View previous topic :: View next topic |
Author |
Message |
chrisk_de
Joined: 25 May 2010 Posts: 4
|
|
Back to top |
|
|
chrisk_de
Joined: 25 May 2010 Posts: 4
|
Posted: Wed May 26, 2010 11:21 am Post subject: |
|
|
Well... I tried it with the latest Snapshot as of 2010/05/25. And I still get:
miniupnpd[4062]: AddPortMapping: ext port 61105 to 10.1.16.205:61092 protocol UDP for: removeme0
miniupnpd[4062]: UPnP permission rule 0 matched : port mapping accepted
miniupnpd[4062]: redirecting port 61105 to 10.1.16.205:61092 protocol UDP for: removeme0
miniupnpd[4062]: ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_ADD_TAIL: Device busy
miniupnpd[4062]: Returning UPnPError 501: ActionFailed
So no, it does not work in current. _________________ http://www.chrisk.de |
|
Back to top |
|
|
chrisk_de
Joined: 25 May 2010 Posts: 4
|
Posted: Fri May 28, 2010 11:03 am Post subject: |
|
|
And with 2010/05/27'th snapshot they still didn't fix it... _________________ http://www.chrisk.de |
|
Back to top |
|
|
BABUT
Joined: 07 Feb 2009 Posts: 13
|
Posted: Wed Jun 02, 2010 5:19 am Post subject: |
|
|
on miniupnpd-1.4.20100511
with PF_ENABLE_FILTER_RULES:
match in log quick inet proto tcp from any to any port = 5004 flags any keep state label "greylink Transfer Port (5004 TCP)" tag UPNP rdr-to 192.168.2.20 port 5004
pass in log quick inet proto tcp from any to any port = 5004 flags S/SA keep state label "greylink Transfer Port (5004 TCP)" tag UPNP nat-to any static-port rdr-to any
..what is it? %)
without USE_IFNAME_IN_RULES:
pass in log quick inet proto tcp from any to any port = 5004 flags any keep state label "greylink Transfer Port (5004 TCP)" tag UPNP rdr-to 192.168.2.20 port 5004
to use "any to any" is wrong- when ports coincide, incomming connections on any iface(including internal iface- from local net) match the rule and redirected. correct to use "to (self)". yes, we can filter anchor, but why to use "any to any"?
ps: when we see flag for detail log in syslog(with background)? ;) |
|
Back to top |
|
|
grey
Joined: 13 Apr 2010 Posts: 3
|
Posted: Tue Jul 06, 2010 6:32 pm Post subject: |
|
|
Just thought I'd note in this thread, that the bug causing this problem in OpenBSD should be resolved in the -current branch as of June 27th, 2010
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_ioctl.c#rev1.233
If you're running OpenBSD-current after that date, it should probably work (I'll be testing after work today), and if you are running 4.7 that's the first patch after release, so you should be able to apply it with minimal difficulty and upgrade your kernel without having to make any other major changes. (But don't ask how to do that here) |
|
Back to top |
|
|
grey
Joined: 13 Apr 2010 Posts: 3
|
Posted: Wed Jul 21, 2010 11:59 am Post subject: |
|
|
Just wanted to report back my success, The latest version of miniupnpd with a kernel compiled with that patch works like a charm |
|
Back to top |
|
|
sputnik
Joined: 13 Sep 2010 Posts: 4
|
Posted: Mon Sep 13, 2010 1:40 pm Post subject: |
|
|
Post #1because of: You must have 1 posts before you can post URL's/Links.
Last edited by sputnik on Mon Sep 13, 2010 2:04 pm; edited 1 time in total |
|
Back to top |
|
|
sputnik
Joined: 13 Sep 2010 Posts: 4
|
Posted: Mon Sep 13, 2010 1:53 pm Post subject: |
|
|
Post #2
grey wrote: | Just thought I'd note in this thread, that the bug causing this problem in OpenBSD should be resolved in the -current branch as of June 27th, 2010
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_ioctl.c#rev1.233
If you're running OpenBSD-current after that date, it should probably work (I'll be testing after work today), and if you are running 4.7 that's the first patch after release, so you should be able to apply it with minimal difficulty and upgrade your kernel without having to make any other major changes. (But don't ask how to do that here) |
Why one couldn't ask how to do that here? In case someone running 4.7 need it:
Download the patch from here and save it to directory /usr/src/sys/net/ of your source tree as patch.txt. Then just apply that patch by: Code: | cd /usr/src/sys/net && patch -p4 < patch.txt |
Recompile your kernel. Congrats, you now have miniupnp working. |
|
Back to top |
|
|
rsptsa
Joined: 13 Sep 2010 Posts: 3
|
Posted: Mon Sep 13, 2010 7:35 pm Post subject: |
|
|
Hi,
I have five vlan and i use openbsd 4.7 as router.
