Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Miniupnpd issues with lastest snapshot

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    70 Posts 22 Posters 33.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by

      It has not been a package since before 1.2 even. It is merely configured using the internal pkg system for its gui page. Nothing about it is a package in the binary sense, and that's what this is – an issue with the miniupnpd code/binary.

      If someone in this thread has said miniupnpd "package" they meant "package" in the freebsd sense, not in pfSense.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • C
        Cybdex
        last edited by

        I must say i kinda regret trying the 2.1 beta to see if my isp was kind enough to give me ipv6 addresses (witch they don't), and now miniupnpd not working for months..

        Wish there was a easy way back to stable without having to set up everything again.

        C

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          I'd like to see upnp work more than anyone else, but when people are real dicks about it (see https://redmine.pfsense.org/issues/2527#change-9600 ), it doesn't help. It is rather discouraging.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • S
            strumf666
            last edited by

            Well I hope you don't get discouraged about it so we'll hopefully have uPnP working soon :)

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              Well it takes more than a single guy with a bad attitude to knock a project off-track, but it still doesn't sit well. Can't please everyone. Especially people who have a faulty expectation of early beta snapshot images.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Keep an eye out for the next new snapshot.

                upnp.png
                upnp.png_thumb

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • C
                  Cino
                  last edited by

                  @jimp:

                  Keep an eye out for the next new snapshot.

                  thank you Jim!! I will update my i386 install once its available for download…. I saw the post on redmine this afternoon and its a shame.. Yeah it sucks that upnp stop working but this is why we test and report our findings... I took the chance to use 2.1 beta in production. If something stops working, I can only blame myself and report that there is an issue... Not to flame on you or anyone on the pfsense team. I'll be honest, there are times I want too but we are adults here... At least most of us are anyways...

                  Thank you for all your hard work!

                  1 Reply Last reply Reply Quote 0
                  • I
                    iFloris
                    last edited by

                    Upnp works again in 2.1-BETA0 (i386)
                    built on Sun Aug 5 18:24:50 EDT 2012
                    FreeBSD 8.3-RELEASE-p3.

                    Really nice to have this working again, thanks for all the hard work.
                    The efforts by the pfsense team in building such a great firewall are appreciated enormously.

                    one layer of information
                    removed

                    1 Reply Last reply Reply Quote 0
                    • M
                      mikhe
                      last edited by

                      2.1-BETA0 (amd64)
                      built on Sun Aug 5 17:20:36 EDT 2012
                      FreeBSD 8.3-RELEASE-p3
                      Thank you jimp

                      1 Reply Last reply Reply Quote 0
                      • C
                        Cino
                        last edited by

                        We are getting closer :-) It starts, but not interfacing with pf. i386

                        
                        Aug 6 07:32:31 	miniupnpd[44199]: Failed to add NAT-PMP 52225 udp->192.168.0.100:52225 'NAT-PMP 52225 udp'
                        Aug 6 07:32:31 	miniupnpd[44199]: Failed to add NAT-PMP 52225 udp->192.168.0.100:52225 'NAT-PMP 52225 udp'
                        Aug 6 07:32:31 	miniupnpd[44199]: ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: Operation not supported by device
                        Aug 6 07:32:31 	miniupnpd[44199]: ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: Operation not supported by device
                        Aug 6 07:32:31 	miniupnpd[44199]: ioctl(dev, DIOCGETRULES, ...): Operation not supported by device
                        Aug 6 07:32:31 	miniupnpd[44199]: ioctl(dev, DIOCGETRULES, ...): Operation not supported by device
                        Aug 6 07:32:31 	miniupnpd[44199]: Failed to add NAT-PMP 52225 tcp->192.168.0.100:52225 'NAT-PMP 52225 tcp'
                        Aug 6 07:32:31 	miniupnpd[44199]: Failed to add NAT-PMP 52225 tcp->192.168.0.100:52225 'NAT-PMP 52225 tcp'
                        Aug 6 07:31:50 	miniupnpd[44199]: ioctl(dev, DIOCGETRULES, ...): Operation not supported by device
                        Aug 6 07:31:50 	miniupnpd[44199]: ioctl(dev, DIOCGETRULES, ...): Operation not supported by device
                        Aug 6 07:31:50 	miniupnpd[44199]: ioctl(dev, DIOCGETRULES, ...): Operation not supported by device
                        Aug 6 07:31:50 	miniupnpd[44199]: ioctl(dev, DIOCGETRULES, ...): Operation not supported by device
                        Aug 6 07:31:50 	miniupnpd[44199]: ioctl(dev, DIOCGETRULES, ...): Operation not supported by device
                        Aug 6 07:31:50 	miniupnpd[44199]: ioctl(dev, DIOCGETRULES, ...): Operation not supported by device
                        Aug 6 07:31:23 	miniupnpd[44199]: Listening for NAT-PMP traffic on port 5351
                        Aug 6 07:31:23 	miniupnpd[44199]: Listening for NAT-PMP traffic on port 5351
                        Aug 6 07:31:23 	miniupnpd[44199]: HTTP listening on port 2189
                        Aug 6 07:31:23 	miniupnpd[44199]: HTTP listening on port 2189
                        
                        
                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          Yes it does start and function on amd64, I know that much for sure. i386 is a bit more of mystery. I copied the binary over to my i386 firewall and it works there. I updated my alix and it didn't work there.

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • jimpJ
                            jimp Rebel Alliance Developer Netgate
                            last edited by

                            Can someone else on i386 try this:

                            killall -9 miniupnpd
                            fetch -o /usr/local/sbin/miniupnpd http://files.chi.pfsense.org/jimp/miniupnpd-i386
                            chmod 555 /usr/local/sbin/miniupnpd
                            

                            And then restart the miniupnpd service in the GUI, and see if it works.

