Upnp woes …



  • Hello,

    I have a pfsense 1.2 with a Wan on PPoE , a Lan and a DMZ
    Upnp work ok on Lan, or on DMZ,
    However when I enable both Lan & DMZ  only one work (Lan and not DMZ) Is this a limitation?

    Also, I guess there is no Upnp client on the pfsense WAN. When pfsense is behind a Speedstream router with fw and upnp.
    DHCP on the Wan interface you get the ip gw and dns ok
    But if a client on Lan of pfsense try to open a port outside, pfsense open the port ok (as i see in upnp/status) but it does not go thru the router. This isn't an issue anymore on my install cause I use PPoE now.



  • I thought the issue of having UPnP enabled on multiple interfaces was already resolved. However I guess there are still some limitations. I won't be able to look into this until after next week.

    Nope there is no UPnP on the WAN interface. Like most other UPnP routers you need to have a public IP on the pfSense box for UPnP to work.

    Why not remove the Speedstream router or if it is a modem/router use it in bridge mode. Then pfSense will have a public IP and UPnP will work correctly.



  • @rsw686:

    I thought the issue of having UPnP enabled on multiple interfaces was already resolved. However I guess there are still some limitations. I won't be able to look into this until after next week.

    Nope there is no UPnP on the WAN interface. Like most other UPnP routers you need to have a public IP on the pfSense box for UPnP to work.

    Why not remove the Speedstream router or if it is a modem/router use it in bridge mode. Then pfSense will have a public IP and UPnP will work correctly.

    Tried it a few times, LAN only ok, DMZ only ok, BOTH enabled only LAN worked.
    I can live with the limitation as the seed box is on the DMZ.

    I did removed the router and I am now using the modem in bridge mode. Just that for the initial testing it would have made life easier . ;)



  • Here is an update on the UPnP multiple interface issue

    Now with LAN, DMZ, DMZ2  interface , I can get DMZ and DMZ2 Upnp working fine
    but when I enable the 3 interfaces UPnP only work on the LAN interface …

    Fire rules on the LAN interface:
    Pass, Log * LAN Net * LAN Net * *
    Pass        * LAN Net * *          * *



  • @RonpfS:

    Here is an update on the UPnP multiple interface issue

    Now with LAN, DMZ, DMZ2  interface , I can get DMZ and DMZ2 Upnp working fine
    but when I enable the 3 interfaces UPnP only work on the LAN interface …

    Fire rules on the LAN interface:
    Pass, Log * LAN Net * LAN Net * *
    Pass        * LAN Net * *          * *

    Thanks for the testing. I'll have to look into this. My schedule is packed this week, but I'll see what I can do. It might take some time as I need to setup a test network in VMWare.



  • @rsw686:

    Thanks for the testing. I'll have to look into this. My schedule is packed this week, but I'll see what I can do. It might take some time as I need to setup a test network in VMWare.

    No problem, kinda doing nothing at home these days … I have time to play with things  ;)

    This doesn`t seems to be a big issue ... (no one in this thread  ;D)
    There is no rush on my side anyway.

    Yet another thing I found strange ... on DMZ2,
    One computer (192.168.218.128) is using Skype and dna
    normaly I see the correct IP in  Upnp Status:

    
    Port  	Protocol  	Internal IP  	Description
    25166 	tcp 	192.168.218.128 	Skype
    25166 	udp 	192.168.218.128 	Skype
    14299 	tcp 	192.168.218.128 	dna
    
    

    However, when he started his VPN to his office
    (tunnel running on the PC no VPN on the pfsense)

    I was getting this:

    
    Port  	Protocol  	Internal IP  	Description
    25166 	tcp 	192.168.1.246	Skype
    25166 	udp 	192.168.1.246   Skype
    14299 	tcp 	192.168.1.246 	dna
    
    

    Until I blocked the Private Networks on the OPT2 interface with:

    
    Pass  * DMZ2 Net     *   DMZ2 Net    * *
    Block * DMZ2 Net     *   PrivateLanD * *
    Pass  * DMZ2 Net     * ! PrivateLanD * *
    Block * PrivateLanD  *   *           * *
    
    DMZ2 Net: 192.168.218.0/24
    PrivateLanD: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
    
    

    now I see this:

    
    Port  	Protocol  	Internal IP  	Description
    25166 	tcp 	192.168.218.128	Skype
    25166 	udp 	192.168.218.128	Skype
    14299 	tcp 	192.168.1.246 	dna
    
    

    ???

    I don't see any states related to 192.168.1 …
    the 218.128 PC is on a WIFI router, maybe the router is acting up also ...
    This is not an issue for me as the router and PC will be gone in a few days  ::)



  • Not sure on that. I did work on updating upnp to the latest release. Try installing it via the instructions on the below thread. Since you have a setup to test with we could see if the multiple interface issue was resolved in the later release.

    http://forum.pfsense.org/index.php/topic,6594.msg47191.html#msg47191



  • @rsw686:

    Not sure on that. I did work on updating upnp to the latest release. Try installing it via the instructions on the below thread. Since you have a setup to test with we could see if the multiple interface issue was resolved in the later release.

    http://forum.pfsense.org/index.php/topic,6594.msg47191.html#msg47191

    Yup I could try it, even now ;O) … if it works ;o) what is involved in "restoring the old files" part?
    i don't mind reverting things but a full reinstall of 1.2 is kinda long ... 1 hour downtime ...



