Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    UPnP blocked on WAN

    Scheduled Pinned Locked Moved Gaming
    5 Posts 3 Posters 4.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      medialis
      last edited by

      I am running pfSense 2.2.6 on an SG-2220.  On the LAN side, I have a couple devices connected via an ethernet switch, one of the devices is my PS4.  I want to enable UPnP for the obvious reasons, but I'm seeing something odd when I do.  It looks like when I enable the UPnP service, it's advertising via the WAN interface?  ???  (Not a networking guru, but looked up information on SSDP).

      And in my firewall logs, I am seeing UDP port 1900 traffic blocked on the WAN interface, originating from the LAN interface's IP address.  It would seem correct that this is being blocked, since by default I've disabled any private networks on my WAN interface.  I've tried adding an allow rule right from the logs page here, however that doesn't help since I believe it's still being blocked by the "Block Private Networks" option on my WAN interface.  Any help is much appreciated!

      EDIT: Attached images this time around..

      ![UPnP Settings.png](/public/imported_attachments/1/UPnP Settings.png)
      ![UPnP Settings.png_thumb](/public/imported_attachments/1/UPnP Settings.png_thumb)
      ![UDP traffic on WAN.png](/public/imported_attachments/1/UDP traffic on WAN.png)
      ![UDP traffic on WAN.png_thumb](/public/imported_attachments/1/UDP traffic on WAN.png_thumb)

      1 Reply Last reply Reply Quote 0
      • B
        BennyFromXXX
        last edited by

        Hi, can you add the pictures again? Maybe it is just me but I don't see them.

        External UPnP interface should be WAN.
        Internal UPnP interface should be LAN.

        On my network my PS3 is the only device that can use UPnP.

        So I have checked the "Deny access to UPnP & NAT-PMP by default." checkbox
        In the ACL Entries I have added allow 1024-65535 192.168.1.100/32 1024-65535 (192.168.1.100 is my PS3)

        1 Reply Last reply Reply Quote 0
        • M
          medialis
          last edited by

          Thanks BennyFromXXX…  I remember reading through some other posts and seeing that as an option, and I have tried that to no avail.  What I tried was to set a DHCP reservation for my PS4, verify that the lease renewed properly, and use that address in the ACL entries.  At that time I was still seeing the blocked traffic, and the PS4 was reporting that it was using NAT-Type 3. At one point prior to having this issue, I was able to get UPnP working, the PS4 reported it was using NAT-Type 2, and I could verify the session from the Status -> UPnP/NAT-PMP page.

          I will try to set the ACL lists again and see if I missed something the first time around, however it still seems odd that the service would be sending a broadcast on the WAN interface, which I think should be on the LAN side?

          1 Reply Last reply Reply Quote 0
          • M
            Marc05
            last edited by

            You can click on the red X square to see what rule is blocking it. But either way, the logs shouldn't be appearing on the WAN interface.

            1 Reply Last reply Reply Quote 0
            • M
              medialis
              last edited by

              I checked the block rule, and sure enough it was the default rule, to block private networks.  I should have grabbed a screenshot of the message, but I didn't.  I decided to upgrade to 2.3 this morning, and viola- UPnP is working, I can see the session under the status page, and my PS4 is reporting NAT Type 2.  Thanks

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.