Miniupnpd issues with lastest snapshot
-
It has not been a package since before 1.2 even. It is merely configured using the internal pkg system for its gui page. Nothing about it is a package in the binary sense, and that's what this is – an issue with the miniupnpd code/binary.
If someone in this thread has said miniupnpd "package" they meant "package" in the freebsd sense, not in pfSense.
-
I must say i kinda regret trying the 2.1 beta to see if my isp was kind enough to give me ipv6 addresses (witch they don't), and now miniupnpd not working for months..
Wish there was a easy way back to stable without having to set up everything again.
C
-
I'd like to see upnp work more than anyone else, but when people are real dicks about it (see https://redmine.pfsense.org/issues/2527#change-9600 ), it doesn't help. It is rather discouraging.
-
Well I hope you don't get discouraged about it so we'll hopefully have uPnP working soon :)
-
Well it takes more than a single guy with a bad attitude to knock a project off-track, but it still doesn't sit well. Can't please everyone. Especially people who have a faulty expectation of early beta snapshot images.
-
Keep an eye out for the next new snapshot.
-
Keep an eye out for the next new snapshot.
thank you Jim!! I will update my i386 install once its available for download…. I saw the post on redmine this afternoon and its a shame.. Yeah it sucks that upnp stop working but this is why we test and report our findings... I took the chance to use 2.1 beta in production. If something stops working, I can only blame myself and report that there is an issue... Not to flame on you or anyone on the pfsense team. I'll be honest, there are times I want too but we are adults here... At least most of us are anyways...
Thank you for all your hard work!
-
Upnp works again in 2.1-BETA0 (i386)
built on Sun Aug 5 18:24:50 EDT 2012
FreeBSD 8.3-RELEASE-p3.Really nice to have this working again, thanks for all the hard work.
The efforts by the pfsense team in building such a great firewall are appreciated enormously. -
2.1-BETA0 (amd64)
built on Sun Aug 5 17:20:36 EDT 2012
FreeBSD 8.3-RELEASE-p3
Thank you jimp -
We are getting closer :-) It starts, but not interfacing with pf. i386
Aug 6 07:32:31 miniupnpd[44199]: Failed to add NAT-PMP 52225 udp->192.168.0.100:52225 'NAT-PMP 52225 udp' Aug 6 07:32:31 miniupnpd[44199]: Failed to add NAT-PMP 52225 udp->192.168.0.100:52225 'NAT-PMP 52225 udp' Aug 6 07:32:31 miniupnpd[44199]: ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: Operation not supported by device Aug 6 07:32:31 miniupnpd[44199]: ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: Operation not supported by device Aug 6 07:32:31 miniupnpd[44199]: ioctl(dev, DIOCGETRULES, ...): Operation not supported by device Aug 6 07:32:31 miniupnpd[44199]: ioctl(dev, DIOCGETRULES, ...): Operation not supported by device Aug 6 07:32:31 miniupnpd[44199]: Failed to add NAT-PMP 52225 tcp->192.168.0.100:52225 'NAT-PMP 52225 tcp' Aug 6 07:32:31 miniupnpd[44199]: Failed to add NAT-PMP 52225 tcp->192.168.0.100:52225 'NAT-PMP 52225 tcp' Aug 6 07:31:50 miniupnpd[44199]: ioctl(dev, DIOCGETRULES, ...): Operation not supported by device Aug 6 07:31:50 miniupnpd[44199]: ioctl(dev, DIOCGETRULES, ...): Operation not supported by device Aug 6 07:31:50 miniupnpd[44199]: ioctl(dev, DIOCGETRULES, ...): Operation not supported by device Aug 6 07:31:50 miniupnpd[44199]: ioctl(dev, DIOCGETRULES, ...): Operation not supported by device Aug 6 07:31:50 miniupnpd[44199]: ioctl(dev, DIOCGETRULES, ...): Operation not supported by device Aug 6 07:31:50 miniupnpd[44199]: ioctl(dev, DIOCGETRULES, ...): Operation not supported by device Aug 6 07:31:23 miniupnpd[44199]: Listening for NAT-PMP traffic on port 5351 Aug 6 07:31:23 miniupnpd[44199]: Listening for NAT-PMP traffic on port 5351 Aug 6 07:31:23 miniupnpd[44199]: HTTP listening on port 2189 Aug 6 07:31:23 miniupnpd[44199]: HTTP listening on port 2189 -
Yes it does start and function on amd64, I know that much for sure. i386 is a bit more of mystery. I copied the binary over to my i386 firewall and it works there. I updated my alix and it didn't work there.