                            That binary now works on my Alix.

                            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            1 Reply Last reply Reply Quote 0
                            • C
                              catfish99
                              last edited by

                              I am using  pfSense 2.1-BETA0-pfSense (i386) on a Soekris 6501.

                              I tried the miniupnpd file replacement you mentioned. Activated miniupnpd, and then ran Skype and Transmission. Neither got added - ie. still doesn't work as it should.

                              However, miniupnpd keeps running - which is a good thing.

                              Below are the entries from my syslog file…

                              
                              Aug 6 09:46:27	miniupnpd[12563]: Failed to remove NAT-PMP mapping eport 61079, protocol TCP
                              Aug 6 09:46:27	miniupnpd[12563]: Failed to remove NAT-PMP mapping eport 61079, protocol TCP
                              Aug 6 09:46:20	miniupnpd[12563]: Listening for NAT-PMP traffic on port 5351
                              Aug 6 09:46:20	miniupnpd[12563]: Listening for NAT-PMP traffic on port 5351
                              Aug 6 09:46:20	miniupnpd[12563]: HTTP listening on port 2189
                              Aug 6 09:46:20	miniupnpd[12563]: HTTP listening on port 2189
                              
                              
                              1 Reply Last reply Reply Quote 0
                              • jimpJ
                                jimp Rebel Alliance Developer Netgate
                                last edited by

                                Any way to try that with UPnP rather than NAT-PMP?

                                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                Need help fast? Netgate Global Support!

                                Do not Chat/PM for help!

                                1 Reply Last reply Reply Quote 0
                                • C
                                  catfish99
                                  last edited by

                                  JMP, turned off NAT-PMP and tried again.

                                  Tried Skype & Transmission and neither was able to create an entry (as they should if it worked ok).

                                  In summary - Still doesn't work as it should, but application is able to run without error.

                                  Log entries & configuration below:

                                  UPnP & NAT-PMP Settings

                                  • Enable UPnP & NAT-PMP - Enabled
                                  • Allow UPnP Port Mapping - Enabled
                                  • Allow NAT-PMP Port Mapping - DISABLED
                                  • Interfaces (generally LAN) - LAN
                                  Aug 6 10:07:40	miniupnpd[53693]: HTTP listening on port 2189
                                  Aug 6 10:07:40	miniupnpd[53693]: HTTP listening on port 2189
                                  Aug 6 10:07:40	php[57805]: /pkg_edit.php: miniupnpd: Restarting service on interface: lan
                                  
                                  1 Reply Last reply Reply Quote 0
                                  • C
                                    Cino
                                    last edited by

                                    @jimp:

                                    Can someone else on i386 try this:

                                    killall -9 miniupnpd
                                    fetch -o /usr/local/sbin/miniupnpd http://files.chi.pfsense.org/jimp/miniupnpd-i386
                                    chmod 555 /usr/local/sbin/miniupnpd
                                    

                                    And then restart the miniupnpd service in the GUI, and see if it works.

                                    That binary now works on my Alix.

                                    So far so good!!! I did testing from my windows server running uTorrent… Enabling UPnP and NAT-PMP, each by itself within utorrent and in pfSense.

                                    utorrent UPnP:
                                    52225 keep state tcp 192.168.0.100 uTorrent (TCP)
                                    52225 keep state udp 192.168.0.100 uTorrent (UDP)

                                    utorrent NAT-PMP:
                                    52225 keep state tcp 192.168.0.100 NAT-PMP 52225 tcp
                                    52225 keep state udp 192.168.0.100 NAT-PMP 52225 udp

                                    uTorrent was able to tear-down the session when the option was disabled

                                    I'll do more testing this week: deny ports and default traffic queue... but Thank you Jim! And thanks again for sticking thru this!

                                    1 Reply Last reply Reply Quote 0
                                    • C
                                      catfish99
                                      last edited by

                                      seeing the last post, I fetched the binary again and re-ran my testing.

                                      Well, I am glad to report UPnP & NAT-PMP are both working.

                                      Thanks!

                                      pfsense-1.jpg
                                      pfsense-1.jpg_thumb
                                      pfsense-2.jpg
                                      pfsense-2.jpg_thumb

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        strumf666
                                        last edited by

                                        Thank you very much :)

                                        edit: A question, after testing with uTorrent and skype, the ports for skype remain open even after I closed the program, but the uTorrent ports get closed. Why is that?

                                        1 Reply Last reply Reply Quote 0
                                        • AhnHELA
                                          AhnHEL
                                          last edited by

                                          I have been watching this thread intensely waiting for this issue to be resolved before trying out 2.1.  Finally upgraded and it went smoothly and miniupnpd is working as well, many thanks to you Jimp.

                                          AhnHEL (Angel)

                                          1 Reply Last reply Reply Quote 0
                                          • johnpozJ
                                            johnpoz LAYER 8 Global Moderator
                                            last edited by

                                            Just updated
                                            2.1-BETA0 (i386)
                                            built on Tue Aug 7 04:03:30 EDT 2012
                                            FreeBSD 8.3-RELEASE-p4

                                            And working great, started right up.  Test with just win7 upnp interface of device, sees pfsense as freebsd router due to discovery.  Allowed me to create forward to .209 address, but got denied when tried to a different address.  Which is per my settings.  So that is working as well

                                            allow 1024-65535 192.168.1.209/32 1024-65535

                                            Side question, is there anyway to secure upnp other than allow disallow rules?  How can there not be a signature, key, password portion to the protocol - that says hey without this key you can not do anything.  Something like the rndc key with bind.

                                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                                            If you get confused: Listen to the Music Play
                                            Please don't Chat/PM me for help, unless mod related
                                            SG-4860 24.11 | Lab VMs 2.8, 24.11

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.