| View previous topic :: View next topic |
| Author |
Message |
ssjkakaroto
Joined: 31 May 2009
Posts: 11
|
 Posted: Thu Jul 23, 2009 4:42 pm Post subject: OpenBSD changing port number inside UDP packet |
 |
|
Hi miniupnp author, this post is not related to miniupnp but I hoped you could help me.
As I posted here, I'm having connection troubles with my PS3, using a OpenBSD box as the NAT server.
When I connected the PS3 directly to the router, the connection test was successful, so I decided to capture the packets being sent by the PS3 when it's was doing its connection test to try to see what was going wrong.
After comparing both captures (directly connected to the router and connected to the OpenBSD box) I noticed the following difference on the packets right at the time the test fails:
Successful connection
| Code: | No. Time Source Destination Protocol Info
171 33.894835 198.107.158.129 192.168.1.3 STUN Message: Binding Response
Frame 171 (122 bytes on wire, 122 bytes captured)
Ethernet II, Src: D-Link_e1:b9:00 (00:1b:11:e1:b9:00), Dst: SonyComp_96:61:25 (00:1f:a7:96:61:25)
Internet Protocol, Src: 198.107.158.129 (198.107.158.129), Dst: 192.168.1.3 (192.168.1.3)
User Datagram Protocol, Src Port: stun (3478), Dst Port: 50526 (50526)
Source port: stun (3478)
Destination port: 50526 (50526)
Length: 88
Checksum: 0xe9db [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Simple Traversal of UDP Through NAT
[Request In: 170]
[Time: 0.140815000 seconds]
Message Type: Binding Response (0x0101)
Message Length: 0x003c
Message Transaction ID: BCEA76A6F4EAEE3ABFEA173E40579CBC
Attributes
Attribute: SOURCE-ADDRESS
Attribute: CHANGED-ADDRESS
Attribute: XOR_MAPPED_ADDRESS
Attribute Type: XOR_MAPPED_ADDRESS (0x8020)
Attribute Length: 8
Protocol Family: IPv4 (0x0001)
Port (XOR-d): 31156
[Port: 50526]
IP (XOR-d): 117.178.149.236 (117.178.149.236)
[IP: 201.88.227.74 (201.88.227.74)]
Attribute: MESSAGE-INTEGRITY |
Failed Connection
| Code: | No. Time Source Destination Protocol Info
162 36.836648 198.107.157.137 10.0.0.8 STUN Message: Binding Response
Frame 162 (122 bytes on wire, 122 bytes captured)
Ethernet II, Src: CnetTech_67:99:f8 (00:08:a1:67:99:f8), Dst: SonyComp_96:61:25 (00:1f:a7:96:61:25)
Internet Protocol, Src: 198.107.157.137 (198.107.157.137), Dst: 10.0.0.8 (10.0.0.8)
User Datagram Protocol, Src Port: stun (3478), Dst Port: 50516 (50516)
Source port: stun (3478)
Destination port: 50516 (50516)
Length: 88
Checksum: 0x6f8f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Simple Traversal of UDP Through NAT
[Request In: 161]
[Time: 0.133701000 seconds]
Message Type: Binding Response (0x0101)
Message Length: 0x003c
Message Transaction ID: 0FDF0B74DA2676EC4751BFB3AE4CBAC2
Attributes
Attribute: SOURCE-ADDRESS
Attribute: CHANGED-ADDRESS
Attribute: XOR_MAPPED_ADDRESS
Attribute Type: XOR_MAPPED_ADDRESS (0x8020)
Attribute Length: 8
Protocol Family: IPv4 (0x0001)
Port (XOR-d): 50030
[Port: 52401]
IP (XOR-d): 198.135.232.62 (198.135.232.62)
[IP: 201.88.227.74 (201.88.227.74)]
Attribute: MESSAGE-INTEGRITY |
As you can see, when connected to the router, the destination port inside UDP is the same of XOR_MAPPED_ADDRESS, but when going through OpenBSD, the port number changes in XOR_MAPPED_ADDRESS, do you have any idea why?
I have posted the full packets here:
Request (Successful): http://paste2.org/p/337420
Response (Successful): http://paste2.org/p/337422
Request (Failure): http://paste2.org/p/337424
Response (Failure): http://paste2.org/p/337426
Thanks for any help |
|
| Back to top |
|
 |
dormando
Joined: 11 Sep 2009
Posts: 4
|
| Posted: Fri Sep 11, 2009 1:44 am Post subject: |
|
|
Did you ever figure this out? I'm running an OpenBSD gateway and having similar issues... Except I don't seem to even get as far as you do.
The PS3 sends a UPNP discover packet, my server responds, and then a moment later the PS3 sends another packet. after three attempts it gives up and says I don't support it.
I actually tried putting miniupnd on my laptop to see if it'd at least negotiate with the PS3, but was getting the same results. So it might not even be the PS3...
