| View previous topic :: View next topic |
| Author |
Message |
ssjkakaroto
Joined: 31 May 2009
Posts: 11
|
 Posted: Sun May 31, 2009 6:24 pm Post subject: A few questions about miniupnpd |
 |
|
Hi there, first let me thank you for this great program, it's making things much easier in my small LAN 
Now for the questions:
1) Can miniupnpd create more than one queue?
I ask this because I have a PS3, a Xbox360 and 2 PC's connected to my gateway (OpenBSD 4.5). One of the PC's is used mainly for downloading and I would like to be able to put both the PS3 and Xbox on a higher priority queue so I didn't need to stop my downloads when playing.
2) What is this error that I get constantly when miniupnpd is running:
| Code: | | miniupnpd[3766]: sendto(udp_notify=7, 10.0.0.1): No route to host |
3) Even after I was able to setup miniupnp the PS3 is always complaining the I am behind a NAT Type 3 and that I may have problems connecting to other people and playing games. Do you know what could be the cause?
Here's the log when I run its connection test:
| Code: | miniupnpd[3766]: SSDP M-SEARCH from 10.0.0.8:49451 ST: urn:schemas-upnp-org:device:MediaServer:1
miniupnpd[3766]: SSDP M-SEARCH from 10.0.0.8:49451 ST: urn:schemas-upnp-org:device:MediaServer:1
miniupnpd[3766]: SSDP M-SEARCH from 10.0.0.8:49451 ST: urn:schemas-upnp-org:device:MediaServer:1
miniupnpd[3766]: SSDP M-SEARCH from 10.0.0.8:49447 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
miniupnpd[3766]: HTTP connection from 10.0.0.8:55903
miniupnpd[3766]: HTTP REQUEST : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[3766]: HTTP connection from 10.0.0.8:55902
miniupnpd[3766]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[3766]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress
miniupnpd[3766]: HTTP connection from 10.0.0.8:55901
miniupnpd[3766]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[3766]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
miniupnpd[3766]: AddPortMapping: ext port 3658 to 10.0.0.8:3658 protocol UDP for: 10.0.0.8:3658 to 3658 (UDP)
miniupnpd[3766]: UPnP permission rule 0 matched : port mapping accepted
miniupnpd[3766]: redirecting port 3658 to 10.0.0.8:3658 protocol UDP for: 10.0.0.8:3658 to 3658 (UDP)
miniupnpd[3766]: HTTP connection from 10.0.0.8:55900
miniupnpd[3766]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[3766]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#DeletePortMapping
miniupnpd[3766]: DeletePortMapping: external port: 3658, protocol: UDP
miniupnpd[3766]: removing redirect rule port 3658 UDP |
Finally one small observation 
When you run 'make install' the manual page gets copied to '/usr/share/man' when in fact it should be placed inside on one of the '/usr/share/man/cat?' directories.
