Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    UPnP and multiple Xbox 360s (4-8)

    Scheduled Pinned Locked Moved Gaming
    34 Posts 5 Posters 37.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X Offline
      xcrustwadx
      last edited by

      The script seems to be working AOK.  However my time/date is set incorrectly.  I did "date 0711151223" from SSH to set it to 12:20 11/15 but I'm not sure this is the proper way.  What is the proper way to set the time and date in Pfsense?

      1 Reply Last reply Reply Quote 0
      • R Offline
        rsw686
        last edited by

        @xcrustwadx:

        The script seems to be working AOK.  However my time/date is set incorrectly.  I did "date 0711151223" from SSH to set it to 12:20 11/15 but I'm not sure this is the proper way.  What is the proper way to set the time and date in Pfsense?

        The date and time is set automatically via ntp. Make sure your timezone is set correctly on the System -> General page.

        1 Reply Last reply Reply Quote 0
        • X Offline
          xcrustwadx
          last edited by

          ok time is now set properly via the general menu.  Sorry, I glanced there for a time setting but I missed it.  Should have done CTRL+F.  Thank you.

          1 Reply Last reply Reply Quote 0
          • X Offline
            xcrustwadx
            last edited by

            OK.  The script/cron job definately works.  I just checked the upnp status and it's completely cleared!  This is great.

            Are there any plans to build in a timeout for upnp port mappings?

            The reason I ask is because it has been said that Xbox never bothers to release the ports when it is powered off (which I can certainly say is true from firsthand experience).  I know that this is actually a problem with the implementation on the Xbox's end and not with miniupnpd but restarting the service every morning seems like it may not be the best solution.  If there is any way I can help, please let me know.

            1 Reply Last reply Reply Quote 0
            • R Offline
              rsw686
              last edited by

              My debate about adding it into miniupnpd is deciding when is the port inactive. I'm not sure how easy it is to see the last activity since once the rule is created pfSense is dealing with the redirects not miniupnpd. I'll contact the miniupnpd author and see what his opinion is on this.

              1 Reply Last reply Reply Quote 0
              • X Offline
                xcrustwadx
                last edited by

                1.  Can I manually remove one upnp record/mapping without restarting the entire service and clearing ALL mappings?

                2.  Would it be feasible for me to write a custom script that removes a particular upnp port mapping once the DHCP lease that requested it expires?

                Im starting to think… why incorporate a band-aid into the code of miniupnpd, which works fine, that is a workaround for a problem that should be solved on Microsoft's end... ie send the "I'm done with this upnp mapping, you can remove it now." packet.  I'd rather make an "external" band-aid to avoid adverse effects on miniupnpd(a script for instance).

                I'm not too clear on how DHCP protocol works but the pfsense web UI seems to know when a host is down and no longer using its lease.

                1 Reply Last reply Reply Quote 0
                • R Offline
                  rsw686
                  last edited by

                  @xcrustwadx:

                  1.  Can I manually remove one upnp record/mapping without restarting the entire service and clearing ALL mappings?

                  2.  Would it be feasible for me to write a custom script that removes a particular upnp port mapping once the DHCP lease that requested it expires?

                  Miniupnpc is the client which can talk to miniupnpd. You would need to compile this for pfSense. Then it could be used to tell miniupnpd to remove a mapping. This is something that could be added to the pfSense UPnP implementation. I could see this being useful for others.

                  The easiest way to compile for the pfSense platform is to use the pfSense Developers edition. I think you can still get this on the snapshot server.

                  @xcrustwadx:

                  I'm not too clear on how DHCP protocol works but the pfsense web UI seems to know when a host is down and no longer using its lease.

                  True, but that is a bandaid fix as well. Not everyone is going to want or need that feature. The DHCP protocol marks the lease as inactive when its renewal time expires and the host has not renewed the lease. However some people set this time limit to days.

