| View previous topic :: View next topic |
| Author |
Message |
jedinite
Joined: 10 Oct 2008
Posts: 13
|
 Posted: Mon Oct 13, 2008 10:57 pm Post subject: FreeBSD 7, Xbox 360, miniupnpd |
 |
|
| Xbox obtains IP via DHCP, everything on my PC works fine so I know miniupnpd is working. My Xbox even says Open NAT yet in the lease file I see nothing from the xbox and people cant connect to my xbox |
|
| Back to top |
|
 |
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1594
|
| Posted: Tue Oct 14, 2008 5:41 pm Post subject: Re: FreeBSD 7, Xbox 360, miniupnpd |
|
|
| jedinite wrote: | | Xbox obtains IP via DHCP, everything on my PC works fine so I know miniupnpd is working. My Xbox even says Open NAT yet in the lease file I see nothing from the xbox and people cant connect to my xbox |
what is the IP of you xbox 360 and the allow/deny lines in your miniupnpd.conf ?
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
| Back to top |
|
|
jedinite
Joined: 10 Oct 2008
Posts: 13
|
| Posted: Wed Oct 15, 2008 8:57 pm Post subject: |
|
|
| Code: | ext_ifname=nfe0
listening_ip=10.0.0.1/24
port=0
enable_natpmp=yes
enable_upnp=yes
lease_file=/var/db/upnpd/upnpd.leases
bitrate_up=1000000
bitrate_down=10000000
secure_mode=no
system_uptime=yes
notify_interval=60
clean_ruleset_interval=600
uuid=fc4ec57e-b051-11db-88f8-0060085db3f6
serial=12345678
model_number=1
allow 10-65535 10.0.0.0/24 10-65535
deny 0-65535 0.0.0.0/0 0-65535 |
Xbox is 10.0.0.3 |
|
| Back to top |
|
|
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1594
|
| Posted: Thu Oct 16, 2008 9:47 am Post subject: |
|
|
everything looks fine...
People should be able to connect to your XBox.
About the lease file, maybe miniupnpd was not compiled with the right option.
Anyway you can see what are the active mappings from another PC running Windows or with miniupnpc.
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
| Back to top |
|
|
jedinite
Joined: 10 Oct 2008
Posts: 13
|
| Posted: Fri Oct 24, 2008 12:10 am Post subject: |
|
|
| I compiled with lease file. The ports are not being forwarded. |
|
| Back to top |
|
|
jedinite
Joined: 10 Oct 2008
Posts: 13
|
| Posted: Fri Oct 24, 2008 4:30 am Post subject: |
|
|
Should I uncomment | Code: | | /*#define PF_ENABLE_FILTER_RULES*/ |
? I am using PF... |
|
| Back to top |
|
|
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1594
|
| Posted: Fri Oct 24, 2008 6:24 am Post subject: |
|
|
the code can either add filter rules with "pass" option OR fileter rules AND pass rules.
There are some options you can set on pass rules but can't on filter rules with pass options.
Most people whnt need to enable the PF_ENABLE_FILTER_RULES.
| Code: | $ sudo pfctl -s nat -a miniupnpd
rdr pass on dc0 inet proto tcp from any to any port = 4662 label "libminiupnpc" -> 192.168.11.33 port 4662
|
That works for me 
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
| Back to top |
|
|
jedinite
Joined: 10 Oct 2008
Posts: 13
|
| Posted: Sat Oct 25, 2008 1:07 am Post subject: |
|
|
| Code: | gateway# pfctl -s nat -a miniupnpd
No ALTQ support in kernel
ALTQ related functions disabled
rdr on nfe0 inet proto tcp from any to any port = 14105 label "msnmsgr (10.0.0.2:4917) 14105 TCP" rtable 0 -> 10.0.0.2 port 4917
rdr on nfe0 inet proto tcp from any to any port = 28441 label "msnmsgr (10.0.0.2:4973) 28441 TCP" rtable 0 -> 10.0.0.2 port 4973
rdr on nfe0 inet proto tcp from any to any port = 5902 label "msnmsgr (10.0.0.2:1045) 5902 TCP" rtable 0 -> 10.0.0.2 port 1045
rdr on nfe0 inet proto tcp from any to any port = 15630 label "msnmsgr (10.0.0.2:1087) 15630 TCP" rtable 0 -> 10.0.0.2 port 1087
rdr on nfe0 inet proto tcp from any to any port = 10767 label "msnmsgr (10.0.0.2:1320) 10767 TCP" rtable 0 -> 10.0.0.2 port 1320
rdr on nfe0 inet proto tcp from any to any port = 23311 label "msnmsgr (10.0.0.2:1369) 23311 TCP" rtable 0 -> 10.0.0.2 port 1369
rdr on nfe0 inet proto tcp from any to any port = 36623 label "msnmsgr (10.0.0.2:1421) 36623 TCP" rtable 0 -> 10.0.0.2 port 1421
rdr on nfe0 inet proto tcp from any to any port = 34831 label "msnmsgr (10.0.0.2:1418) 34831 TCP" rtable 0 -> 10.0.0.2 port 1418
rdr on nfe0 inet proto tcp from any to any port = 50959 label "msnmsgr (10.0.0.2:1477) 50959 TCP" rtable 0 -> 10.0.0.2 port 1477
rdr on nfe0 inet proto tcp from any to any port = 1804 label "msnmsgr (10.0.0.2:1541) 1804 TCP" rtable 0 -> 10.0.0.2 port 1541
gateway# |
Everything but Xbox seems to work fine.
