miniupnp.tuxfamily.org Forum Index miniupnp.tuxfamily.org
The forum about miniupnp and libnatpmp
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

UPnP for 2 gateways

 
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Feature Request
View previous topic :: View next topic  
Author Message
toastman



Joined: 13 Feb 2009
Posts: 6

PostPosted: Fri Feb 13, 2009 8:27 am    Post subject: UPnP for 2 gateways Reply with quote

Hi from a new poster, and thank you for minUPnPd - it's marvellous and I'm enjoying the lack of hassle.

I wanted to ask if there is a way to help with the following setup which I want to use in my residential networks.

I have 80 users on a single network, with one main router 192.168.1.1 which issues IP's via DHCP and contains MAC access restriction rules. I want to keep it that way so relatively inexperienced staff can maintain the list each month, when guests leave and new ones join.

We have promotional offers on 5Mbps ADSL lines from the ISP now. I have added a second ADSL line via ppoe to 192.168.1.2

I want to split the network between the two gateways, which is simple to do with this method:

dhcp-mac=red,00:0D:87:2D:1C:7A (I will use a range here) ....
dhcp-option=net:red, 3, 192.168.1.2 #Assigns "red" to the second gateway
dhcp-option=net:red, 6, 192.168.1.1 #Assigns "red's" DNS server to 1st gateway

(Both routers run modified Tomato with MiniUPnPd on ASUS WL500gP v2)

It works very nicely but the big snag is that UPnP cannot open ports on the second gateway, so users on that gateway do not get full functionality.

Can you offer any solution? Even if it were possible to open identical portforwards on both gateways, that would be enough, and unused ports will clear automatically.

[I did experiment with two identical DHCP servers to split the network, but ran into problems with "wrong gateway" error messages and a five-minute renewal time, but otherwise it did work. I also found that miniUPnPd often opened ports on BOTH gateways simultaneously, and closed them when I stopped uTorrent, which is what prompted e to make this post ].

Thanks for your help!
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1431

PostPosted: Fri Feb 13, 2009 7:46 pm    Post subject: Reply with quote

I think it will be impossible to get a solution to work with all UPnP clients.
UPnP discovery is based on IP multicasting so all clients on the network would receive announcements from Both gateways. If the gateway had the knowledge of which clients it "owns", it could tell other clients it is in a disconnected state and not answer their discovery requests.
That could be enough for well behaved clients, but many client would take the 1st UPnP IGD they receive announcement for...
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
toastman



Joined: 13 Feb 2009
Posts: 6

PostPosted: Sat Feb 14, 2009 1:52 pm    Post subject: Reply with quote

OK, I see the difficulty.

May I ask you another question, forgive me if I'm being dense, but I'm trying to get to grips with how the discovery proceeds into a connection.

Having discovered a second gateway is open, and having opened ports on that gateway, why doesn't the client then use that gateway? It seems to have done most of the work, but fails to "follow through" Sad

There must be SOME way to get around this problem (he said, hopefully)...
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1431

PostPosted: Sat Feb 14, 2009 2:24 pm    Post subject: Reply with quote

I think the UPnP stack in windows XP is only using the IGD which IP is the default gateway. So all software relying on win XP UPnP should work... unfortunately, most software have their own implementation of UPnP.

It all depends on how is made the UPnP Implementation in the client software.
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
toastman



Joined: 13 Feb 2009
Posts: 6

PostPosted: Sat Feb 14, 2009 5:14 pm    Post subject: Reply with quote

Ah, right, if that is so, since XP is currently the most used O/S then I suppose that we're stymied for the most part. I'm trying to see what XP actually uses to decide - isn't the gateway, since that is what my setup sends to get it to use the second gateway. It appears to be the dhcp-client field, opt 54, which is used. And that can't be changed currently in the information which is sent to the client.

dhcp-mac=red,00:0D:87:2D:1C:7A #C105B
dhcp-option=net:red, 3, 192.168.1.2 #Assigns "red" to the second gateway
dhcp-option=net:red, 6, 192.168.1.2 #Assigns "red's" DNS server to 2nd gateway
dhcp-option=net:red, 54, 192.168.1.2 #Assigns "red's" DHCP server to 2nd gateway - does this work?? --- NO - this is not usually settable by the user.....