  • reapply the firmwareupdate of 1.2 and you'll be back to the original files. It only takes a reboot and downtime of a few minutes.



  • @hoba:

    reapply the firmwareupdate of 1.2 and you'll be back to the original files. It only takes a reboot and downtime of a few minutes.

    Ok, jumping now  ;D

    I enable on LAN opt1 and opt2 and I get:

    The following input errors were detected:

    * You must fill in both 'Maximum Download Speed' and 'Maximum Upload Speed' fields

    However, with LAN, OPT1 and OPT2 Upnp enabled,
    it seems to be functional, but this time  only  on the OPT1 and OPT2 interface
    and in Diagnostics: Show States, it only show UDP:1900 on the OPT1 and 2 interface

    With LAN only … boohoohoo no UPnP  :o

    so I will enable it on the two OPT interface to make some users happy !

    here is the status after 10 minutes:

    
    Port  	Protocol  	Internal IP  	Description
    14298 	tcp 	      192.168.1.246 	dna
    
    

    I enabled the Log Packets, System Uptime, Secure mode options
    I still see the VPN ip but no skype … ( then again I did do the mod online and I don't have access to the clients)

    The other DMZ is doing fine with Utorrent



  • @RonpfS:

    The following input errors were detected:

    * You must fill in both 'Maximum Download Speed' and 'Maximum Upload Speed' fields

    Sorry this was a logic error. I have correct this. Just re-run the ./upnp_support update command.



  • @RonpfS:

    With LAN only … boohoohoo no UPnP  :o

    Huh  ??? I am running this version on my main pfSense box with UPnP on the LAN only and it works great.



  • 2nd update …

    now UpNp on OPT2 only  !!!

    :-[

    can I get the one before  :D



  • @hoba:

    reapply the firmwareupdate of 1.2 and you'll be back to the original files. It only takes a reboot and downtime of a few minutes.

    Is this the same as Reinstall Packages in Diagnostics: Backup/Restore

    :o

    never mind, installing firmware now  >:(



  • @RonpfS:

    2nd update …

    now UpNp on OPT2 only  !!!

    :-[

    can I get the one before  :D
    [/quote]

    Its the same miniupnpd binary. Just the check for the webgui field completion was changed.



  • Yes the webgui completion was fine with the 2nd update …

    I reapply the firmware, it is long ... 20 30 min  :'(
    Add another 3 min cause it stall at Syncing system time
    Looks like the ng0 is not up , or DNS before syncing ...
    then the  PPoE WAN connection starts  at some point before the OpenNTP time client start,

    Takes 2 min to upgrade and 45 to revert  :-[ [move]Hum i'm dreaming of a fetch h ttp://wgnrs.dynalias.com/pfsense/miniupnpd/upnp_support_1.2 for next time  :o

    So back to square one:  :D
    I see the pfsense router in the Network Connections of XP on both LAN and OPT1
    Only Utorrent on the LAN interface can open a port, no port opening on the OPT1
    so I revert back to OPT1 and OPT2 UPnP enabled, no UPnP on LAN

    this is the rules on LAN interface

    
    Pass,Log  * LAN Net      *   LAN Net     * *
    Pass,Log  * LAN Net      *   DMZ Net     * *
    Block,Log * LAN Net      *   PrivateLanD * *
    Pass.Log  * LAN Net      * ! PrivateLanD * *
    
    LAN Net: 172.18.0.0/16
    PrivateLanD: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
    
    


  • @RonpfS:

    Takes 2 min to upgrade and 45 to revert  :-[ [move]Hum i'm dreaming of a fetch h ttp://wgnrs.dynalias.com/pfsense/miniupnpd/upnp_support_1.2 for next time  :o

    Reapplying the firmware update is just the easy way of restoring. If you took a look at the upnp_support file you'll notice it only updates 4 files. You could easily grab those files from pfSense and restore them. This script was more for my use.

    If the newer version made no difference I would've just left it installed. That is the version I'm going to be putting into 1.3.



  • @rsw686:

    @RonpfS:

    Takes 2 min to upgrade and 45 to revert  :-[ [move]Hum i'm dreaming of a fetch h ttp://wgnrs.dynalias.com/pfsense/miniupnpd/upnp_support_1.2 for next time  :o

    Reapplying the firmware update is just the easy way of restoring. If you took a look at the upnp_support file you'll notice it only updates 4 files. You could easily grab those files from pfSense and restore them. This script was more for my use.

    If the newer version made no difference I would've just left it installed. That is the version I'm going to be putting into 1.3.

    Yup I saw the files it updated while it was running, should have open it before running it  :-[, but that was to late.
    I'm kinda new to FreeBSD, so I guess I should have backup the .inc,.php,.xml files, or get them back from the iso, or fetch them from? ….

    The newest version, that is the 2nd update I applied, was only working on the OPT2 interface ... so I revert to the 1.2 one in order to get OPT1 and OPT2 with UPnP enabled.
    The 1st update (WebGui message about the Speed) was ok with both OPT,  but no UPnP on LAN



  • With 1.2:
    If I enable Upnp on both LAN and OPT1, on OPT1 the pfsense router is seen with the LAN address , but Utorrent can not open port with UpNp, maybe because I block the OPT1 -> LAN in the firewall rules. So I added a rule OPT1 -> Lan Address but still no port opening.

    If I enable OPT1 only,  pfsense is seen with the OPT1 address and Utorrent can open port with Upnp


Locked