UPnP blocked on WAN



  • I am running pfSense 2.2.6 on an SG-2220.  On the LAN side, I have a couple devices connected via an ethernet switch, one of the devices is my PS4.  I want to enable UPnP for the obvious reasons, but I'm seeing something odd when I do.  It looks like when I enable the UPnP service, it's advertising via the WAN interface?  ???  (Not a networking guru, but looked up information on SSDP).

    And in my firewall logs, I am seeing UDP port 1900 traffic blocked on the WAN interface, originating from the LAN interface's IP address.  It would seem correct that this is being blocked, since by default I've disabled any private networks on my WAN interface.  I've tried adding an allow rule right from the logs page here, however that doesn't help since I believe it's still being blocked by the "Block Private Networks" option on my WAN interface.  Any help is much appreciated!

    EDIT: Attached images this time around..

    ![UPnP Settings.png](/public/imported_attachments/1/UPnP Settings.png)
    ![UPnP Settings.png_thumb](/public/imported_attachments/1/UPnP Settings.png_thumb)
    ![UDP traffic on WAN.png](/public/imported_attachments/1/UDP traffic on WAN.png)
    ![UDP traffic on WAN.png_thumb](/public/imported_attachments/1/UDP traffic on WAN.png_thumb)



  • Hi, can you add the pictures again? Maybe it is just me but I don't see them.

    External UPnP interface should be WAN.
    Internal UPnP interface should be LAN.

    On my network my PS3 is the only device that can use UPnP.

    So I have checked the "Deny access to UPnP & NAT-PMP by default." checkbox
    In the ACL Entries I have added allow 1024-65535 192.168.1.100/32 1024-65535 (192.168.1.100 is my PS3)



  • Thanks BennyFromXXX…  I remember reading through some other posts and seeing that as an option, and I have tried that to no avail.  What I tried was to set a DHCP reservation for my PS4, verify that the lease renewed properly, and use that address in the ACL entries.  At that time I was still seeing the blocked traffic, and the PS4 was reporting that it was using NAT-Type 3. At one point prior to having this issue, I was able to get UPnP working, the PS4 reported it was using NAT-Type 2, and I could verify the session from the Status -> UPnP/NAT-PMP page.

    I will try to set the ACL lists again and see if I missed something the first time around, however it still seems odd that the service would be sending a broadcast on the WAN interface, which I think should be on the LAN side?



  • You can click on the red X square to see what rule is blocking it. But either way, the logs shouldn't be appearing on the WAN interface.



  • I checked the block rule, and sure enough it was the default rule, to block private networks.  I should have grabbed a screenshot of the message, but I didn't.  I decided to upgrade to 2.3 this morning, and viola- UPnP is working, I can see the session under the status page, and my PS4 is reporting NAT Type 2.  Thanks


Log in to reply