                  1 Reply Last reply Reply Quote 0
                  • R Offline
                    rsw686
                    last edited by

                    I forgot to mention that if you use Windows XP you can remove the mappings by going to the Network Connections folder. Right click on Internet Connection click Properties, click Settings, and you can delete individual mappings.

                    1 Reply Last reply Reply Quote 0
                    • X Offline
                      xcrustwadx
                      last edited by

                      Thanks for the tip.  You need the Windows XP uPnP UI installed on the XP machine first and then this will work.  I have just used it.  Im currently using VM to install pfsense dev beta 1 and I will attempt to compile the miniupnpc.

                      1 Reply Last reply Reply Quote 0
                      • R Offline
                        rsw686
                        last edited by

                        @xcrustwadx:

                        Thanks for the tip.  You need the Windows XP uPnP UI installed on the XP machine first and then this will work.  I have just used it.  Im currently using VM to install pfsense dev beta 1 and I will attempt to compile the miniupnpc.

                        I just built miniupnpc successfully use gmake. You'll need to add gmake using

                        pkg_add -r gmake

                        To build

                        /usr/local/bin/gmake

                        From here you could add check boxes next to the mappings on the UPnP Status page and a remove button. You could even write a script to search the current mappings and then remove any with xbox in them at 7:30 in the morning. Or if you want to get detailed write the script to compare the mappings with the dhcp leases and remove the inactive ones.

                        1 Reply Last reply Reply Quote 0
                        • R Offline
                          rsw686
                          last edited by

                          @rsw686:

                          From here you could add check boxes next to the mappings on the UPnP Status page and a remove button. You could even write a script to search the current mappings and then remove any with xbox in them at 7:30 in the morning. Or if you want to get detailed write the script to compare the mappings with the dhcp leases and remove the inactive ones.

                          Turns out that the new version of miniupnpd can clean out old mappings. I have compiled the binary and updated the webgui. The other improvement is called secure mode which locks down clients to only creating mappings to their IP. If anybody would like to test it out and let me know how it works that would be great. I plan on adding this into the cvs for 1.3, but for now you can update your 1.2 version with the following.

                          
                          cd /tmp
                          fetch http://wgnrs.dynalias.com/pfsense/miniupnpd/upnp_support
                          chmod +x upnp_support
                          ./upnp_support update
                          
                          

                          Afterwards you'll need to reconfigure upnp via the webgui. Please note that if you don't like the new version you'll have to manually restore the old files.

                          1 Reply Last reply Reply Quote 0
                          • H Offline
                            hoba
                            last edited by

                            @rsw686:

                            Afterwards you'll need to reconfigure upnp via the webgui. Please note that if you don't like the new version you'll have to manually restore the old files.

                            Or reapply the 1.2 release full update that will reset all files back to release versions  ;)

                            1 Reply Last reply Reply Quote 0
                            • X Offline
                              xcrustwadx
                              last edited by

                              RSW686: I just saw your post sorry it took so long.  I check back here occasionally.  I have applied the patch you posted on March 17 and I will test this weekend for sure at my secondary location.  I will also attempt to try at my other location which has the multiple Xbox 360s.

                              Does the "upnp bypassing the traffic shaper problem" still happen in 1.2 final?  If so is this in the works for 1.3?

                              1 Reply Last reply Reply Quote 0
                              • R Offline
                                rsw686
                                last edited by

                                @xcrustwadx:

                                Does the "upnp bypassing the traffic shaper problem" still happen in 1.2 final?  If so is this in the works for 1.3?

                                There is a way to compile miniupnpd to use an ALTQ queue. I'm not sure how this would tie in with the traffic shaper.

                                1 Reply Last reply Reply Quote 0
                                • E Offline
                                  eri--
                                  last edited by

                                  Well what i recommend is to add an option to tag packets that match the miniupnp nat/rdr/filter rules and not make them terminating ie not use quick.

