Miniupnp full cone double NATincorrectly adding rules
-
I think it was definitely helpful!
I've had "config file" on the brain since the start, but your idea is much better. It's fully automated now in the last diff I posted in the other thread. I still need to set the ext_ip or STUN option to get past those checks, but it works great! It may be the case that more fulsome implementations of UPnP clients might actually need a public IP in there, so they can do with that as they please. Game clients typically don't, as they just want to punch holes in the firewall, not talk UPnP to other clients. There's a lot to UPnP that I don't know, so I kind of get their resistance to changing anything up there. I think this is the nest solution we can have honestly. Thanks for the input. -
Nice!
That change looks a lot cleaner than the config option as well.
Hopefully they respond positively since it appears to follow their suggestions for where the change belongs.
-
E encrypt1d referenced this topic on
-
S Saber referenced this topic on
-
Looks like they committed a variation of my fix with slightly better error handling - but it is in!
https://github.com/miniupnp/miniupnp/commit/c0d3a176509b7f659fa713c0d11597bdbfae7ca5
So for all the double NAT folks out there, the fix is coming.
How does the process unfold here, does it get updated in the pfSense repo?
-
@encrypt1d That would be fantastic, can't believe it.
-
@encrypt1d said in Miniupnp full cone double NATincorrectly adding rules:
@jimp
How does the process unfold here, does it get updated in the pfSense repo?Ideally, they'll put out a release, that release gets into the FreeBSD ports tree, and then we pull it in from there.
In the past we have also set the port in our tree to build from a specific commit on their master branch if I'm remembering right, we did that not long after they put in the
nat onrule support so we could start testing it. -
E encrypt1d referenced this topic on
-
E encrypt1d referenced this topic on
-
@jimp Hey, how are you?
I couldn't see anything related in the new BETA release 22.05. Do you think this fix will make it to the final release?
-
It would be helpful to have this patch added in to help those with double NAT. It looks like last time it was updated on pfSense was ~4 years ago, and at this point it seems doubtful it's going to be updated any time soon.
-
@marc05 said in Miniupnp full cone double NATincorrectly adding rules:
It would be helpful to have this patch added in to help those with double NAT. It looks like last time it was updated on pfSense was ~4 years ago, and at this point it seems doubtful it's going to be updated any time soon.
Yeah, I wish someone uploaded a patch at least as I myself am unable to compile the fixed app.
-
The miniupnp project hasn't yet put out a release which includes that patch. We try not to incur technical debt or risk by adding in patches between releases when we can avoid it. Once they put out a new release we can update ours to use it.
-
@jimp totally makes sense. Thank you!
-
It has been broken for many years now, so another couple of years doesn't sound too terrible in that perspective. Still, it sucks :(