Edit:
Also...
| Code: | #define UPNP_VERSION "20081024"
#define PFRULE_INOUT_COUNTS
#define USE_PF 1
#define OS_NAME "FreeBSD"
#define OS_VERSION "FreeBSD/7.0-RELEASE"
#define OS_URL "http://www.freebsd.org/" |
PFRULE_INOUT_COUNTS is fine with no value? |
|
| Back to top |
|
|
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1594
|
| Posted: Sat Oct 25, 2008 8:38 am Post subject: |
|
|
| jedinite wrote: |
Also...
| Code: | #define UPNP_VERSION "20081024"
#define PFRULE_INOUT_COUNTS
#define USE_PF 1
#define OS_NAME "FreeBSD"
#define OS_VERSION "FreeBSD/7.0-RELEASE"
#define OS_URL "http://www.freebsd.org/" |
PFRULE_INOUT_COUNTS is fine with no value? |
yes.
If everything works except the XBOX 360, you should try to concentrate on what exactly happen when the XBOX 360 discovers the UPnP devices and when it tries (or not ?) to redirect a port.
Running miniupnpd with -d option would be usefull.
Here an example of what I get when a UPnP client detect miniupnpd :
| Code: |
Oct 26 06:33:50 fontarabie miniupnpd[4995]: SSDP M-SEARCH from 192.168.11.33:40605 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Oct 26 06:33:53 fontarabie miniupnpd[4995]: HTTP connection from 192.168.11.33:51037
Oct 26 06:33:52 fontarabie miniupnpd[4995]: HTTP REQUEST : GET /rootDesc.xml (HTTP/1.1)
Oct 26 06:33:52 fontarabie miniupnpd[4995]: HTTP connection from 192.168.11.33:51038
Oct 26 06:33:52 fontarabie miniupnpd[4995]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
Oct 26 06:33:52 fontarabie miniupnpd[4995]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetStatusInfo
Oct 26 06:33:53 fontarabie miniupnpd[4995]: HTTP connection from 192.168.11.33:51039
Oct 26 06:33:53 fontarabie miniupnpd[4995]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
Oct 26 06:33:53 fontarabie miniupnpd[4995]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetConnectionTypeInfo
Oct 26 06:33:53 fontarabie miniupnpd[4995]: HTTP connection from 192.168.11.33:51040
Oct 26 06:33:53 fontarabie miniupnpd[4995]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
Oct 26 06:33:53 fontarabie miniupnpd[4995]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetStatusInfo
Oct 26 06:33:53 fontarabie miniupnpd[4995]: HTTP connection from 192.168.11.33:51041
Oct 26 06:33:53 fontarabie miniupnpd[4995]: HTTP REQUEST : POST /ctl/CmnIfCfg (HTTP/1.1)
Oct 26 06:33:53 fontarabie miniupnpd[4995]: SOAPAction: urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetCommonLinkProperties
Oct 26 06:33:53 fontarabie miniupnpd[4995]: HTTP connection from 192.168.11.33:51042
Oct 26 06:33:53 fontarabie miniupnpd[4995]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
Oct 26 06:33:53 fontarabie miniupnpd[4995]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress
|
PS: -d option has 2 actions : don't daemonize, and set log to verbose...