Thanks for the explanation and the prompt replies. I'll go back to my headscratching !
Back to top
View user's profile Send private message
toastman



Joined: 13 Feb 2009
Posts: 6

PostPosted: Wed Feb 18, 2009 2:53 am    Post subject: Reply with quote

After a little more research, I found this:

"Windows XP only talks to and allows one to control an IGD that also is the default gateway. This characteristic is a result of a security update Microsoft implemented in Windows XP SP-1. When they were looking at potential threats to the system, they decided that somebody could pull off a spoof against IGDs, so they decided one way to limit the threat is to talk only to IGDs that are the default gateway."

"i.e. - it MUST appear in the routing table as gateway for the destination 0.0.0.0 netmask 0.0.0.0"

Which is exactly what the method I use to assign the second gateway to clients does:

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : ruankaew
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Ethernet NIC
Physical Address. . . . . . . . . : 00-1F-D0-D5-3F-37
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.98
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.2
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.2
Lease Obtained. . . . . . . . . . : Wednesday, February 18, 2009 9:21:37 AM
Lease Expires . . . . . . . . . . : Thursday, February 19, 2009 9:21:37 AM

Here is the routing table for the XP client:

Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.2 192.168.1.98 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.98 192.168.1.98 20
192.168.1.0 255.255.255.0 192.168.1.98 192.168.1.98 20
192.168.1.98 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.98 192.168.1.98 20
224.0.0.0 240.0.0.0 192.168.1.98 192.168.1.98 20
255.255.255.255 255.255.255.255 192.168.1.98 192.168.1.98 1
Default Gateway: 192.168.1.2


So, according to all I have read, this method should work, as you say. But it doesn't appear to do so. Not a single Windows application seems to consistently open ports on the default gateway - including Windows native applications such as Messenger, which always open ports on 192.168.1.1

I say "consistently" because very occasionally an application will open a port on the 2nd gateway, but it does not attempt to actually use it.

Now, if I MANUALLY enter the IP, default gateway, and dns server into the ethernet card setup, everything works! All ports are now opened on the default gateway of 192.168.1.2. The behavior is quite different than when the same details are assigned by DHCP.

Is there something I'm missing?
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1431

PostPosted: Wed Feb 18, 2009 9:55 pm    Post subject: Reply with quote

I guess you found a bug in Windows XP SP-1 UPnP software Sad
In any case, I don't how to fix your problem... except by turning off UPnP support on the Gateways and only using NAT-PMP.
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
toastman



Joined: 13 Feb 2009
Posts: 6

PostPosted: Thu Feb 19, 2009 5:57 pm    Post subject: Reply with quote

Thanks miniupnp..

I guess it is a bug in SP1 - SP3.

There seems to be something going on with the DHCP assignment that isn't clear from using ipconfig /all. It all seems to be in a bit of a mess.

Of course, turning off UPnP would do the trick - if Windows applications supported NAT-PMP. But only a few in common use do - uTorrent and Azureus. So that's not an option, unfortunately.

But thank you very much for your prompt replies, and thank you even more for miniUPnP!
Back to top
View user's profile Send private message
toastman



Joined: 13 Feb 2009
Posts: 6

PostPosted: Sat Feb 21, 2009 9:31 am    Post subject: Reply with quote

Progress! I wanted to let you know what happened, it might be useful to others.

I continued to experiment with the red tag method, assigned a group of MAC addresses, and left UPnP and NAT-PMP running on both gateways. I left it alone for two days, and to my surprise it has all begun to work. From opening ports on the wrong gateway, the clients then moved on to opening ports on BOTH gateways, and then after 2 days, all seems to be working in the manner intended, and ports are now being opened only on the correct gateways. This is a change from Tomato's previous UPnP client behaviour. I have no idea why it is now working, but it must be something to do with the original lease times having expired.
Back to top
View user's profile Send private message
nuclight



Joined: 17 Jan 2008
Posts: 23

PostPosted: Tue Feb 24, 2009 9:54 am    Post subject: Reply with quote

The more correct solution would be to leave one gateway for all clients, and the gateway will decide who will go to each address, actually. But this requires multiple address support from miniupnpd. I've done something similar in my custom daemon (see topic for multiple addresses), but with NAT-PMP, and unfortunately you need UPnP...
_________________
WBR, Nuclear Lightning
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Feature Request All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP
© 2007 Thomas Bernard, author of MiniUPNP.