UPNP fails when play



  • hi my pfsenses upnp will not work when i play game on xbox 360 ok it works for a while but after i have ben loged out and in 6-7 the upnp in pfsense stop working. is this a problem whit this or not bquse in the old verison of upnp it,s work but not now why ?



  • I can confirm this issue.  The 360 requires an "OPEN" NAT type for most of its online features such as chat, coop play, and multiplayer.  At times the 360 will register that UPNP on PFSense is "Strict" NAT, and most online features will fail.  It only does this after the initial successful attempt to play.  I am not sure if its a set amount of time, or that it fails only after the initial successful attempt.

    Here is what happens with the 1.2 beta 1…

    Upnp is enabled, and I can play on Xbox live with no issue.  If I come back the next day, Upnp sessions are still listed, and I can't play online... I remove the sessions and I still cannot play.

    If I reset the sessions, then go into the Network test area on the Xbox 360, and it runs all its connectiving tests, including NAT, it will say that the nat type is "OPEN", and then I can go back and play without issue.

    I understand this is an odd issue, but its very annoying, and the only thing preventing me from using PFsense again after ditching Astaro...

    Thanks for your time and all your great work!



  • Nobody has checked into this?



  • no i havent start my 360 for 6-7 times but i will test it out  soon. i don,t ewen think they care about this but this can bee a big sceurity alert when all the pepols meet…



  • wait until the xbox 360 folks fix there upnp problems
    microsoft use many times non standard things
    and espect every one to folow it
    that is 89%  of the times not the way how tings works
    and makes a lot of peaple mad



  • Its easy to blame Microsoft and Xbox for this, but its not their problem.  It works fine with 5 other routers, and 2 other implementations of  UPNP.

    Their is some sort of overflow/logging bug in the Pfsense UPNP instance, and it sticks until you reboot, or reset it.



  • pfSense uses miniupnpd.  Feel free to provide patches that fix this.  Otherwise send me an xbox 360 and I will fix it.



  • Hey!  ;D  I would send one if I had a spare, but I would miss mine too much!



  • yeah me too. but i want to say some thing i really like the pfsense god work with it.  the 1.2 beta 1 was a littele bit better the clear button was function probely on that one on this one the reset button don,t work i dont now why yet. but it will be a huge + if the upnp work functionely when the real 1.2 is out.



  • Considering that we cannot get a hold of Ryan (the miniupnpd/pfSense integration specialist) due to his dynamic dns domain expiring I hate to say it but the chances are slim to none.



  • ok but can you plz ask him to do it ? or if you guys get any time over plz fix it and i will be more than happy to have pfsense back agin.



  • You must have overlooked the part that read that we cannot get ahold of him?



  • Sorry for not being around for awhile. My dynamic dns service provider dynu.com system is screwed. I've called them for weeks no answer to phone calls or emails. I'm assuming their out of business or they just don't give a crap. I got fed up. I spent some time on my hobby and upgraded my 56gal to a 90gal saltwater fish tank, which I had to build the stand, plumb, etc, and then I was out of town for awhile.

    Anyway I have gmail now and use dyndns.org for my dynamic domain service. I spent some time tonight working on miniupnpd webgui issues like the reset button on upnp status, the services status page so you can start/stop it and some of the miniupnpd.inc code. I need to test this out my throughly and make sure it starts up correctly on reboot. Miniupnpd went through major changes after 1.2 beta 1 since it had to be made to work on the live cd.

    I have an xbox 360 sitting here, never use the thing, but I can fire it up and see what the problem is. Do I just sign in and out of xbox live a few times or if you could give me the exact procedure to make miniupnpd crash that would be great.

    Again I apologize for not getting in touch on here sooner.



  • The best way to test this, is set the Xbox 360 up with a static address, and then go into the settings, and run the Xbox Live network test, and it it reports "Strict" for NAT, then its not working correctly.  With proper Upnp functions, it should report "Open" for NAT, and then you know that all Xbox live features should work correctly, such as private voice chat, and multiplayer online.

    Strict NAT will mean that you may get online, and a few features will work, but you really want the test to report back "Open" NAT for full feature set of Xbox Live.

    I can force it do work like this by setting the Xbox to dynamic address, resetting Miniupnpd, and then run the network test, and it will report as open.  The problem seems to be that it isn't consistant, and I have to reset the daemon to get it to work, and sometimes it doesn't even seem to work after forcing it.  I am not sure that its routing both TCP/UDP 3074, and UDP 88 are routing properly…



  • I just fixed the following.

    • fixed clear button on upnp status page
    • fixed start/stop/restart buttons on services status page
    • fixed so miniupnpd will correctly start at boot
    • fixed when restarting service that previous redirect rules are cleared out

    I will look at the open vs strict nat issue probably Wednesday morning. I'm really not sure why its doing this and can't guarantee I can fix it.



  • I think you need to enable static-port for the XBOX 360 but this is just a guess.

    If someone could show us the active states in use on the firewall when they are testing the xbox 360 connection that would be great (show states on the main index page).



  • Sullrich, that's correct, atleast for my case anyways.