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
| Back to top |
|
|
jedinite
Joined: 10 Oct 2008
Posts: 13
|
| Posted: Mon Oct 27, 2008 6:57 am Post subject: |
|
|
| Code: | gateway# miniupnpd -d
Reading configuration from file /etc/miniupnpd.conf
perm rule added : allow 10-65535 0a000000/ffffff00 10-65535
perm rule added : deny 0-65535 00000000/00000000 0-65535
miniupnpd[2121]: HTTP listening on port 51507
miniupnpd[2121]: Listening for NAT-PMP traffic on port 5351
miniupnpd[2121]: HTTP connection from 10.0.0.2:4153
miniupnpd[2121]: HTTP REQUEST : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[2121]: HTTP connection from 10.0.0.2:4154
miniupnpd[2121]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[2121]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress
miniupnpd[2121]: HTTP connection from 10.0.0.2:4156
miniupnpd[2121]: HTTP REQUEST : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[2121]: HTTP connection from 10.0.0.2:4158
miniupnpd[2121]: HTTP REQUEST : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[2121]: HTTP connection from 10.0.0.2:4159
miniupnpd[2121]: HTTP REQUEST : GET /L3F.xml (HTTP/1.1)
miniupnpd[2121]: HTTP connection from 10.0.0.2:4160
miniupnpd[2121]: HTTP REQUEST : GET /WANCfg.xml (HTTP/1.1)
miniupnpd[2121]: HTTP connection from 10.0.0.2:4161
miniupnpd[2121]: HTTP REQUEST : GET /WANIPCn.xml (HTTP/1.1)
miniupnpd[2121]: HTTP connection from 10.0.0.2:4162
miniupnpd[2121]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[2121]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetConnectionTypeInfo
miniupnpd[2121]: HTTP connection from 10.0.0.2:4163
miniupnpd[2121]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[2121]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetNATRSIPStatus
miniupnpd[2121]: HTTP connection from 10.0.0.2:4164
miniupnpd[2121]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[2121]: SOAPAction: urn:schemas-upnp-org:control-1-0#QueryStateVariable
miniupnpd[2121]: SSDP M-SEARCH from 10.0.0.3:2831 ST: urn:schemas-upnp-org:service:WANIPConnection:1
miniupnpd[2121]: SSDP M-SEARCH from 10.0.0.3:28153 ST: urn:schemas-upnp-org:service:WANPPPConnection:1
miniupnpd[2121]: HTTP connection from 10.0.0.3:37779
miniupnpd[2121]: HTTP REQUEST : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[2121]: HTTP connection from 10.0.0.3:5862
miniupnpd[2121]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[2121]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetStatusInfo
miniupnpd[2121]: HTTP connection from 10.0.0.3:27293
miniupnpd[2121]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[2121]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
miniupnpd[2121]: AddPortMapping: ext port 3074 to 10.0.0.3:3074 protocol UDP for: Xbox (10.0.0.3:3074) 3074 UDP
miniupnpd[2121]: UPnP permission rule 0 matched : port mapping accepted
miniupnpd[2121]: redirecting port 3074 to 10.0.0.3:3074 protocol UDP for: Xbox (10.0.0.3:3074) 3074 UDP |
I just ran the "Connection Test" on the Xbox 360 (10.0.0.3) and it reports an open NAT. I wonder why in Halo 3 when searching for a game it says I am behind a strict NAT. This is however the first time I have seen the Xbox 360 rule in the lease file ( http://216.232.234.163:1338/vnstat/ , in page src). I guess I'll play some Halo 3 with -d and see what happens.
Edit:
Just out of curiosity, whats with the instant requests from my PC when miniupnpd is started does it send out some sort of broadcast on start? Looks like it happened in yours too. |
|
| Back to top |
|
|
jedinite
Joined: 10 Oct 2008
Posts: 13
|
| Posted: Mon Oct 27, 2008 7:04 am Post subject: |
|
|
Might as well throw this up too | Code: | # macros
ext_if="nfe0"
int_if="rl0"
tcp_services="{ 1338 }"
icmp_types="{ echoreq, unreach, echorep }"
comp1="10.0.0.2"
#comp1_tcp_services="{ 1337 }"
comp2="10.0.0.3"
#comp2_tcp_services="{ 3074 }"
#comp2_udp_services="{ 3074, 88 }"
# options
set block-policy return
set loginterface $ext_if
set skip on lo
# scrub
scrub in
# nat/rdr
nat on $ext_if from !($ext_if) -> ($ext_if:0)
rdr-anchor "miniupnpd"
#rdr on $ext_if proto tcp from any to any port 46465 -> $comp1
rdr on $ext_if proto tcp from any to any port 1337 -> $comp1
rdr on $ext_if inet proto udp from any to any port 88 -> $comp2
rdr on $ext_if inet proto { tcp, udp } from any to any port 3074 -> $comp2
# filter rules
block in
pass out keep state
anchor "miniupnpd"
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state
#pass in on $ext_if inet proto tcp from any to $comp1 port 46465 flags S/SA synproxy state
pass in on $ext_if inet proto tcp from any to $comp1 port 1337 flags S/SA synproxy state
pass in quick on $ext_if inet proto udp from any to $comp2 port 88 keep state
pass in quick on $ext_if inet proto {tcp, udp} from any to $comp2 port 3074 keep state
pass in quick inet proto icmp all icmp-type $icmp_types keep state
pass in quick on $int_if |
It's a bit of a mess is there a cleaner one somewhere? |
|
| Back to top |
|
|
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1594
|
| Posted: Mon Oct 27, 2008 1:09 pm Post subject: |
|
|
| jedinite wrote: | | Just out of curiosity, whats with the instant requests from my PC when miniupnpd is started does it send out some sort of broadcast on start? Looks like it happened in yours too. |
Yep. When started, and then regularly MiniUPnPd broadcast some NOTIFY SSDP packets.
