miniupnp.tuxfamily.org Forum Index miniupnp.tuxfamily.org
The forum about miniupnp and libnatpmp
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

monkeys changed syntax in pf
Goto page Previous  1, 2, 3, 4
 
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Compilation/Installation
View previous topic :: View next topic  
Author Message
chrisk_de



Joined: 25 May 2010
Posts: 4

PostPosted: Wed May 26, 2010 8:21 am    Post subject: Reply with quote

hmmm... at least www.openbsd.org/plus.html doesn't show any changes in current so far.
_________________
http://www.chrisk.de
Back to top
View user's profile Send private message
chrisk_de



Joined: 25 May 2010
Posts: 4

PostPosted: Wed May 26, 2010 11:21 am    Post subject: Reply with quote

Well... I tried it with the latest Snapshot as of 2010/05/25. And I still get:
miniupnpd[4062]: AddPortMapping: ext port 61105 to 10.1.16.205:61092 protocol UDP for: removeme0
miniupnpd[4062]: UPnP permission rule 0 matched : port mapping accepted
miniupnpd[4062]: redirecting port 61105 to 10.1.16.205:61092 protocol UDP for: removeme0
miniupnpd[4062]: ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_ADD_TAIL: Device busy
miniupnpd[4062]: Returning UPnPError 501: ActionFailed

So no, it does not work in current. Sad
_________________
http://www.chrisk.de
Back to top
View user's profile Send private message
chrisk_de



Joined: 25 May 2010
Posts: 4

PostPosted: Fri May 28, 2010 11:03 am    Post subject: Reply with quote

And with 2010/05/27'th snapshot they still didn't fix it...
_________________
http://www.chrisk.de
Back to top
View user's profile Send private message
BABUT



Joined: 07 Feb 2009
Posts: 13

PostPosted: Wed Jun 02, 2010 5:19 am    Post subject: Reply with quote

on miniupnpd-1.4.20100511
with PF_ENABLE_FILTER_RULES:
match in log quick inet proto tcp from any to any port = 5004 flags any keep state label "greylink Transfer Port (5004 TCP)" tag UPNP rdr-to 192.168.2.20 port 5004
pass in log quick inet proto tcp from any to any port = 5004 flags S/SA keep state label "greylink Transfer Port (5004 TCP)" tag UPNP nat-to any static-port rdr-to any
..what is it? %)
without USE_IFNAME_IN_RULES:
pass in log quick inet proto tcp from any to any port = 5004 flags any keep state label "greylink Transfer Port (5004 TCP)" tag UPNP rdr-to 192.168.2.20 port 5004
to use "any to any" is wrong- when ports coincide, incomming connections on any iface(including internal iface- from local net) match the rule and redirected. correct to use "to (self)". yes, we can filter anchor, but why to use "any to any"?

ps: when we see flag for detail log in syslog(with background)? ;)
Back to top
View user's profile Send private message
grey



Joined: 13 Apr 2010
Posts: 3

PostPosted: Tue Jul 06, 2010 6:32 pm    Post subject: Reply with quote

Just thought I'd note in this thread, that the bug causing this problem in OpenBSD should be resolved in the -current branch as of June 27th, 2010

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_ioctl.c#rev1.233

If you're running OpenBSD-current after that date, it should probably work (I'll be testing after work today), and if you are running 4.7 that's the first patch after release, so you should be able to apply it with minimal difficulty and upgrade your kernel without having to make any other major changes. (But don't ask how to do that here)
Back to top
View user's profile Send private message
grey



Joined: 13 Apr 2010
Posts: 3

PostPosted: Wed Jul 21, 2010 11:59 am    Post subject: Reply with quote

Just wanted to report back my success, The latest version of miniupnpd with a kernel compiled with that patch works like a charm Smile
Back to top
View user's profile Send private message
sputnik



Joined: 13 Sep 2010
Posts: 4

PostPosted: Mon Sep 13, 2010 1:40 pm    Post subject: Reply with quote

Post #1because of: You must have 1 posts before you can post URL's/Links.

Last edited by sputnik on Mon Sep 13, 2010 2:04 pm; edited 1 time in total
Back to top
View user's profile Send private message
sputnik



Joined: 13 Sep 2010
Posts: 4

PostPosted: Mon Sep 13, 2010 1:53 pm    Post subject: Reply with quote

Post #2

grey wrote:
Just thought I'd note in this thread, that the bug causing this problem in OpenBSD should be resolved in the -current branch as of June 27th, 2010

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_ioctl.c#rev1.233

If you're running OpenBSD-current after that date, it should probably work (I'll be testing after work today), and if you are running 4.7 that's the first patch after release, so you should be able to apply it with minimal difficulty and upgrade your kernel without having to make any other major changes. (But don't ask how to do that here)


Why one couldn't ask how to do that here? In case someone running 4.7 need it:

Download the patch from here and save it to directory /usr/src/sys/net/ of your source tree as patch.txt. Then just apply that patch by:
Code:
cd /usr/src/sys/net && patch -p4 < patch.txt

Recompile your kernel. Congrats, you now have miniupnp working.
Back to top
View user's profile Send private message
rsptsa



Joined: 13 Sep 2010
Posts: 3

PostPosted: Mon Sep 13, 2010 7:35 pm    Post subject: Reply with quote

Hi,

I have five vlan and i use openbsd 4.7 as router.
On one side i have my FreeNas on wich is working upnp (vlan3) and the other a computer who must access to my nas using upnp (vlan1).

