Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Miniupnpd not denying access

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    13 Posts 5 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Cino
      last edited by

      thanks onhel!! I'll have to do some more testing and figure out what i'm doing wrong

      1 Reply Last reply Reply Quote 0
      • C
        Cino
        last edited by

        @onhel:

        I have the default deny rule checked, and have setup an allow rule.  This functions as expected and when I remove the rule, UPnP is effectively blocked.

        Not really how I wanted it setup but if I default deny rule check, it will only open up when i put in the config… I would prefer the other way around but this is doable for now.

        I'm up to using 3 of the 4 User specified permissions fields.... Hope I dont need more or I'll have to start hacking some php pages..

        1 Reply Last reply Reply Quote 0
        • S
          SeventhSon
          last edited by

          @Cino:

          I'm up to using 3 of the 4 User specified permissions fields…. Hope I dont need more or I'll have to start hacking some php pages..

          Or you can give them consecutive IPs and use a range?

          1 Reply Last reply Reply Quote 0
          • X
            xbipin
            last edited by

            sorry to barge in but has any1 tried upnp and had limiters set, there was a bug in 2.0.1 where upnp would break limiters so wanted to ask if its solved or no.

            the bug was suppose u set a limiter on a client ip and that works but suppose if this client opened ports using upnp then they wouldn't be limited by limiter so suppose i set a speed of 1mbps on a client and suppose this client starts a torrent download and uses upnp to open ports then his downloads would be limited to 1mbps, it would break the limiter

            1 Reply Last reply Reply Quote 0
            • C
              Cino
              last edited by

              @xbipin:

              sorry to barge in but has any1 tried upnp and had limiters set, there was a bug in 2.0.1 where upnp would break limiters so wanted to ask if its solved or no.

              the bug was suppose u set a limiter on a client ip and that works but suppose if this client opened ports using upnp then they wouldn't be limited by limiter so suppose i set a speed of 1mbps on a client and suppose this client starts a torrent download and uses upnp to open ports then his downloads would be limited to 1mbps, it would break the limiter

              I have not tried the limiter feature of upnp… Only the default queue which I dont think is working

              1 Reply Last reply Reply Quote 0
              • C
                Cino
                last edited by

                looks like i had the syntax wrong.. I was able to have configured to allow all and deny what i want :-)

                this seem to do the trick… Not sure why i didn't think of this before..
                deny 443 192.168.0.100 443
                deny 80 192.168.0.100 80

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  The default deny is working from what I can tell

                  I am currently using
                  2.1-BETA0 (i386)
                  built on Tue Aug 28 14:42:48 EDT 2012
                  FreeBSD 8.3-RELEASE-p4

                  Simple test is just from any windows box that sees your router, just try and add something.  Blocked from creating the rule - as you see from attachment was denied creating forward.  But if I remove the default deny or come from my allow IP it works fine
                  allow 1024-65535 192.168.1.209/32 1024-65535

                  defaultdeny.png
                  defaultdeny.png_thumb

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • X
                    xbipin
                    last edited by

                    i wanted to ask how can we add multiple ips to a single permission entry to allow upnp

                    allow 1024-65535 192.168.0.11 1024-65535 (this allows 1 client to open ports)

                    i want to add multiple clients to this single entry like
                    192.168.0.11
                    192.168.0.30
                    192.168.0.2
                    etc

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      you can do a mask, but not sure how you can do specific IPs like that without different entries?

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • AhnHELA
                        AhnHEL
                        last edited by

                        I personally have all my gaming devices grouped together in my DHCP leases, so all of my UPnP enabled devices are statically assigned IPs 192.168.1.17 through 192.168.1.22.  I then create the following allow rule in Services/UPnP using a mask bit of 29 to fit those 6 IPs.

                        allow 88-65535 192.168.1.16/29 88-65535
                        

                        Now thats one line for all of my UPnP devices.  I do not statically assign any device to IPs 192.168.1.16 AND 192.168.1.23 just to avoid the confusion of the above mask's subnet ID and broadcast address.  You can use any mask you like to accommodate a bigger or smaller set of devices but the main point is to group all your UPnP enabled devices with their IP range and setup the appropriate mask.  I cheat sometimes and use the below website to help me figure out quickly the correct mask.

                        http://www.subnet-calculator.com/

                        AhnHEL (Angel)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.