                                  This is the same at what ftp-proxy on latest openbsd does and it helps a lot catching things up queueing them and so on.

                                  Please suggest to the author of miniupnpd to make this change and be done with it.
                                  One pfSense 1.3 you can match tags from the filter rules created in the gui.

                                  This is the best design and would make miniupnd compeletely standalone and not watching at other information it does not need to.

                                  I do not know if PNP protocol supports classes but if it does it would be nice to allow the option to specify one tag to be applied to specific traffic served by this daemon and then matched by tag from the user so to shape or not allow it at all.

                                  I hope this helps you somewhat.
                                  As for the change iirc it is just ~10 lines of changes max.

                                  1 Reply Last reply Reply Quote 0
                                  • R Offline
                                    rsw686
                                    last edited by

                                    @ermal:

                                    Well what i recommend is to add an option to tag packets that match the miniupnp nat/rdr/filter rules and not make them terminating ie not use quick.

                                    Miniupnpd was using rdr pass on, but I have recompiled it so that it is creating an rdr and a pass rule. I have also disabled the quick setting. So now I have rules that are looking like this

                                    jellyfish:/tmp#  pfctl -aminiupnpd -sn
                                    rdr on fxp2 inet proto udp from any to any port = 46678 label "Azureus UPnP 46678 UDP" -> 10.10.1.150 port 46678
                                    rdr on fxp2 inet proto tcp from any to any port = 46678 label "Azureus UPnP 46678 TCP" -> 10.10.1.150 port 46678
                                    jellyfish:/tmp#  pfctl -aminiupnpd -sr
                                    pass in on fxp2 inet proto udp from any to any port = 46678 flags S/SA keep state label "Azureus UPnP 46678 UDP"
                                    pass in on fxp2 inet proto tcp from any to any port = 46678 flags S/SA keep state label "Azureus UPnP 46678 TCP"

                                    Your saying I need to tag it as well. So at the end of the rule it should have a tag UPNP or something of that sort like the below?

                                    pass in on fxp2 inet proto udp from any to any port = 46678 flags S/SA keep state label "Azureus UPnP 46678 UDP" tag UPNP

                                    The option already in the upnpn daemon can append queue SOMENAME to the rule. I could easily add in the tag option like above if that is better.

                                    1 Reply Last reply Reply Quote 0
                                    • E Offline
                                      eri--
                                      last edited by

                                      Yeah a tag option is better and get rid of the queue option compeletly.
                                      It is not needed and is cumbersome.

                                      Please add the tag to the rdr rule so it produces
                                      rdr ….blabla.... tag MYTAG label "whatever" -> to $whatever

                                      it is better in the rdr since it is the first thing that takes a look at the packet ;)

                                      I would also like to see the rdr being generated for multiple interfaces so the PNP traffic can be loadbalanced with the help of tags.
                                      But that is more homework i guess.

                                      1 Reply Last reply Reply Quote 0
                                      • R Offline
                                        rsw686
                                        last edited by

                                        So I could do rdr pass….blabla.... tag MYTAG label "whatever" -> to $whatever and skip the separate pas rule?

                                        The additional features can come once I get the basic thing working in 1.3 with the traffic shaper. ;)

                                        1 Reply Last reply Reply Quote 0
                                        • E Offline
                                          eri--
                                          last edited by

                                          @rsw686:

                                          So I could do rdr pass….blabla.... tag MYTAG label "whatever" -> to $whatever and skip the separate pas rule?

                                          No since that extra "pass" might bypass the ruleset.
                                          Just add the tag on the rdr that is my suggestion, you still need the separate rules to pass traffic.

                                          1 Reply Last reply Reply Quote 0
                                          • R Offline
                                            rsw686
                                            last edited by

                                            Sounds good. I just wanted to make sure it was implemeted the best way. 1.2 upnp just uses one rdr pass rule and I wasn't sure what was more efficient. Thanks.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.