So it doesn't work even if i put anchor miniupnpd in my pf.conf.

can you give me a sample of pf.conf ?

thanks
Back to top
View user's profile Send private message
sputnik



Joined: 13 Sep 2010
Posts: 4

PostPosted: Tue Sep 14, 2010 2:47 pm    Post subject: Reply with quote

rsptsa wrote:
Hi,

I have five vlan and i use openbsd 4.7 as router.
On one side i have my FreeNas on wich is working upnp (vlan3) and the other a computer who must access to my nas using upnp (vlan1).

So it doesn't work even if i put anchor miniupnpd in my pf.conf.

can you give me a sample of pf.conf ?

thanks


I have nothing more in pf.conf related to miniupnp, but anchor miniupnp. Have you patched your kernel as described above? Can you provide relevant syslog messages?
Back to top
View user's profile Send private message
rsptsa



Joined: 13 Sep 2010
Posts: 3

PostPosted: Tue Sep 14, 2010 3:19 pm    Post subject: Reply with quote

I installed Openbsd after the 27 June, normally my release was already patch.
Back to top
View user's profile Send private message
sputnik



Joined: 13 Sep 2010
Posts: 4

PostPosted: Tue Sep 14, 2010 4:58 pm    Post subject: Reply with quote

rsptsa wrote:
I installed Openbsd after the 27 June, normally my release was already patch.

That's where you're wrong. Download the latest source, open /usr/src/sys/net/pf_ioctl.c and you'll be surprised (as i was). Smile

Patch it as described above and it will work.
Back to top
View user's profile Send private message
rsptsa



Joined: 13 Sep 2010
Posts: 3

PostPosted: Tue Sep 14, 2010 6:07 pm    Post subject: Reply with quote

I patched kernel and problem is still here.

Computer in lan 1 cannot see upnp devices in lan 2.

my miniupnpd.conf :

Code:

ext_ifname=em0
listening_ip=192.168.210.254/24
listening_ip=192.168.220.254/24
listening_ip=192.168.230.254/24
port=0

enable_natpmp=yes

enable_upnp=yes

bitrate_up=1000000
bitrate_down=10000000

secure_mode=no

system_uptime=yes

notify_interval=60

clean_ruleset_interval=600

uuid=bc78d5c9-216e-4c6c-9b04-e842559478b9

serial=12345678
model_number=1

allow 1024-65535 192.168.210.0/24 1024-65535
allow 1024-65535 192.168.220.0/24 1024-65535
allow 1024-65535 192.168.230.0/24 1024-65535

deny 0-65535 0.0.0.0/0 0-65535



pf.conf (as simple as possible)
Code:

anchor MINIUPNPD
match out on em0 inet from any to any nat-to (em0:0)
pass all


pfctl -s rules -a MINIUPNPD returns nothing

Log of miniupnpd :

Code:

miniupnpd[22802]: HTTP connection from 192.168.220.109miniupnpd[22802]: SSDP M-SEARCH from 192.168.220.109:49529 ST: upnp:rootdevice
miniupnpd[22802]: SSDP M-SEARCH from 192.168.220.109:49529 ST: urn:schemas-wifialliance-org:device:WFADevice:1
miniupnpd[22802]: HTTP connection from 192.168.220.109:64534
miniupnpd[22802]: HTTP REQUEST : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[22802]: SSDP M-SEARCH from 192.168.220.109:49529 ST: upnp:rootdevice
miniupnpd[22802]: SSDP M-SEARCH from 192.168.220.109:49529 ST: urn:schemas-wifialliance-org:device:WFADevice:1
Back to top
View user's profile Send private message
jakin1988
Guest





PostPosted: Wed Apr 13, 2011 8:00 am    Post subject: Reply with quote

chrisk_de wrote:
Well... I tried it with the latest Snapshot as of 2010/05/25. And I still get:
miniupnpd[4062]: AddPortMapping: ext port 61105 to 10.1.16.205:61092 protocol UDP for: removeme0
miniupnpd[4062]: UPnP permission rule 0 matched : port mapping accepted
miniupnpd[4062]: redirecting port 61105 to 10.1.16.205:61092 protocol UDP for: removeme0
miniupnpd[4062]: ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_ADD_TAIL: Device busy
miniupnpd[4062]: Returning UPnPError 501: ActionFailed

So no, it does not work in current. Sad


yes! i still have the same problem. please help us solve this problem.
Back to top
HHAuthority
Guest





PostPosted: Wed May 25, 2011 9:07 am    Post subject: Update Reply with quote

Any update if you guys have solved the problem? I 'm also having the same issues as you guys so I though it would be wise to ask the people in this thread.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Compilation/Installation All times are GMT
Goto page Previous  1, 2, 3, 4
Page 4 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP
© 2007 Thomas Bernard, author of MiniUPNP.