UPNP fails when play

rsw686

Sorry for not being around for awhile. My dynamic dns service provider dynu.com system is screwed. I've called them for weeks no answer to phone calls or emails. I'm assuming their out of business or they just don't give a crap. I got fed up. I spent some time on my hobby and upgraded my 56gal to a 90gal saltwater fish tank, which I had to build the stand, plumb, etc, and then I was out of town for awhile.

Anyway I have gmail now and use dyndns.org for my dynamic domain service. I spent some time tonight working on miniupnpd webgui issues like the reset button on upnp status, the services status page so you can start/stop it and some of the miniupnpd.inc code. I need to test this out my throughly and make sure it starts up correctly on reboot. Miniupnpd went through major changes after 1.2 beta 1 since it had to be made to work on the live cd.

I have an xbox 360 sitting here, never use the thing, but I can fire it up and see what the problem is. Do I just sign in and out of xbox live a few times or if you could give me the exact procedure to make miniupnpd crash that would be great.

Again I apologize for not getting in touch on here sooner.

hoby

The best way to test this, is set the Xbox 360 up with a static address, and then go into the settings, and run the Xbox Live network test, and it it reports "Strict" for NAT, then its not working correctly.  With proper Upnp functions, it should report "Open" for NAT, and then you know that all Xbox live features should work correctly, such as private voice chat, and multiplayer online.

Strict NAT will mean that you may get online, and a few features will work, but you really want the test to report back "Open" NAT for full feature set of Xbox Live.

I can force it do work like this by setting the Xbox to dynamic address, resetting Miniupnpd, and then run the network test, and it will report as open.  The problem seems to be that it isn't consistant, and I have to reset the daemon to get it to work, and sometimes it doesn't even seem to work after forcing it.  I am not sure that its routing both TCP/UDP 3074, and UDP 88 are routing properly…

rsw686

I just fixed the following.

• fixed clear button on upnp status page
• fixed start/stop/restart buttons on services status page
• fixed so miniupnpd will correctly start at boot
• fixed when restarting service that previous redirect rules are cleared out

I will look at the open vs strict nat issue probably Wednesday morning. I'm really not sure why its doing this and can't guarantee I can fix it.

sullrich

I think you need to enable static-port for the XBOX 360 but this is just a guess.

If someone could show us the active states in use on the firewall when they are testing the xbox 360 connection that would be great (show states on the main index page).

bgbearcatfan

Sullrich, that's correct, atleast for my case anyways.

I did NOT even need to enable the upnp service.  After enabling static-port, everything functioned correctly.  I will post my active states when i get home.

sullrich

Please post with static-port and non static port so we can see the difference.

Thanks!!

hoby

@rsw686:

I just fixed the following.

• fixed clear button on upnp status page
• fixed start/stop/restart buttons on services status page
• fixed so miniupnpd will correctly start at boot
• fixed when restarting service that previous redirect rules are cleared out

I will look at the open vs strict nat issue probably Wednesday morning. I'm really not sure why its doing this and can't guarantee I can fix it.

Your work and response is very much appreciated!  I am available for further testing if needed.  Thanks!

rsw686

I just tested the xbox 360 multiple times, it reported open every time. I plugged the xbox 360 in, turned it on, hit test internet connection and it worked, repeated the test a few times. I turned it off and back on, tested and it reported open as well.

upnp status page

3074  udp  10.10.1.144  Xbox (10.10.1.144:3074) 3074 UDP

miniupnpd debug output

miniupnpd[97878]: SSDP M-SEARCH from 10.10.1.144:22570 ST: urn:schemas-upnp-org:service:WANIPConnection:1
miniupnpd[97878]: SSDP M-SEARCH from 10.10.1.144:28615 ST: urn:schemas-upnp-org:service:WANPPPConnection:1
miniupnpd[97878]: HTTP connection from 10.10.1.144:23807
miniupnpd[97878]: HTTP REQUEST : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[97878]: HTTP connection from 10.10.1.144:26428
miniupnpd[97878]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[97878]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetStatusInfo
miniupnpd[97878]: HTTP connection from 10.10.1.144:17425
miniupnpd[97878]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[97878]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
miniupnpd[97878]: AddPortMapping: external port 3074 to 10.10.1.144:3074 protocol UDP for: Xbox (10.10.1.144:3074) 3074 UDP
miniupnpd[97878]: no permission rule matched : accept by default (n_perms=0)
miniupnpd[97878]: redirecting port 3074 to 10.10.1.144:3074 protocol UDP for: Xbox (10.10.1.144:3074) 3074 UDP
miniupnpd[97878]: creating pass rule to 10.10.1.144:3074 protocol UDP for: Xbox (10.10.1.144:3074) 3074 UDP

However when retesting it keeps mapping additional ports. It checks the first port 3074 and when its already mapped, it randomly picks another port to use. Even if the 3074 was mapped to itself before. Looking at the miniupnpd debug output xbox 360 never tries deletes the ports it maps. Looks like they rely on the router to cleanup after it.

