DMZ2 Net     *   DMZ2 Net    * *
Block * DMZ2 Net     *   PrivateLanD * *
Pass  * DMZ2 Net     * ! PrivateLanD * *
Block * PrivateLanD  *   *           * *

DMZ2 Net: 192.168.218.0/24
PrivateLanD: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16

now I see this:

Port  	Protocol  	Internal IP  	Description
25166 	tcp 	192.168.218.128	Skype
25166 	udp 	192.168.218.128	Skype
14299 	tcp 	192.168.1.246 	dna

???

I don't see any states related to 192.168.1 …
the 218.128 PC is on a WIFI router, maybe the router is acting up also ...
This is not an issue for me as the router and PC will be gone in a few days  ::)

rsw686

Not sure on that. I did work on updating upnp to the latest release. Try installing it via the instructions on the below thread. Since you have a setup to test with we could see if the multiple interface issue was resolved in the later release.

http://forum.pfsense.org/index.php/topic,6594.msg47191.html#msg47191

RonpfS

@rsw686:

Not sure on that. I did work on updating upnp to the latest release. Try installing it via the instructions on the below thread. Since you have a setup to test with we could see if the multiple interface issue was resolved in the later release.

http://forum.pfsense.org/index.php/topic,6594.msg47191.html#msg47191

Yup I could try it, even now ;O) … if it works ;o) what is involved in "restoring the old files" part?
i don't mind reverting things but a full reinstall of 1.2 is kinda long ... 1 hour downtime ...

hoba

reapply the firmwareupdate of 1.2 and you'll be back to the original files. It only takes a reboot and downtime of a few minutes.

RonpfS

@hoba:

reapply the firmwareupdate of 1.2 and you'll be back to the original files. It only takes a reboot and downtime of a few minutes.

Ok, jumping now  ;D

I enable on LAN opt1 and opt2 and I get:

The following input errors were detected:

* You must fill in both 'Maximum Download Speed' and 'Maximum Upload Speed' fields

However, with LAN, OPT1 and OPT2 Upnp enabled,
it seems to be functional, but this time  only  on the OPT1 and OPT2 interface
and in Diagnostics: Show States, it only show UDP:1900 on the OPT1 and 2 interface

With LAN only … boohoohoo no UPnP  :o

so I will enable it on the two OPT interface to make some users happy !

here is the status after 10 minutes:

Port  	Protocol  	Internal IP  	Description
14298 	tcp 	      192.168.1.246 	dna

I enabled the Log Packets, System Uptime, Secure mode options
I still see the VPN ip but no skype … ( then again I did do the mod online and I don't have access to the clients)

The other DMZ is doing fine with Utorrent

rsw686

@RonpfS:

The following input errors were detected:

* You must fill in both 'Maximum Download Speed' and 'Maximum Upload Speed' fields

Sorry this was a logic error. I have correct this. Just re-run the ./upnp_support update command.

rsw686

@RonpfS:

With LAN only … boohoohoo no UPnP  :o

Huh  ??? I am running this version on my main pfSense box with UPnP on the LAN only and it works great.

RonpfS

2nd update …

now UpNp on OPT2 only  !!!

:-[

can I get the one before  :D

RonpfS

@hoba:

reapply the firmwareupdate of 1.2 and you'll be back to the original files. It only takes a reboot and downtime of a few minutes.

Is this the same as Reinstall Packages in Diagnostics: Backup/Restore

:o

never mind, installing firmware now  >:(

rsw686

@RonpfS:

2nd update …

now UpNp on OPT2 only  !!!

:-[

can I get the one before  :D
[/quote]

Its the same miniupnpd binary. Just the check for the webgui field completion was changed.

RonpfS

Yes the webgui completion was fine with the 2nd update …

I reapply the firmware, it is long ... 20 30 min  :'(
Add another 3 min cause it stall at Syncing system time
Looks like the ng0 is not up , or DNS before syncing ...
then the  PPoE WAN connection starts  at some point before the OpenNTP time client start,

Takes 2 min to upgrade and 45 to revert  :-[ [move]Hum i'm dreaming of a fetch h ttp://wgnrs.dynalias.com/pfsense/miniupnpd/upnp_support_1.2 for next time  :o

So back to square one:  :D
I see the pfsense router in the Network Connections of XP on both LAN and OPT1
Only Utorrent on the LAN interface can open a port, no port opening on the OPT1
so I revert back to OPT1 and OPT2 UPnP enabled, no UPnP on LAN

this is the rules on LAN interface

Pass,Log  * LAN Net      *   LAN Net     * *
Pass,Log  * LAN Net      *   DMZ Net     * *
Block,Log * LAN Net      *   PrivateLanD * *
Pass.Log  * LAN Net      * ! PrivateLanD * *

LAN Net: 172.18.0.0/16
PrivateLanD: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16

rsw686

@RonpfS:

Takes 2 min to upgrade and 45 to revert  :-[ [move]Hum i'm dreaming of a fetch h ttp://wgnrs.dynalias.com/pfsense/miniupnpd/upnp_support_1.2 for next time  :o

Reapplying the firmware update is just the easy way of restoring. If you took a look at the upnp_support file you'll notice it only updates 4 files. You could easily grab those files from pfSense and restore them. This script was more for my use.

If the newer version made no difference I would've just left it installed. That is the version I'm going to be putting into 1.3.

RonpfS

@rsw686:

@RonpfS:

Takes 2 min to upgrade and 45 to revert  :-[ [move]Hum i'm dreaming of a fetch h ttp://wgnrs.dynalias.com/pfsense/miniupnpd/upnp_support_1.2 for next time  :o

Reapplying the firmware update is just the easy way of restoring. If you took a look at the upnp_support file you'll notice it only updates 4 files. You could easily grab those files from pfSense and restore them. This script was more for my use.

If the newer version made no difference I would've just left it installed. That is the version I'm going to be putting into 1.3.

Yup I saw the files it updated while it was running, should have open it before running it  :-[, but that was to late.
I'm kinda new to FreeBSD, so I guess I should have backup the .inc,.php,.xml files, or get them back from the iso, or fetch them from? ….

The newest version, that is the 2nd update I applied, was only working on the OPT2 interface ... so I revert to the 1.2 one in order to get OPT1 and OPT2 with UPnP enabled.
The 1st update (WebGui message about the Speed) was ok with both OPT,  but no UPnP on LAN

RonpfS

With 1.2:
If I enable Upnp on both LAN and OPT1, on OPT1 the pfsense router is seen with the LAN address , but Utorrent can not open port with UpNp, maybe because I block the OPT1 -> LAN in the firewall rules. So I added a rule OPT1 -> Lan Address but still no port opening.

If I enable OPT1 only,  pfsense is seen with the OPT1 address and Utorrent can open port with Upnp