    I did NOT even need to enable the upnp service.  After enabling static-port, everything functioned correctly.  I will post my active states when i get home.



  • Please post with static-port and non static port so we can see the difference.

    Thanks!!



  • @rsw686:

    I just fixed the following.

    • fixed clear button on upnp status page
    • fixed start/stop/restart buttons on services status page
    • fixed so miniupnpd will correctly start at boot
    • fixed when restarting service that previous redirect rules are cleared out

    I will look at the open vs strict nat issue probably Wednesday morning. I'm really not sure why its doing this and can't guarantee I can fix it.

    Your work and response is very much appreciated!  I am available for further testing if needed.  Thanks!



  • I just tested the xbox 360 multiple times, it reported open every time. I plugged the xbox 360 in, turned it on, hit test internet connection and it worked, repeated the test a few times. I turned it off and back on, tested and it reported open as well.

    upnp status page

    3074  udp  10.10.1.144  Xbox (10.10.1.144:3074) 3074 UDP

    miniupnpd debug output

    miniupnpd[97878]: SSDP M-SEARCH from 10.10.1.144:22570 ST: urn:schemas-upnp-org:service:WANIPConnection:1
    miniupnpd[97878]: SSDP M-SEARCH from 10.10.1.144:28615 ST: urn:schemas-upnp-org:service:WANPPPConnection:1
    miniupnpd[97878]: HTTP connection from 10.10.1.144:23807
    miniupnpd[97878]: HTTP REQUEST : GET /rootDesc.xml (HTTP/1.1)
    miniupnpd[97878]: HTTP connection from 10.10.1.144:26428
    miniupnpd[97878]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
    miniupnpd[97878]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetStatusInfo
    miniupnpd[97878]: HTTP connection from 10.10.1.144:17425
    miniupnpd[97878]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
    miniupnpd[97878]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
    miniupnpd[97878]: AddPortMapping: external port 3074 to 10.10.1.144:3074 protocol UDP for: Xbox (10.10.1.144:3074) 3074 UDP
    miniupnpd[97878]: no permission rule matched : accept by default (n_perms=0)
    miniupnpd[97878]: redirecting port 3074 to 10.10.1.144:3074 protocol UDP for: Xbox (10.10.1.144:3074) 3074 UDP
    miniupnpd[97878]: creating pass rule to 10.10.1.144:3074 protocol UDP for: Xbox (10.10.1.144:3074) 3074 UDP

    However when retesting it keeps mapping additional ports. It checks the first port 3074 and when its already mapped, it randomly picks another port to use. Even if the 3074 was mapped to itself before. Looking at the miniupnpd debug output xbox 360 never tries deletes the ports it maps. Looks like they rely on the router to cleanup after it.

    I'll have to look at the upnp docs, I think there is a way to specify how long the mapping lasts for. If there is it could be added to miniupnpd. The workaround is when you have a long list of mapped ports just hit clear on the upnp status page. Microsoft should fix the crap upnp implementation on the xbox.



  • @rsw686:

    Microsoft should fix the crap upnp implementation on the xbox.

    shame that they never fix things before shipping there crap around the world



  • ok i will bring my pfsense back to work and test it but i still wonder why it was working excelent in the autumn ?? if you saying it work now but that it,s is xbox its fail on ? i is sitting in most cases on my 360 12-13 houer per day but the wheter in this contry is rain all the summer is raining away. but i can test it to and see if i got some new things. what are the newest verison of pfsense and where do i get it is it still on the live cd ??





  • hi agin can,t we just build a biger list like the system log ?? it is after 5 times its stop working and the upnp just list 5 and son after that it,s strict.



  • When it stops working are the previous ports still mapped on the UPnP status page? If so does hitting clear on the UPnP status page allow the xbox 360 to connect as open nat again?



  • I have an issue too with my xbox360 too when using pfsense.  My xbox360 would report the NAT as open which is good, but I would have to try connecting like 20 times to get into a game when playing COD3.  Because of that, I changed my router over to a buffalo router with DD-WRT installed, and now I am able to connect to almost every game I try.  Is this the problem you guys where having in this post?

    my pfsense router was a P2 400 MHz with 386 MB ram.  I thought maybe it was too slow and that was causing me problems with connecting to games.  I just got a P4 2.4 GHz machine with 512 MB ram, I have been thinking about going back to pfsense with that, what do you guys think, do you think upnp will work?  Would the faster computer make any difference?

    thanks,
    Zack



  • UPnP maintainer,

    When I was working with the UPnP implementation on embedded linksys devices I noticed they had many hacks in place (mostly for msn messenger). I also noticed that the xbox does not send a UPnP release.

    Maybe you could build something into the daemon such as this pseudo-code:

    if (requestingUPnPdesc = Xbox (192.168.x.x)) {

    if (valid rule already exists) {
            send success message to the xbox so it does not try to map another port;
        }
        else {
            map the port;
        }
    }
    else {
        continue;
    }



  • LawnMowerGuy1,

    I will look at the code and see how difficult it would be to implement something like that.