I'll have to look at the upnp docs, I think there is a way to specify how long the mapping lasts for. If there is it could be added to miniupnpd. The workaround is when you have a long list of mapped ports just hit clear on the upnp status page. Microsoft should fix the crap upnp implementation on the xbox.

jeroen234

@rsw686:

Microsoft should fix the crap upnp implementation on the xbox.

shame that they never fix things before shipping there crap around the world

forum

ok i will bring my pfsense back to work and test it but i still wonder why it was working excelent in the autumn ?? if you saying it work now but that it,s is xbox its fail on ? i is sitting in most cases on my 360 12-13 houer per day but the wheter in this contry is rain all the summer is raining away. but i can test it to and see if i got some new things. what are the newest verison of pfsense and where do i get it is it still on the live cd ??

cmb

you can find the latest here.
http://snapshots.pfsense.org/FreeBSD6/RELENG_1_2/

forum

hi agin can,t we just build a biger list like the system log ?? it is after 5 times its stop working and the upnp just list 5 and son after that it,s strict.

rsw686

When it stops working are the previous ports still mapped on the UPnP status page? If so does hitting clear on the UPnP status page allow the xbox 360 to connect as open nat again?

zboll

I have an issue too with my xbox360 too when using pfsense.  My xbox360 would report the NAT as open which is good, but I would have to try connecting like 20 times to get into a game when playing COD3.  Because of that, I changed my router over to a buffalo router with DD-WRT installed, and now I am able to connect to almost every game I try.  Is this the problem you guys where having in this post?

my pfsense router was a P2 400 MHz with 386 MB ram.  I thought maybe it was too slow and that was causing me problems with connecting to games.  I just got a P4 2.4 GHz machine with 512 MB ram, I have been thinking about going back to pfsense with that, what do you guys think, do you think upnp will work?  Would the faster computer make any difference?

thanks,
Zack

LawnMowerGuy1

UPnP maintainer,

When I was working with the UPnP implementation on embedded linksys devices I noticed they had many hacks in place (mostly for msn messenger). I also noticed that the xbox does not send a UPnP release.

Maybe you could build something into the daemon such as this pseudo-code:

if (requestingUPnPdesc = Xbox (192.168.x.x)) {

if (valid rule already exists) {
        send success message to the xbox so it does not try to map another port;
    }
    else {
        map the port;
    }
}
else {
    continue;
}

rsw686

LawnMowerGuy1,

I will look at the code and see how difficult it would be to implement something like that.

I'm away for the week so I don't have an xbox in front of me. If somebody could get me the miniupnpd debug output when xbox tries to connect and maps another port that would be great. I can't remember how it checks to see if the port is already mapped.

Using one of the later snapshots you can put miniupnpd into debug mode by running the following on the console. Make sure to stop miniupnpd using the status -> services page.

/usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf

Afterwards you can restart the service on the status -> services page to get out of debug mode.

I just hate implementing hacks to get microsoft's crap to work. It really bothers me that they can't follow the UPnP specs like everybody else.

forum

no zboll your pfsense is working well it,s the xbox and the upnp thats not working together. when i hade d-link gming router it,s working well to. but i like the pfsense better. in d-link i find a gamefuel page where all of this ports and other things that was reallated to games was. why can,t we build one page like this in the pfsense ?

GruensFroeschli

@forum: http://forum.pfsense.org/index.php/topic,3917.0.html

zboll

@forum:

no zboll your pfsense is working well it,s the xbox and the upnp thats not working together. when i hade d-link gming router it,s working well to. but i like the pfsense better. in d-link i find a gamefuel page where all of this ports and other things that was reallated to games was. why can,t we build one page like this in the pfsense ?

Yeah ok.  I might just try pfsense on the P4 2.4 Ghz and see if it works any better with the xbox.  the buffalo router with DD-WRT works perfectly in terms of playing xbox 360, but I like the feature that pfsense has of multiple wan support which originally got me using pfsense instead of a linux variant.

I originally figured I would try out a linux variant when I could not get pfsense to work with xbox360 because my DD-WRT router is linux based.  I found that "Endian" and "Clarckconnect" both have dual wan support.  I tried to install Endian but I couldn't get it to work and it is not documented very well online for the community edition.  Clarckconnect cost $430 dollars for the version with two WAN so I could not justify it.  If any one knows of a linux variant that I could try with dual wan support, it would be greatly appreciated (I just want to check if the UPNP with xbox works).

Otherwise, I will probably have to run a separate line from my dd-wrt router to my pfsense box, which means running another cable.  So a setup like this.

DSL –-----------------------------------|
                                                              |
                                                              |---->Pfsense----->rest of network
Cable -------> DD-WRT Router -|---->|
                                                              |
                                                              |----->xbox 360

Zack

rsw686

OpenWRT uses miniupnpd as well. What client does DD-WRT use? Maybe you could post your problem on the miniupnpd forum accessible from the below link.

http://miniupnp.free.fr/

Otherwise I will take a look at it when I get the debug output or next week when I have access to an xbox 360. I'm just not overly compelled to fix this as it's an xbox implementation issue and I don't game.