Would be nice to see a full example session from someone with a working PS3. |
|
| Back to top |
|
|
ssjkakaroto
Joined: 31 May 2009
Posts: 11
|
| Posted: Fri Sep 11, 2009 2:15 am Post subject: |
|
|
I could've swear that I posted the solution here 
Just add static-port to the nat command:
nat on $ext_if from $int_if:network to any -> ($ext_if) static-port |
|
| Back to top |
|
|
dormando
Joined: 11 Sep 2009
Posts: 4
|
| Posted: Fri Sep 11, 2009 2:53 am Post subject: |
|
|
| ssjkakaroto wrote: | I could've swear that I posted the solution here
Just add static-port to the nat command:
nat on $ext_if from $int_if:network to any -> ($ext_if) static-port |
That's a start, thanks 
My PS3 doesn't even detect UPnP on my router. Skype works with it great though.
I just see the PS3 pinging the upnp daemon, and under ktrace I can see the upnp daemon attempting to respond.
I found your other post and tried making my configs look more like yours, no dice. Any other tips, current state of config files, etc? I have no idea why the PS3 isn't seeing the upnp daemon...
Thanks! |
|
| Back to top |
|
|
ssjkakaroto
Joined: 31 May 2009
Posts: 11
|
| Posted: Fri Sep 11, 2009 3:54 am Post subject: |
|
|
Start with a very simple ruleset for pf, for example:
| Code: | nat on $ext_if from $int_if:network to any -> ($ext_if) static-port
rdr-anchor miniupnpd
anchor miniupnpd
pass all |
If you still have problems with UPnP with that ruleset then you might have bigger issues with the OS 
If not, just start adding rule by rule until you find what is causing the error.
On that other topic I also posted my miniupnpd.conf file, see if you're not too restrictive.
Also put miniupnpd on the foreground to see what exactly is going on in real time. |
|
| Back to top |
|
|
dormando
Joined: 11 Sep 2009
Posts: 4
|
| Posted: Fri Sep 11, 2009 4:01 am Post subject: |
|
|
| ssjkakaroto wrote: | Start with a very simple ruleset for pf, for example:
| Code: | nat on $ext_if from $int_if:network to any -> ($ext_if) static-port
rdr-anchor miniupnpd
anchor miniupnpd
pass all |
If you still have problems with UPnP with that ruleset then you might have bigger issues with the OS
If not, just start adding rule by rule until you find what is causing the error.
On that other topic I also posted my miniupnpd.conf file, see if you're not too restrictive.
Also put miniupnpd on the foreground to see what exactly is going on in real time. |
I saw the miniupnpd.conf file, already adjusted that... I tried a simplified ruleset once, but I'll try again.
What version/release of miniupnpd are you on? What were your compile flags?
Thanks again |
|
| Back to top |
|
|
dormando
Joined: 11 Sep 2009
Posts: 4
|
| Posted: Fri Sep 11, 2009 4:58 am Post subject: |
|
|
Yeah, doesn't work with a minimal resultset. That switches the NAT Type from "Type 3" to "Type 2", but it still insists that UPnP isn't available.
miniupnpd[4953]: HTTP listening on port 22053
miniupnpd[4953]: Listening for NAT-PMP traffic on port 5351
miniupnpd[4953]: SSDP M-SEARCH from 192.168.0.13:50938 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
miniupnpd[4953]: SSDP M-SEARCH from 192.168.0.13:50938 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
miniupnpd[4953]: SSDP M-SEARCH from 192.168.0.13:50938 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
miniupnpd[4953]: SSDP M-SEARCH from 192.168.0.13:50938 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
miniupnpd[4953]: SSDP M-SEARCH from 192.168.0.13:50938 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
miniupnpd[4953]: SSDP M-SEARCH from 192.168.0.13:50938 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
... is all I see. ktrace shows the full packets and the response is being sent back correctly.
I'm using miniupnpd-20090605 - think I've tried 1.3 already...
Skype works fine with it. rules appear and whatnot as they should.
Any ideas? :/ |
|
| Back to top |
|
|
ssjkakaroto
Joined: 31 May 2009
Posts: 11
|
| Posted: Fri Sep 11, 2009 1:39 pm Post subject: |
|
|
At least you can get NAT Type 2, which is a start.
I'm using miniupnpd-20090516 and I didn't use any specific flags when compiling, IIRC I just used 'make && make install'.
But I think you'll have to request some help from miniupnpd author  |
|
| Back to top |
|
|
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1589
|
| Posted: Fri Sep 11, 2009 5:06 pm Post subject: |
|
|
sorry for not answering before.
I don't know STUN enough to be sure, but I think that your capture show that your router and OpenBSD don't do NAT the same way so with your router STUN works and with OpenBSD is seems to fail. Indeed adding static-port should resolve this by forcing OpenBSD pf to keep the same port for the packet.
But it still doesnt explain why the PS3 doesnt like miniupnpd 
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