Here's my pf.conf if it helps:
| Code: | # interfaces
ext_if = "rl0" #external interface (modem)
int_if = "rl1" #internal interface (hub)
loo_if = "lo0" #loopback
# alias
rede_int = "10.0.0.0/24"
nat_pc = "10.0.0.1"
torrent_pc = "10.0.0.2"
game_pc = "10.0.0.3"
ps2 = "10.0.0.4"
ps3 = "10.0.0.8"
nds = "10.0.0.7"
wii = "10.0.0.9"
x360 = "10.0.0.10"
icmp_allow = "{ 0 3 8 11 30 }"
# options
set optimization aggressive
set loginterface $ext_if
set block-policy return
set ruleset-optimization basic
# traffic normalization
scrub in all fragment reassemble
scrub out all random-id
# nat
nat on $ext_if from $int_if:network to any -> ($ext_if)
# rdr
# miniupnpd rdr anchor
rdr-anchor miniupnpd
# ftp-proxy rdr anchor
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $int_if proto tcp to any port 21 -> 127.0.0.1 \
port 8021
rdr on $int_if proto tcp to any port 1337 -> 127.0.0.1 \
port 8021
# rdr privoxy(tor)
rdr on $int_if proto { tcp udp } from $int_if:network \
to ($int_if) port 8118 -> 127.0.0.1 port 8118
# rdr games
# quake 2
rdr on $ext_if proto udp from any to ($ext_if) port 27910 \
tag GAMES -> $game_pc port 27910
# end quake 2
# hexen 2
rdr on $ext_if proto udp from any to ($ext_if) port 26900 \
tag GAMES -> $game_pc port 26900
# end hexen 2
# quake 4 + doom 3
rdr on $ext_if proto { tcp udp } from any to ($ext_if) port 27650 \
tag GAMES -> $game_pc port 27650
rdr on $ext_if proto { tcp udp } from any to ($ext_if) port 27666 \
tag GAMES -> $game_pc port 27666
# end quake 4 + doom 3
# end rdr games
# rules
# antispoof
antispoof for $ext_if
antispoof for $int_if
# block everything
block in all
block out all
# loopback
pass quick on $loo_if all
# ftp-proxy
anchor "ftp-proxy/*"
# miniupnpd anchor
anchor miniupnpd
pass out quick on $int_if proto { tcp udp } all tagged MINIUPNP modulate state
# internal traffic
pass in quick on $int_if from $int_if:network to $nat_pc modulate state
pass out quick on $int_if from $nat_pc to $int_if:network modulate state
# $game_pc
# $int_if
pass out quick on $int_if proto icmp from any to $game_pc \
icmp-type $icmp_allow
# $ext_if
pass out quick on $ext_if proto tcp from $game_pc to any tag GAMES \
flags S/SA modulate state
pass out quick on $ext_if proto udp from $game_pc to any tag GAMES \
keep state
pass out quick on $ext_if proto icmp from $game_pc to any \
icmp-type $icmp_allow
# outgoing traffic ($int_if)
pass in on $int_if from $int_if:network to !$nat_pc modulate state
# outgoing traffic ($ext_if)
pass out on $ext_if all keep state
pass out on $ext_if proto tcp all flags S/SA \
modulate state
# incoming traffic
pass in on $ext_if proto tcp from any to ($ext_if) port ssh \
modulate state
pass in on $ext_if proto tcp from any to ($ext_if) port auth modulate state
# dns
pass on $ext_if proto udp from any to any port 53 keep state
pass on $int_if proto udp from any to any port 53 keep state |
Thanks! |
|
| Back to top |
|
 |
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1589
|
| Posted: Tue Jun 02, 2009 10:26 am Post subject: |
|
|
1) nope, that is not currently possible.
2) show me your miniupnpd.conf
3) I dont know how to make PS3 happier than this...
we need to know what exactly is not ok for the PS3...
about the man install, I will have a look
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
| Back to top |
|
|
ssjkakaroto
Joined: 31 May 2009
Posts: 11
|
| Posted: Tue Jun 02, 2009 11:54 am Post subject: |
|
|
Here it is:
