Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    21.05 blocking TiVo connections for unknown reasons

    Scheduled Pinned Locked Moved General pfSense Questions
    29 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by

      Do you maybe have a port forward matching 8080 / 8081 that is matching it somehow?

      Or maybe there is something hiding in the ruleset from another package. Post the contents of /tmp/rules.debug, see if it has anything unusual in there.

      Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      S 1 Reply Last reply Reply Quote 0
      • S
        sydgarrett @jimp
        last edited by

        @jimp
        No port forwarding and only Automatic Outbound NAT rules.

        Here is the rules.debug

        rules-debug.txt

        S 1 Reply Last reply Reply Quote 0
        • S
          sydgarrett @sydgarrett
          last edited by

          OK -- new information here. I know that "correlation doesn't equal causation" but maybe this will give someone else a clue.

          I noticed that there were a bunch of miniupnpd errors in the Routing Logs. chrome_4UlwZ6PLJf.png

          So, I restarted the miniupnpd process. As long as that process is in the "Listening for NAT-PMP/PCP traffic on port 5351" state, the TiVo's can SUCCESSFULLY connect. As soon as the "ioctl(dev, DIOCGETADDRS, ...): Device busy" errors start showing up again (after about 4 or 5 minutes), the TiVo's go back to the state where the 8080 and 8081 transactions receive a RST response.

          If I disable UPnP & NAT-PMP, the connections run just fine. As soon as I re-enable UPnP & NAT-PMP, we are back to our original state.

          Doesn't make ANY sense to me given that the TiVo's don't use UPnP & NAT-PMP (as far as I know and/or can tell). So, how could that be blocking things and why does it get the multiple "Device Busy" errors?

          I can live without it for a few days but I really would like to re-enable it for some other things I have on my network.

          Thoughts?

          KOMK 1 Reply Last reply Reply Quote 0
          • KOMK
            KOM @sydgarrett
            last edited by

            @sydgarrett Perhaps this?

            UPnP/NAT-PMP not functioning on 32-bit ARM

            S 1 Reply Last reply Reply Quote 1
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              Curious, do you see anything in the UPnP status when the TiVo can't connect?

              What if you try this command from the shell at the same time:

              pfSsh.php playback pfanchordrill
              

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              S 1 Reply Last reply Reply Quote 1
              • S
                sydgarrett @KOM
                last edited by

                @kom said in 21.05 blocking TiVo connections for unknown reasons:

                @sydgarrett Perhaps this?

                UPnP/NAT-PMP not functioning on 32-bit ARM

                Yep. That sounds like the same thing. Also explains why this all started around the time of the upgrade to 21.05.

                1 Reply Last reply Reply Quote 0
                • S
                  sydgarrett @jimp
                  last edited by

                  @jimp

                  Nothing in the status for UPnP.chrome_qeaQ7JZV4h.png

                  This is interesting

                  chrome_zmEpyjo0M0.png

                  And, of course, those go away when the miniupnpd is restarted

                  chrome_m0hm1RGd9y.png

                  I'm not following what those rules are there for but you clearly found our culprit for what is blocking 8080 and 8081

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    So despite the error, something on your local network is setting up block rules via UPnP for 8080, 8081, and 8082 which are rejecting all that traffic.

                    So UPnP is letting it happen, but ultimately it's being done by whatever device is adding those rules to UPnP.

                    Some kind of device with a web interface, which may limit your search when tracking it down.

                    Anything server-like on your local network that uses those ports for a web-based GUI to manage it?

                    Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      sydgarrett @jimp
                      last edited by

                      @jimp

                      Yeah, lot's of devices with web based GUIs. Let me spend some time tracking that down.

                      However, all of those "played well together" and I had no issues until about a month ago when the Tivo's started complaining. Is it possible that the rules are left from some intermediate state when the UPnP dies?

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        Doubtful, but I suppose it's possible. UPnP isn't dying, though, it's getting an error of some sort when attempting to probe addresses.

                        It's also possible that whatever is adding those rules had an update which enabled UPnP support to do what it's doing.

                        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          Googling the labels on the rules it appears they come from a QNAP device.

                          Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          S 1 Reply Last reply Reply Quote 1
                          • S
                            sydgarrett @jimp
                            last edited by

                            @jimp

                            OK -- that helps. I've got a QNAP TS-653A on the network and it looks like it had a firmware update about the same time as all this started happening.

                            Now why it would be adding those rules is another question.

                            You have been a BIG help on this. Thanks so much!

                            1 Reply Last reply Reply Quote 0
                            • jimpJ
                              jimp Rebel Alliance Developer Netgate
                              last edited by

                              From what I saw, QNAP has the ability to setup UPnP rules to allow outside access automatically. Seems dangerous to me for a NAS, but some people find it convenient. Probably a knob in there somewhere to shut that down.

                              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              S 1 Reply Last reply Reply Quote 0
                              • S
                                sydgarrett @jimp
                                last edited by

                                @jimp

                                Yeah, I shut down access outside my network a long time ago. Digging through things to see what might be setting up those rules.

                                S 1 Reply Last reply Reply Quote 0
                                • S
                                  sydgarrett @sydgarrett
                                  last edited by

                                  @sydgarrett said in 21.05 blocking TiVo connections for unknown reasons:

                                  @jimp

                                  Yeah, I shut down access outside my network a long time ago. Digging through things to see what might be setting up those rules.

                                  Found it. Even though I had shut down access, there was still an option in there to configure the router using UPnP that had NOT been disabled. Don't remember that option being there in the past but it has been a LONG time since I set up the server.

                                  Thanks SO much for your help on this. I consider this resolved (at least until the next update of something on the network :) )

                                  Thanks!

                                  1 Reply Last reply Reply Quote 2
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.