    I'm away for the week so I don't have an xbox in front of me. If somebody could get me the miniupnpd debug output when xbox tries to connect and maps another port that would be great. I can't remember how it checks to see if the port is already mapped.

    Using one of the later snapshots you can put miniupnpd into debug mode by running the following on the console. Make sure to stop miniupnpd using the status -> services page.

    /usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf

    Afterwards you can restart the service on the status -> services page to get out of debug mode.

    I just hate implementing hacks to get microsoft's crap to work. It really bothers me that they can't follow the UPnP specs like everybody else.



  • no zboll your pfsense is working well it,s the xbox and the upnp thats not working together. when i hade d-link gming router it,s working well to. but i like the pfsense better. in d-link i find a gamefuel page where all of this ports and other things that was reallated to games was. why can,t we build one page like this in the pfsense ?





  • @forum:

    no zboll your pfsense is working well it,s the xbox and the upnp thats not working together. when i hade d-link gming router it,s working well to. but i like the pfsense better. in d-link i find a gamefuel page where all of this ports and other things that was reallated to games was. why can,t we build one page like this in the pfsense ?

    Yeah ok.  I might just try pfsense on the P4 2.4 Ghz and see if it works any better with the xbox.  the buffalo router with DD-WRT works perfectly in terms of playing xbox 360, but I like the feature that pfsense has of multiple wan support which originally got me using pfsense instead of a linux variant.

    I originally figured I would try out a linux variant when I could not get pfsense to work with xbox360 because my DD-WRT router is linux based.  I found that "Endian" and "Clarckconnect" both have dual wan support.  I tried to install Endian but I couldn't get it to work and it is not documented very well online for the community edition.  Clarckconnect cost $430 dollars for the version with two WAN so I could not justify it.  If any one knows of a linux variant that I could try with dual wan support, it would be greatly appreciated (I just want to check if the UPNP with xbox works).

    Otherwise, I will probably have to run a separate line from my dd-wrt router to my pfsense box, which means running another cable.  So a setup like this.

    DSL –-----------------------------------|
                                                                  |
                                                                  |---->Pfsense----->rest of network
    Cable -------> DD-WRT Router -|---->|
                                                                  |
                                                                  |----->xbox 360

    Zack



  • OpenWRT uses miniupnpd as well. What client does DD-WRT use? Maybe you could post your problem on the miniupnpd forum accessible from the below link.

    http://miniupnp.free.fr/

    Otherwise I will take a look at it when I get the debug output or next week when I have access to an xbox 360. I'm just not overly compelled to fix this as it's an xbox implementation issue and I don't game.



  • I looked but I couldn't find it, I believe that dd-wrt is closely related to open-wrt.

    I have two dd-wrt routers available, so I may just use one as a wireless bridge to my xbox so I dont have to run another cable.  Do you think I would notice a performance boast upgrading my pfsense box from a p2 400 mhz 386 mb ram to p4 2.4 ghz 512 mb ram.  The thing is my P4 has a 250 gb hard drive and pfsense does not support samba.  If you guys think its worth the upgrade, I might just have my linux box mount the pfsense harddrive using ssh filesystem so I dont waste all that space.  Probably not the best but I think I should still be able to stream DVD on gigabit network.

    Zack



  • @rsw686:

    OpenWRT uses miniupnpd as well. What client does DD-WRT use?

    DD-WRT uses a variant of the hacked Linksys client.



  • thanks for the info.

    I think that im just going to do the dd-wrt wireless bridged to the xbox with pfsense behind the dd-wrt.  I would eventually like to try out a one level solution but the only option I am aware of right now that supports dual wan is the commercial version of clarkconnect.  If anyone has a distribution up for recommendation to try, I would appreciate it.

    thanks,
    Zack



  • Instead of asking for other distributions why not get me the miniupnpd debug info and I'll have to look to see if I can fix it.



  • I had some free time to look into this. I corrected the code so xbox 360 will not keep mapping additional ports. I implemented a check so if the existing redirect is identical to the redirect request it will ignore the request.

    To install this you need to be using a hard drive install or embedded version of pfSense. I am not going to commit this until I finish testing it further and the miniupnpd author patches his source with it. It just becomes too hard to maintain the patches otherwise.

    On the console
    cd /tmp
    fetch http://wgnrs.dynalias.com:81/pfsense/miniupnpd/sh-replace-binary.sh
    fetch http://wgnrs.dynalias.com:81/pfsense/miniupnpd/devel/miniupnpd
    chmod +x sh-replace-binary.sh
    ./sh-replace-binary.sh miniupnpd

    The md5 returned should match 6d170ae9fa1d5a28a33d6ec00ffca4ac. If it does then your good to go. Let me know if this solves your problem.



  • ok seems to work i just got one port for the xbox 360 and the nat is open but i will test this one out mokre today



  • @forum:

    ok seems to work i just got one port for the xbox 360 and the nat is open but i will test this one out mokre today

    Did you get a chance to test it out more?



  • I have been out of town for the week, I am going to try to get my pfsense box back up and running to test.

    thanks,
    Zack


Locked
 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy