miniupnp.tuxfamily.org Forum Index miniupnp.tuxfamily.org
The forum about miniupnp and libnatpmp
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

A few questions about miniupnpd

 
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Compilation/Installation
View previous topic :: View next topic  
Author Message
ssjkakaroto



Joined: 31 May 2009
Posts: 11

PostPosted: Sun May 31, 2009 6:24 pm    Post subject: A few questions about miniupnpd Reply with quote

Hi there, first let me thank you for this great program, it's making things much easier in my small LAN Smile

Now for the questions:
1) Can miniupnpd create more than one queue?
I ask this because I have a PS3, a Xbox360 and 2 PC's connected to my gateway (OpenBSD 4.5). One of the PC's is used mainly for downloading and I would like to be able to put both the PS3 and Xbox on a higher priority queue so I didn't need to stop my downloads when playing.

2) What is this error that I get constantly when miniupnpd is running:
Code:
miniupnpd[3766]: sendto(udp_notify=7, 10.0.0.1): No route to host


3) Even after I was able to setup miniupnp the PS3 is always complaining the I am behind a NAT Type 3 and that I may have problems connecting to other people and playing games. Do you know what could be the cause?
Here's the log when I run its connection test:
Code:
miniupnpd[3766]: SSDP M-SEARCH from 10.0.0.8:49451 ST: urn:schemas-upnp-org:device:MediaServer:1
miniupnpd[3766]: SSDP M-SEARCH from 10.0.0.8:49451 ST: urn:schemas-upnp-org:device:MediaServer:1
miniupnpd[3766]: SSDP M-SEARCH from 10.0.0.8:49451 ST: urn:schemas-upnp-org:device:MediaServer:1
miniupnpd[3766]: SSDP M-SEARCH from 10.0.0.8:49447 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
miniupnpd[3766]: HTTP connection from 10.0.0.8:55903
miniupnpd[3766]: HTTP REQUEST : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[3766]: HTTP connection from 10.0.0.8:55902
miniupnpd[3766]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[3766]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress
miniupnpd[3766]: HTTP connection from 10.0.0.8:55901
miniupnpd[3766]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[3766]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
miniupnpd[3766]: AddPortMapping: ext port 3658 to 10.0.0.8:3658 protocol UDP for: 10.0.0.8:3658 to 3658 (UDP)
miniupnpd[3766]: UPnP permission rule 0 matched : port mapping accepted
miniupnpd[3766]: redirecting port 3658 to 10.0.0.8:3658 protocol UDP for: 10.0.0.8:3658 to 3658 (UDP)
miniupnpd[3766]: HTTP connection from 10.0.0.8:55900
miniupnpd[3766]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[3766]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#DeletePortMapping
miniupnpd[3766]: DeletePortMapping: external port: 3658, protocol: UDP
miniupnpd[3766]: removing redirect rule port 3658 UDP


Finally one small observation Razz
When you run 'make install' the manual page gets copied to '/usr/share/man' when in fact it should be placed inside on one of the '/usr/share/man/cat?' directories.

Here's my pf.conf if it helps:
Code:
# interfaces
ext_if = "rl0" #external interface (modem)
int_if = "rl1" #internal interface (hub)
loo_if = "lo0" #loopback

# alias
rede_int = "10.0.0.0/24"
nat_pc = "10.0.0.1"
torrent_pc = "10.0.0.2"
game_pc = "10.0.0.3"
ps2 = "10.0.0.4"
ps3 = "10.0.0.8"
nds = "10.0.0.7"
wii = "10.0.0.9"
x360 = "10.0.0.10"
icmp_allow = "{ 0 3 8 11 30 }"

# options
set optimization aggressive
set loginterface $ext_if
set block-policy return
set ruleset-optimization basic

# traffic normalization
scrub in  all fragment reassemble
scrub out all random-id

# nat
nat on $ext_if from $int_if:network to any -> ($ext_if)

# rdr
# miniupnpd rdr anchor
rdr-anchor miniupnpd

# ftp-proxy rdr anchor
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $int_if proto tcp to any port 21 -> 127.0.0.1 \
       port 8021
rdr on $int_if proto tcp to any port 1337 -> 127.0.0.1 \
       port 8021

# rdr privoxy(tor)
rdr on $int_if proto { tcp udp } from $int_if:network \
   to ($int_if) port 8118 -> 127.0.0.1 port 8118

# rdr games
# quake 2
rdr on $ext_if proto udp from any to ($ext_if) port 27910 \
       tag GAMES -> $game_pc port 27910
# end quake 2
# hexen 2
rdr on $ext_if proto udp from any to ($ext_if) port 26900 \
       tag GAMES -> $game_pc port 26900
# end hexen 2
# quake 4 + doom 3
rdr on $ext_if proto { tcp udp } from any to ($ext_if) port 27650 \
       tag GAMES -> $game_pc port 27650
rdr on $ext_if proto { tcp udp } from any to ($ext_if) port 27666 \
       tag GAMES -> $game_pc port 27666
# end quake 4 + doom 3
# end rdr games

# rules
# antispoof
antispoof for $ext_if
antispoof for $int_if

# block everything
block in  all
block out all

# loopback
pass quick on $loo_if all

# ftp-proxy
anchor "ftp-proxy/*"

# miniupnpd anchor
anchor miniupnpd
pass out quick on $int_if proto { tcp udp } all tagged MINIUPNP modulate state

# internal traffic
pass in  quick on $int_if from $int_if:network to $nat_pc modulate state
pass out quick on $int_if from $nat_pc to $int_if:network modulate state

# $game_pc
# $int_if
pass out quick on $int_if proto icmp from any to $game_pc \
    icmp-type $icmp_allow
# $ext_if
pass out quick on $ext_if proto tcp from $game_pc to any tag GAMES \
    flags S/SA modulate state
pass out quick on $ext_if proto udp from $game_pc to any tag GAMES \
    keep state
pass out quick on $ext_if proto icmp from $game_pc to any \
    icmp-type $icmp_allow

# outgoing traffic ($int_if)
pass in on $int_if from $int_if:network to !$nat_pc modulate state

# outgoing traffic ($ext_if)
pass out on $ext_if all keep state
pass out on $ext_if proto tcp all flags S/SA \
    modulate state

# incoming traffic
pass in on $ext_if proto tcp from any to ($ext_if) port ssh \
    modulate state
pass in on $ext_if proto tcp from any to ($ext_if) port auth modulate state

# dns
pass on $ext_if proto udp from any to any port 53 keep state
pass on $int_if proto udp from any to any port 53 keep state


Thanks!
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1548

PostPosted: Tue Jun 02, 2009 10:26 am    Post subject: Reply with quote

1) nope, that is not currently possible.
2) show me your miniupnpd.conf
3) I dont know how to make PS3 happier than this...
we need to know what exactly is not ok for the PS3...

about the man install, I will have a look Smile
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
ssjkakaroto



Joined: 31 May 2009
Posts: 11

PostPosted: Tue Jun 02, 2009 11:54 am    Post subject: Reply with quote

Here it is:
Code:
# WAN network interface
ext_ifname=rl0
# if the WAN interface has several IP addresses, you
# can specify the one to use below
#ext_ip=

# LAN network interfaces IPs / networks
# there can be multiple listening ips for SSDP traffic.
# should be under the form nnn.nnn.nnn.nnn/nn
# HTTP is available on all interfaces
listening_ip=10.0.0.1/24
# port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
port=0

# path to the unix socket used to communicate with MiniSSDPd
# If running, MiniSSDPd will manage M-SEARCH answering.
# default is /var/run/minissdpd.sock
#minissdpdsocket=/var/run/minissdpd.sock

# enable NAT-PMP support (default is no)
enable_natpmp=yes

# enable UPNP support (default is yes)
enable_upnp=yes

# chain names for netfilter (not used for pf or ipf).
# default is MINIUPNPD for both
#upnp_forward_chain=forwardUPnP
#upnp_nat_chain=UPnP

# lease file location
lease_file=/var/log/upnp.leases

# bitrates reported by daemon in bits per second
bitrate_up=415000
bitrate_down=2045000

# "secure" mode : when enabled, UPnP client are allowed to add mappings only
# to their IP.
secure_mode=yes

# default presentation url is http address on port 80
# If set to an empty string, no presentationURL element will appear
# in the XML description of the device, which prevents MS Windows
# from displaying an icon in the "Network Connections" panel.
#presentation_url=http://www.mylan/index.php

# report system uptime instead of daemon uptime
system_uptime=yes

# notify interval in seconds. default is 30 seconds.
notify_interval=60

# unused rules cleaning.
# never remove any rule before this threshold for the number
# of redirections is exceeded. default to 20
#clean_ruleset_threshold=10
# clean process work interval in seconds. default to 0 (disabled).
# a 600 seconds (10 minutes) interval makes sense
clean_ruleset_interval=600

# log packets in pf
#packet_log=no

# ALTQ queue in pf
# filter rules must be used for this to be used.
# compile with PF_ENABLE_FILTER_RULES (see config.h file)
#queue=queue_name1

# tag name in pf
tag=MINIUPNP

# make filter rules in pf quick or not. default is yes
# active when compiled with PF_ENABLE_FILTER_RULES (see config.h file)
#quickrules=no

# uuid : generate your own with "make genuuid"
uuid=ec616542-f0d7-4761-835f-7ce5ee62427d

# serial and model number the daemon will report to clients
# in its XML description
serial=12345678
model_number=1337

# UPnP permission rules
# (allow|deny) (external port range) ip/mask (internal port range)
# A port range is <min port>-<max port> or <port> if there is only
# one port in the range.
# ip/mask format must be nn.nn.nn.nn/nn
# it is advised to only allow redirection of port above 1024
# and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
allow 1024-65535 10.0.0.0/24 1024-65535
deny 0-65535 0.0.0.0/0 0-65535

Looking at it now I think the listening address should be 10.0.0.1/32 right?
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1548

PostPosted: Tue Jun 02, 2009 4:35 pm    Post subject: Reply with quote

10.0.0.1/24 is fine.
Everything looks ok in your miniupnpd.conf.
Make sure nothing is blocking multicast traffic and the route table is ok.
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1548

PostPosted: Tue Jun 02, 2009 4:37 pm    Post subject: Reply with quote

about "NAT 3" on the PS3 : it may help you to read http://miniupnp.tuxfamily.org/forum/viewtopic.php?t=392
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
ssjkakaroto



Joined: 31 May 2009
Posts: 11

PostPosted: Wed Jun 03, 2009 1:40 am    Post subject: Reply with quote

I think miniupnpd is working fine with the PS3, it detects UPNP on my "router" and here's the output of "pfctl -a miniupnpd -s nat":
rdr on rl0 inet proto udp from any to any port = 3658 label "10.0.0.8:3658 to 3658 (UDP)" tag MINIUPNP -> 10.0.0.8 port 3658
I don't know what else it needs to give me this NAT Level 2 thing.

I noticed this when running miniupnpc:
Code:
List of UPNP devices found on the network :
 desc: http://10.0.0.1:16858/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://10.0.0.1:16858/ctl/IPConn
Local LAN ip address : 10.0.0.2
Connection Type : IP_Routed
Status : Connected, uptime=680131, LastConnectionError : ERROR_NONE
MaxBitRateDown : 2045000 bps   MaxBitRateUp 415000 bps
ExternalIPAddress = 192.168.1.2
Bytes:   Sent: 3214859811       Recv: 4026739695
Packets: Sent: 31140519 Recv: 46212852

What are the possible results for "Connection Type"? I think maybe when the PS3 sees IP_Routed it automatically says the I'm behind NAT Type 3.

The "No route to host" error was caused by the lack of the following rules
Code:
pass out on $int_if from any to 239.0.0.0/8 keep state
pass in on $int_if from any to 239.0.0.0/8 keep state

but shouldn't miniupnpd use 224.0.0.0/24 instead?
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1548

PostPosted: Wed Jun 03, 2009 9:03 am    Post subject: Reply with quote

ssjkakaroto wrote:
I think miniupnpd is working fine with the PS3, it detects UPNP on my "router" and here's the output of "pfctl -a miniupnpd -s nat":
rdr on rl0 inet proto udp from any to any port = 3658 label "10.0.0.8:3658 to 3658 (UDP)" tag MINIUPNP -> 10.0.0.8 port 3658
I don't know what else it needs to give me this NAT Level 2 thing.

I noticed this when running miniupnpc:
Code:
List of UPNP devices found on the network :
 desc: http://10.0.0.1:16858/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://10.0.0.1:16858/ctl/IPConn
Local LAN ip address : 10.0.0.2
Connection Type : IP_Routed
Status : Connected, uptime=680131, LastConnectionError : ERROR_NONE
MaxBitRateDown : 2045000 bps   MaxBitRateUp 415000 bps
ExternalIPAddress = 192.168.1.2
Bytes:   Sent: 3214859811       Recv: 4026739695
Packets: Sent: 31140519 Recv: 46212852

What are the possible results for "Connection Type"? I think maybe when the PS3 sees IP_Routed it automatically says the I'm behind NAT Type 3.

Unconfigured / IP_Routed / IP_Bridged.
I dont think setting it to IP_Bridged could be any help. Is the PS3 calling GetConnectionTypeInfo() ?
ssjkakaroto wrote:

The "No route to host" error was caused by the lack of the following rules
Code:
pass out on $int_if from any to 239.0.0.0/8 keep state
pass in on $int_if from any to 239.0.0.0/8 keep state

but shouldn't miniupnpd use 224.0.0.0/24 instead?

IP reserved for multicast are 224.0.0.0 through 239.255.255.255. That is 224.0.0.0/4 ! 239.0.0.0/8 is ok for SSDP multicast address which is 239.255.255.250. 239.0.0.0/8 maps to local defined purpose multicast address.
224.0.0.0/24 won't work.

http://www.iana.org/assignments/multicast-addresses/
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
ssjkakaroto



Joined: 31 May 2009
Posts: 11

PostPosted: Wed Jun 03, 2009 11:00 am    Post subject: Reply with quote

Thanks for the info Smile

How can I check if the PS3 is calling GetConnectionTypeInfo() ?
Also, can I restric those rules a little more? Something like:
Code:
pass out on $int_if inet proto udp from 239.0.0.0/8 to 239.0.0.0/8 keep state
pass in on $int_if inet proto udp from 239.0.0.0/8 to 239.0.0.0/8 keep state
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1548

PostPosted: Thu Jun 04, 2009 8:53 am    Post subject: Reply with quote

ssjkakaroto wrote:
Thanks for the info Smile

How can I check if the PS3 is calling GetConnectionTypeInfo() ?

It will appears in the logs.
Quote:

Also, can I restric those rules a little more? Something like:
Code:
pass out on $int_if inet proto udp from 239.0.0.0/8 to 239.0.0.0/8 keep state
pass in on $int_if inet proto udp from 239.0.0.0/8 to 239.0.0.0/8 keep state

restricting to udp is ok, but the source address is NOT 239.0.0.0/8 !
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
ssjkakaroto



Joined: 31 May 2009
Posts: 11

PostPosted: Thu Jun 04, 2009 1:15 pm    Post subject: Reply with quote

Well, the log from the PS3 connection test is that from the first post, so I guess it's not calling GetConnectionTypeInfo()...

Thanks for the help.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Compilation/Installation All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP
© 2007 Thomas Bernard, author of MiniUPNP.