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
| Back to top |
|
|
jedinite
Joined: 10 Oct 2008
Posts: 13
|
| Posted: Mon Oct 27, 2008 10:36 pm Post subject: |
|
|
is there any way to make it write all this -d stuff to a file? there is too much after a few rounds of halo putty trims it.
Edit:
adding | Code: | !miniupnpd
*.* /var/log/miniupnpd.log |
to /etc/syslog.conf what i want?
also:
| Code: | gateway# miniupnpd
Reading configuration from file /etc/miniupnpd.conf
perm rule added : allow 10-65535 0a000000/ffffff00 10-65535
perm rule added : deny 0-65535 00000000/00000000 0-65535
gateway# miniupnpd
Reading configuration from file /etc/miniupnpd.conf
perm rule added : allow 10-65535 0a000000/ffffff00 10-65535
perm rule added : deny 0-65535 00000000/00000000 0-65535
gateway# |
does the second process make the first reload config or does the second just exit because miniupnpd already running? |
|
| Back to top |
|
|
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1594
|
| Posted: Mon Oct 27, 2008 11:22 pm Post subject: |
|
|
| jedinite wrote: | is there any way to make it write all this -d stuff to a file... there is too much after a few rounds of halo putty trims it.
Edit:
adding | Code: | | *miniupnpd* /var/log/miniupnpd.log |
to /etc/syslog.conf what i want?
|
depending on what is defined LOG_MINIUPNPD in config.h you should ensure there is a line daemon.* /var/log/somefile in syslog.conf...
See http://miniupnp.tuxfamily.org/forum/viewtopic.php?t=492 for more details...
| jedinite wrote: |
also:
| Code: | gateway# miniupnpd
Reading configuration from file /etc/miniupnpd.conf
perm rule added : allow 10-65535 0a000000/ffffff00 10-65535
perm rule added : deny 0-65535 00000000/00000000 0-65535
gateway# miniupnpd
Reading configuration from file /etc/miniupnpd.conf
perm rule added : allow 10-65535 0a000000/ffffff00 10-65535
perm rule added : deny 0-65535 00000000/00000000 0-65535
gateway# |
does the second process make the first reload config or does the second just exit because miniupnpd already running? |
the second one is just exiting because already running.
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
| Back to top |
|
|
jedinite
Joined: 10 Oct 2008
Posts: 13
|
| Posted: Wed Oct 29, 2008 9:29 am Post subject: |
|
|
My syslog.conf
| Code: | *.err;kern.warning;auth.notice;mail.crit /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
ftp.info /var/log/xferlog
cron.* /var/log/cron
*.=debug /var/log/debug.log
*.emerg *
!startslip
*.* /var/log/slip.log
!ppp
*.* /var/log/ppp.log |
Is there a list of command line options somewhere?
Also if there are rules like
| Code: | rdr on $ext_if inet proto udp from any to any port 88 -> $comp2
rdr on $ext_if inet proto { tcp, udp } from any to any port 3074 -> $comp2
pass in quick on $ext_if inet proto udp from any to $comp2 port 88 keep state
pass in quick on $ext_if inet proto {tcp, udp} from any to $comp2 port 3074 keep state |
and then miniupnpd has a request for those ports to be maped, and another for them to me unmapped will the orignal rule in the pf.conf remain or be cleared? I think the xbox is unmaping them after it maps, I need to get miniupnpd logging every action to file to see. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