| Code: | # WAN network interface
ext_ifname=rl0
# if the WAN interface has several IP addresses, you
# can specify the one to use below
#ext_ip=
# LAN network interfaces IPs / networks
# there can be multiple listening ips for SSDP traffic.
# should be under the form nnn.nnn.nnn.nnn/nn
# HTTP is available on all interfaces
listening_ip=10.0.0.1/24
# port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
port=0
# path to the unix socket used to communicate with MiniSSDPd
# If running, MiniSSDPd will manage M-SEARCH answering.
# default is /var/run/minissdpd.sock
#minissdpdsocket=/var/run/minissdpd.sock
# enable NAT-PMP support (default is no)
enable_natpmp=yes
# enable UPNP support (default is yes)
enable_upnp=yes
# chain names for netfilter (not used for pf or ipf).
# default is MINIUPNPD for both
#upnp_forward_chain=forwardUPnP
#upnp_nat_chain=UPnP
# lease file location
lease_file=/var/log/upnp.leases
# bitrates reported by daemon in bits per second
bitrate_up=415000
bitrate_down=2045000
# "secure" mode : when enabled, UPnP client are allowed to add mappings only
# to their IP.
secure_mode=yes
# default presentation url is http address on port 80
# If set to an empty string, no presentationURL element will appear
# in the XML description of the device, which prevents MS Windows
# from displaying an icon in the "Network Connections" panel.
#presentation_url=http://www.mylan/index.php
# report system uptime instead of daemon uptime
system_uptime=yes
# notify interval in seconds. default is 30 seconds.
notify_interval=60
# unused rules cleaning.
# never remove any rule before this threshold for the number
# of redirections is exceeded. default to 20
#clean_ruleset_threshold=10
# clean process work interval in seconds. default to 0 (disabled).
# a 600 seconds (10 minutes) interval makes sense
clean_ruleset_interval=600
# log packets in pf
#packet_log=no
# ALTQ queue in pf
# filter rules must be used for this to be used.
# compile with PF_ENABLE_FILTER_RULES (see config.h file)
#queue=queue_name1
# tag name in pf
tag=MINIUPNP
# make filter rules in pf quick or not. default is yes
# active when compiled with PF_ENABLE_FILTER_RULES (see config.h file)
#quickrules=no
# uuid : generate your own with "make genuuid"
uuid=ec616542-f0d7-4761-835f-7ce5ee62427d
# serial and model number the daemon will report to clients
# in its XML description
serial=12345678
model_number=1337
# UPnP permission rules
# (allow|deny) (external port range) ip/mask (internal port range)
# A port range is <min port>-<max port> or <port> if there is only
# one port in the range.
# ip/mask format must be nn.nn.nn.nn/nn
# it is advised to only allow redirection of port above 1024
# and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
allow 1024-65535 10.0.0.0/24 1024-65535
deny 0-65535 0.0.0.0/0 0-65535 |
Looking at it now I think the listening address should be 10.0.0.1/32 right? |
|
| Back to top |
|
|
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1589
|
| Posted: Tue Jun 02, 2009 4:35 pm Post subject: |
|
|
10.0.0.1/24 is fine.
Everything looks ok in your miniupnpd.conf.
Make sure nothing is blocking multicast traffic and the route table is ok.
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
| Back to top |
|
|
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1589
|
|
| Back to top |
|
|
ssjkakaroto
Joined: 31 May 2009
Posts: 11
|
| Posted: Wed Jun 03, 2009 1:40 am Post subject: |
|
|
I think miniupnpd is working fine with the PS3, it detects UPNP on my "router" and here's the output of "pfctl -a miniupnpd -s nat":
rdr on rl0 inet proto udp from any to any port = 3658 label "10.0.0.8:3658 to 3658 (UDP)" tag MINIUPNP -> 10.0.0.8 port 3658
I don't know what else it needs to give me this NAT Level 2 thing.
I noticed this when running miniupnpc:
| Code: | List of UPNP devices found on the network :
desc: http://10.0.0.1:16858/rootDesc.xml
st: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Found valid IGD : http://10.0.0.1:16858/ctl/IPConn
Local LAN ip address : 10.0.0.2
Connection Type : IP_Routed
Status : Connected, uptime=680131, LastConnectionError : ERROR_NONE
MaxBitRateDown : 2045000 bps MaxBitRateUp 415000 bps
ExternalIPAddress = 192.168.1.2
Bytes: Sent: 3214859811 Recv: 4026739695
Packets: Sent: 31140519 Recv: 46212852 |
What are the possible results for "Connection Type"? I think maybe when the PS3 sees IP_Routed it automatically says the I'm behind NAT Type 3.