-
Can someone else on i386 try this:
killall -9 miniupnpd fetch -o /usr/local/sbin/miniupnpd http://files.chi.pfsense.org/jimp/miniupnpd-i386 chmod 555 /usr/local/sbin/miniupnpdAnd then restart the miniupnpd service in the GUI, and see if it works.
That binary now works on my Alix.
-
I am using pfSense 2.1-BETA0-pfSense (i386) on a Soekris 6501.
I tried the miniupnpd file replacement you mentioned. Activated miniupnpd, and then ran Skype and Transmission. Neither got added - ie. still doesn't work as it should.
However, miniupnpd keeps running - which is a good thing.
Below are the entries from my syslog file…
Aug 6 09:46:27 miniupnpd[12563]: Failed to remove NAT-PMP mapping eport 61079, protocol TCP Aug 6 09:46:27 miniupnpd[12563]: Failed to remove NAT-PMP mapping eport 61079, protocol TCP Aug 6 09:46:20 miniupnpd[12563]: Listening for NAT-PMP traffic on port 5351 Aug 6 09:46:20 miniupnpd[12563]: Listening for NAT-PMP traffic on port 5351 Aug 6 09:46:20 miniupnpd[12563]: HTTP listening on port 2189 Aug 6 09:46:20 miniupnpd[12563]: HTTP listening on port 2189 -
Any way to try that with UPnP rather than NAT-PMP?
-
JMP, turned off NAT-PMP and tried again.
Tried Skype & Transmission and neither was able to create an entry (as they should if it worked ok).
In summary - Still doesn't work as it should, but application is able to run without error.
Log entries & configuration below:
UPnP & NAT-PMP Settings
- Enable UPnP & NAT-PMP - Enabled
- Allow UPnP Port Mapping - Enabled
- Allow NAT-PMP Port Mapping - DISABLED
- Interfaces (generally LAN) - LAN
Aug 6 10:07:40 miniupnpd[53693]: HTTP listening on port 2189 Aug 6 10:07:40 miniupnpd[53693]: HTTP listening on port 2189 Aug 6 10:07:40 php[57805]: /pkg_edit.php: miniupnpd: Restarting service on interface: lan -
Can someone else on i386 try this:
killall -9 miniupnpd fetch -o /usr/local/sbin/miniupnpd http://files.chi.pfsense.org/jimp/miniupnpd-i386 chmod 555 /usr/local/sbin/miniupnpdAnd then restart the miniupnpd service in the GUI, and see if it works.
That binary now works on my Alix.
So far so good!!! I did testing from my windows server running uTorrent… Enabling UPnP and NAT-PMP, each by itself within utorrent and in pfSense.
utorrent UPnP:
52225 keep state tcp 192.168.0.100 uTorrent (TCP)
52225 keep state udp 192.168.0.100 uTorrent (UDP)utorrent NAT-PMP:
52225 keep state tcp 192.168.0.100 NAT-PMP 52225 tcp
52225 keep state udp 192.168.0.100 NAT-PMP 52225 udpuTorrent was able to tear-down the session when the option was disabled
I'll do more testing this week: deny ports and default traffic queue... but Thank you Jim! And thanks again for sticking thru this!
-
seeing the last post, I fetched the binary again and re-ran my testing.
Well, I am glad to report UPnP & NAT-PMP are both working.
Thanks!
-
Thank you very much :)
edit: A question, after testing with uTorrent and skype, the ports for skype remain open even after I closed the program, but the uTorrent ports get closed. Why is that?
-
I have been watching this thread intensely waiting for this issue to be resolved before trying out 2.1. Finally upgraded and it went smoothly and miniupnpd is working as well, many thanks to you Jimp.
-
Just updated
2.1-BETA0 (i386)
built on Tue Aug 7 04:03:30 EDT 2012
FreeBSD 8.3-RELEASE-p4And working great, started right up. Test with just win7 upnp interface of device, sees pfsense as freebsd router due to discovery. Allowed me to create forward to .209 address, but got denied when tried to a different address. Which is per my settings. So that is working as well
allow 1024-65535 192.168.1.209/32 1024-65535
Side question, is there anyway to secure upnp other than allow disallow rules? How can there not be a signature, key, password portion to the protocol - that says hey without this key you can not do anything. Something like the rndc key with bind.