On one side i have my FreeNas on wich is working upnp (vlan3) and the other a computer who must access to my nas using upnp (vlan1).
So it doesn't work even if i put anchor miniupnpd in my pf.conf.
can you give me a sample of pf.conf ?
thanks |
|
Back to top |
|
|
sputnik
Joined: 13 Sep 2010 Posts: 4
|
Posted: Tue Sep 14, 2010 2:47 pm Post subject: |
|
|
rsptsa wrote: | Hi,
I have five vlan and i use openbsd 4.7 as router.
On one side i have my FreeNas on wich is working upnp (vlan3) and the other a computer who must access to my nas using upnp (vlan1).
So it doesn't work even if i put anchor miniupnpd in my pf.conf.
can you give me a sample of pf.conf ?
thanks |
I have nothing more in pf.conf related to miniupnp, but anchor miniupnp. Have you patched your kernel as described above? Can you provide relevant syslog messages? |
|
Back to top |
|
|
rsptsa
Joined: 13 Sep 2010 Posts: 3
|
Posted: Tue Sep 14, 2010 3:19 pm Post subject: |
|
|
I installed Openbsd after the 27 June, normally my release was already patch. |
|
Back to top |
|
|
sputnik
Joined: 13 Sep 2010 Posts: 4
|
Posted: Tue Sep 14, 2010 4:58 pm Post subject: |
|
|
rsptsa wrote: | I installed Openbsd after the 27 June, normally my release was already patch. |
That's where you're wrong. Download the latest source, open /usr/src/sys/net/pf_ioctl.c and you'll be surprised (as i was).
Patch it as described above and it will work. |
|
Back to top |
|
|
rsptsa
Joined: 13 Sep 2010 Posts: 3
|
Posted: Tue Sep 14, 2010 6:07 pm Post subject: |
|
|
I patched kernel and problem is still here.
Computer in lan 1 cannot see upnp devices in lan 2.
my miniupnpd.conf :
Code: |
ext_ifname=em0
listening_ip=192.168.210.254/24
listening_ip=192.168.220.254/24
listening_ip=192.168.230.254/24
port=0
enable_natpmp=yes
enable_upnp=yes
bitrate_up=1000000
bitrate_down=10000000
secure_mode=no
system_uptime=yes
notify_interval=60
clean_ruleset_interval=600
uuid=bc78d5c9-216e-4c6c-9b04-e842559478b9
serial=12345678
model_number=1
allow 1024-65535 192.168.210.0/24 1024-65535
allow 1024-65535 192.168.220.0/24 1024-65535
allow 1024-65535 192.168.230.0/24 1024-65535
deny 0-65535 0.0.0.0/0 0-65535
|
pf.conf (as simple as possible)
Code: |
anchor MINIUPNPD
match out on em0 inet from any to any nat-to (em0:0)
pass all
|
pfctl -s rules -a MINIUPNPD returns nothing
Log of miniupnpd :
Code: |
miniupnpd[22802]: HTTP connection from 192.168.220.109miniupnpd[22802]: SSDP M-SEARCH from 192.168.220.109:49529 ST: upnp:rootdevice
miniupnpd[22802]: SSDP M-SEARCH from 192.168.220.109:49529 ST: urn:schemas-wifialliance-org:device:WFADevice:1
miniupnpd[22802]: HTTP connection from 192.168.220.109:64534
miniupnpd[22802]: HTTP REQUEST : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[22802]: SSDP M-SEARCH from 192.168.220.109:49529 ST: upnp:rootdevice
miniupnpd[22802]: SSDP M-SEARCH from 192.168.220.109:49529 ST: urn:schemas-wifialliance-org:device:WFADevice:1
|
|
|
Back to top |
|
|
jakin1988 Guest
|
Posted: Wed Apr 13, 2011 8:00 am Post subject: |
|
|
chrisk_de wrote: | Well... I tried it with the latest Snapshot as of 2010/05/25. And I still get:
miniupnpd[4062]: AddPortMapping: ext port 61105 to 10.1.16.205:61092 protocol UDP for: removeme0
miniupnpd[4062]: UPnP permission rule 0 matched : port mapping accepted
miniupnpd[4062]: redirecting port 61105 to 10.1.16.205:61092 protocol UDP for: removeme0
miniupnpd[4062]: ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_ADD_TAIL: Device busy
miniupnpd[4062]: Returning UPnPError 501: ActionFailed
So no, it does not work in current. |
yes! i still have the same problem. please help us solve this problem. |
|
Back to top |
|
|
HHAuthority Guest
|
Posted: Wed May 25, 2011 9:07 am Post subject: Update |
|
|
Any update if you guys have solved the problem? I 'm also having the same issues as you guys so I though it would be wise to ask the people in this thread. |
|
Back to top |
|
|
|