miniupnp.tuxfamily.org Forum Index miniupnp.tuxfamily.org
The forum about miniupnp and libnatpmp
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

UPnP Rule Cleaning?

 
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Compilation/Installation
View previous topic :: View next topic  
Author Message
F4S4K4N



Joined: 26 Aug 2015
Posts: 5

PostPosted: Wed Aug 26, 2015 8:42 pm    Post subject: UPnP Rule Cleaning? Reply with quote

So i've come across a fault thats probably in the UPnP protocol itself.

When a device adds a port mapping it uses a duration of 0 and the rule lasts forever, for some devices this is ok because they are always on, but others are not always on and the mapping will remain. These mappings can build up over time, opening holes in the firewall that point to nothing or possibly a different device that has take the old device's DHCP lease. I can clean these mappings using the clean feature, but this feature removes all port mappings. Not just the dead ones.

So for some devices, they will have their mappings removed and not know about it so they cease to function correctly. The only solution is to reboot the device so it re-creates the mappings until the next clean cycle.

I tried using IGDv2 which requires a lease duration as far as i can tell, but on IGDv2 the devices wont even create mappings at all, even though they do connect to miniupnpd.

Has anyone ever experienced this and found a solution or workaround?
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1589

PostPosted: Thu Aug 27, 2015 7:53 am    Post subject: Reply with quote

Quote:
I can clean these mappings using the clean feature, but this feature removes all port mappings. Not just the dead ones.

it is supposed to clean only the dead ones...
you may need to play with clean_ruleset_threshold and clean_ruleset_interval options.

the feature removes the mappings which were unused (not packet seen) between clean_ruleset_interval seconds.

see upnp_redirect.c: clean_ruleset_interval()
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
F4S4K4N



Joined: 26 Aug 2015
Posts: 5

PostPosted: Thu Aug 27, 2015 8:45 am    Post subject: Reply with quote

Could having a threshold of 0 create an invalid configuration? I would like to have miniupnpd always clean the rules, even if there is only a low number of.

Ill try setting the time to an hour or something like that. Right now it's at the default 10 min and most of the UPnP clients are IP phones and an Xbox. I imagine the IP phone's rules are getting clean because traffic only comes in when receiving a call, which doesn't happen every 10 min.
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1589

PostPosted: Fri Aug 28, 2015 1:25 pm    Post subject: Reply with quote

use a threshold of 1 !
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Compilation/Installation All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP
© 2007 Thomas Bernard, author of MiniUPNP.