The "No route to host" error was caused by the lack of the following rules
| Code: | pass out on $int_if from any to 239.0.0.0/8 keep state
pass in on $int_if from any to 239.0.0.0/8 keep state |
but shouldn't miniupnpd use 224.0.0.0/24 instead? |
|
| Back to top |
|
|
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1589
|
| Posted: Wed Jun 03, 2009 9:03 am Post subject: |
|
|
| ssjkakaroto wrote: | I think miniupnpd is working fine with the PS3, it detects UPNP on my "router" and here's the output of "pfctl -a miniupnpd -s nat":
rdr on rl0 inet proto udp from any to any port = 3658 label "10.0.0.8:3658 to 3658 (UDP)" tag MINIUPNP -> 10.0.0.8 port 3658
I don't know what else it needs to give me this NAT Level 2 thing.
I noticed this when running miniupnpc:
| Code: | List of UPNP devices found on the network :
desc: http://10.0.0.1:16858/rootDesc.xml
st: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Found valid IGD : http://10.0.0.1:16858/ctl/IPConn
Local LAN ip address : 10.0.0.2
Connection Type : IP_Routed
Status : Connected, uptime=680131, LastConnectionError : ERROR_NONE
MaxBitRateDown : 2045000 bps MaxBitRateUp 415000 bps
ExternalIPAddress = 192.168.1.2
Bytes: Sent: 3214859811 Recv: 4026739695
Packets: Sent: 31140519 Recv: 46212852 |
What are the possible results for "Connection Type"? I think maybe when the PS3 sees IP_Routed it automatically says the I'm behind NAT Type 3.
|
Unconfigured / IP_Routed / IP_Bridged.
I dont think setting it to IP_Bridged could be any help. Is the PS3 calling GetConnectionTypeInfo() ?
| ssjkakaroto wrote: |
The "No route to host" error was caused by the lack of the following rules
| Code: | pass out on $int_if from any to 239.0.0.0/8 keep state
pass in on $int_if from any to 239.0.0.0/8 keep state |
but shouldn't miniupnpd use 224.0.0.0/24 instead? |
IP reserved for multicast are 224.0.0.0 through 239.255.255.255. That is 224.0.0.0/4 ! 239.0.0.0/8 is ok for SSDP multicast address which is 239.255.255.250. 239.0.0.0/8 maps to local defined purpose multicast address.
224.0.0.0/24 won't work.
http://www.iana.org/assignments/multicast-addresses/
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
| Back to top |
|
|
ssjkakaroto
Joined: 31 May 2009
Posts: 11
|
| Posted: Wed Jun 03, 2009 11:00 am Post subject: |
|
|
Thanks for the info
How can I check if the PS3 is calling GetConnectionTypeInfo() ?
Also, can I restric those rules a little more? Something like:
| Code: | pass out on $int_if inet proto udp from 239.0.0.0/8 to 239.0.0.0/8 keep state
pass in on $int_if inet proto udp from 239.0.0.0/8 to 239.0.0.0/8 keep state |
|
|
| Back to top |
|
|
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1589
|
| Posted: Thu Jun 04, 2009 8:53 am Post subject: |
|
|
| ssjkakaroto wrote: | Thanks for the info
How can I check if the PS3 is calling GetConnectionTypeInfo() ?
|
It will appears in the logs.
| Quote: |
Also, can I restric those rules a little more? Something like:
| Code: | pass out on $int_if inet proto udp from 239.0.0.0/8 to 239.0.0.0/8 keep state
pass in on $int_if inet proto udp from 239.0.0.0/8 to 239.0.0.0/8 keep state |
|
restricting to udp is ok, but the source address is NOT 239.0.0.0/8 !
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
| Back to top |
|
|
ssjkakaroto
Joined: 31 May 2009
Posts: 11
|
| Posted: Thu Jun 04, 2009 1:15 pm Post subject: |
|
|
Well, the log from the PS3 connection test is that from the first post, so I guess it's not calling GetConnectionTypeInfo()...
Thanks for the help. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
