UPnP support



  • if this is a embedded or livecd install. fetch yourself a snapshot from http://pfsense.com/~sullrich/

    If this is a HD install. Download 1.0.1 and install the package through the package menu.



  • Got the latest one there. Thanks!

    Robert

    Edit: UPnP seems to be working, but there is nothing ever listed in the UPNP Status page.
    Also, once you've entered some information in the miniupnpd Settings tab, is there ever a way to stop or clear the firewall from using UPnP short of resetting back to factory defaults?  How do you stop or restart the service?



  • let's see, there is a enable disable checkbox.
    Status -> Services displays the current status.
    And the upnp status does display created port mapping. If there is nothing mapped, there is nothing to see. The rest goes into the system log.



  • Where is the enable/disable checkbox?  Not on the 12-23-2006 build I'm using.



  • System -> packages -> installed Packages -> reinstall package gui components



  • There is no Packages in System.  I'm on a WRAP.

    So how would one know if its enabled?



  • ah, well, the current upnp code included in base is not yet up to date with the package. That will probably work itself out in the near future.



  • @valnar:

    Got the latest one there. Thanks!

    Robert

    Edit: UPnP seems to be working, but there is nothing ever listed in the UPNP Status page.
    Also, once you've entered some information in the miniupnpd Settings tab, is there ever a way to stop or clear the firewall from using UPnP short of resetting back to factory defaults?  How do you stop or restart the service?

    @databeestje:

    ah, well, the current upnp code included in base is not yet up to date with the package. That will probably work itself out in the near future.

    FYI its been updated in the base code for about a week, just have to wait for a new snapshot to be released. Includes the enable button, the starting and stopping via the system -> services page, and fixes an issue with port mappings not being shown on when log packets is checked. Clicking clear on the upnp status page will clear all current mappings and restart the service.



  • Ah… and turning off the log now shows my upnp mappings on the status page.  Cool.  Thanks!



  • @valnar:

    Ah… and turning off the log now shows my upnp mappings on the status page.  Cool.  Thanks!

    Check out http://forum.pfsense.org/index.php/topic,551.msg17500.html#msg17500 for how to edit the status page to fix the issue in the meantime if you want the log packets option checked.



  • hello
    I got many off this code```
    miniupnpd[639]: 3 active incoming HTTP connections

    
    regards
    Michael


  • @mbedyn:

    hello
    I got many off this code```
    miniupnpd[639]: 3 active incoming HTTP connections

    
    regards
    Michael
    

    It just means multiple machines are hitting it at the same time. WinXP is notorious for doing this to check the status of the Internet Gateway. It should probably not be shown in the syslog. I will talk to the author about this.



  • It will be very helpfull removing this from logs.. ;) sometimes it's flooding me realy serious



  • @mbedyn:

    It will be very helpfull removing this from logs.. ;) sometimes it's flooding me realy serious

    If you would like you can use the development version that has this change made. Has some other minor fixes as well.

    From the console choose option 8 shell. Type the following commands.

    cd /tmp
    fetch http://wgnrs.dynalias.com:81/pfsense/miniupnpd/devel/miniupnpd
    fetch http://wgnrs.dynalias.com:81/pfsense/miniupnpd/sh-replace-binary.sh
    chmod +x sh-replace-binary.sh
    ./sh-replace-binary.sh miniupnpd

    It will return an md5sum that matches A6C7B90607557738E6BFD2354DED1177. Although I might update the binary so the md5sum could change.

    If you run into any problems you could restore your previous version with these commands.

    cd /tmp
    fetch http://pfsense.com/packages/config/miniupnpd/sbin/miniupnpd
    fetch http://wgnrs.dynalias.com:81/pfsense/miniupnpd/sh-replace-binary.sh
    chmod +x sh-replace-binary.sh
    ./sh-replace-binary.sh miniupnpd

    It will return an md5sum that matches 017A5A5A60E7CE448AEF70B0D1A4DBD2.



  • thank's
    I have reinstalled package according to your instructions…
    Will see  ;) I will report soon

    regards
    Michael :)



  • Heres what you have to look forward to in the next week or so. Access restrictions for miniupnpd have been added for improved security. There are still some bugs that need to be worked out so it should be finished soon. Also miniupnpd is now using a config file instead of multiple command line arguments. Any suggestions are appreciated.



  • I just committed the new version. Either reinstall the package. Or you can use the update script below. If your running a snapshot with miniupnpd already installed you should use the below script. Feedback is greatly appreciated. If there any any issues I want to catch them so this can be included in the next release of pfSense.

    The permissions allow port mappings to be made to the specified addresses.

    Either use the console terminal or ssh into the box. Select option 8 shell. Enter the following commands. Do not use the webgui command prompt you will find the page just hangs.

    Code:
    fetch -o - "http://wgnrs.dynalias.com:81/pfsense/miniupnpd/sh-update-miniupnpd.sh" | sh -



  • I have a cosmetic problem. in the Webgui / Services, miniupnpd shows up twice. I'd like to remove on of the links in the drop down menu… where are the entrys for the menu?



  • @bob:

    I have a cosmetic problem. in the Webgui / Services, miniupnpd shows up twice. I'd like to remove on of the links in the drop down menu… where are the entrys for the menu?

    You probably had the miniupnpd package installed and then restored your config to a snapshot image. Or installed the package on a snapshot image. If either of these are the case what you can do is backup your config. Remove the following from the installedpackages section. Then restore the config.

    <package><name>miniupnpd</name>
          <descr>Emulates Microsoft's Internet Connection Service (ICS). It implements the UPnP Internet
          Gateway Device specification (IGD) and allows UPnP aware clients, such as MSN Messenger to
          work properly from behind a NAT firewall.</descr>
          <website>http://miniupnp.free.fr/</website>
          <category>Network Management</category>
          <maintainer>seth.mos@xs4all.nl ryan@wgnrs.dynu.com</maintainer>
          <version>20061214</version>
          <required_version>1.0</required_version>
          <status>Stable</status>
          <config_file>http://www.pfsense.com/packages/config/miniupnpd/miniupnpd.xml</config_file>
          <configurationfile>miniupnpd.xml</configurationfile></package>

    <menu>
    <name>MiniUPnPd</name>
    <tooltiptext>Set miniupnpd settings such as interfaces to listen on.</tooltiptext>
    Services
    <url>/status_upnp.php</url>
    </menu>

    <service><name>miniupnpd</name>
    <rcfile>miniupnpd.sh</rcfile>
    <executable>miniupnpd</executable></service>



  • Thanks, why didn't I see this in the first place  ::)
    Shame on me.
    All looks good now.


Locked