| View previous topic :: View next topic |
| Author |
Message |
kai
Joined: 17 Jul 2025
Posts: 5
Location: Germany
|
 Posted: Thu Jul 17, 2025 7:39 pm Post subject: Manual open Ports with PCP? |
 |
|
Hi there,
I wonder if it is possible to manually open ports with miniupnpd and tools using PCP.
The scenario I have:
- Provider with DualStack-Lite
- IPv4 over DS-Lite tunnel
- local services which only offer IPv4
- Fritzbox tells me about a range of 20 Ports my provider gives to be used for IPv4 access from outside
- Looks like this has to be enabled/activated by PCP
Unfortunately I do not plan to use the Fritzbox as the firewall rules and other stuff are not on the level I need to run my setup.
So I thought, I could send a PCP request from a server, to open up the port on the public IPv4 with my provider and configure my router to do forwarding it to my system.
Any idea how to make this happen?
Or any pointer to a different tool?
Best regards,
kai |
|
| Back to top |
|
 |
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1598
|
|
| Back to top |
|
|
kai
Joined: 17 Jul 2025
Posts: 5
Location: Germany
|
| Posted: Wed Aug 13, 2025 7:21 pm Post subject: |
|
|
That is what I hope for. Just make it working.
When I checked this I was not able to identify the command needed for this.
When I looked the cli-client up today I found some examples.
Than you very much (even if is just pointing again to the documentation), this helps me moving forward (I hope).
Best regards,
kai |
|
| Back to top |
|
|
kai
Joined: 17 Jul 2025
Posts: 5
Location: Germany
|
| Posted: Wed Aug 13, 2025 8:03 pm Post subject: |
|
|
Unfortunately I had no luck.
I compiled the code.
And ./pcpnatpmpc runs.
I have a DS Lite connection. My IPv4 on the internet is 88.245.23. My PCP Server is 192.0.0.1. My port range (a Fritzbox told me) includes 2166. May client IP is 192.168.2.160, NAT by Router.
I thought that
./pcpnatpmpc -d -s 192.0.0.1 -e 88.245.23.14:2166
would request Port 2166 to be forwarded over the IPv4 DS Lite tunnel to my Tunnel-Endpoint
However I get a state:fail.
| Code: | 0s 000ms 000us INFO : Added PCP server ::ffff:192.0.0.1
0s 000ms 038us INFO : Added new flow(PCP server: ::ffff:192.0.0.1; Int. addr: [::ffff:192.168.2.160]:0; ScopeId: 0; Dest. addr: [::]:0; Key bucket: 4)
0s 000ms 049us INFO : Initialized wait for result of flow: 4, wait timeout 1000 ms
0s 000ms 064us INFO : Pinging PCP server at address ::ffff:192.0.0.1
0s 000ms 159us INFO : Sent PCP MSG (flow bucket:4)
0s 005ms 934us INFO : Received PCP packet from server at ::ffff:192.0.0.1, size 60, result_code 9, epoch 26597725
0s 005ms 975us INFO : Found matching flow 4 to received PCP message.
Flow signaling failed.
PCP Server IP Prot Int. IP port Dst. IP port Ext. IP port Res State Ends
::ffff:192.0.0.1 TCP ::ffff:192.168.2.160 0 :: 0 ::ffff:88.245.23.14 2166 9 fail -
0s 006ms 069us INFO : PCP server ::ffff:192.0.0.1 terminated.
|
I am sure the issue is on my side, more an ISO Layer 8 challenge. Where can I learn more about PCP? What is a flow, what is the difference between MAP, PEER and SADSCP? What is the right message and what are the various parameters?
It looks like it is using IPv6 addresses, where I would expect IPv4 addresses?!
Best regards,
kai |
|
| Back to top |
|
|
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1598
|
|
| Back to top |
|
|
kai
Joined: 17 Jul 2025
Posts: 5
Location: Germany
|
| Posted: Thu Aug 21, 2025 12:13 pm Post subject: |
|
|
Sorry for the delay. Was off a bit.
| Code: | ./pcpnatpmpc -i :2166
0s 000ms 000us INFO : Found gateway ::ffff:192.168.2.254. Added as possible PCP server.
0s 000ms 045us INFO : Added new flow(PCP server: ::ffff:192.168.2.254; Int. addr: [::ffff:192.168.2.160]:2166; ScopeId: 0; Dest. addr: [::]:0; Key bucket: 16)
0s 000ms 064us INFO : Initialized wait for result of flow: 16, wait timeout 1000 ms
0s 000ms 086us INFO : Pinging PCP server at address ::ffff:192.168.2.254
0s 000ms 200us INFO : Sent PCP MSG (flow bucket:16)
Flow signaling timed out.
PCP Server IP Prot Int. IP port Dst. IP port Ext. IP port Res State Ends
::ffff:192.168.2.254 TCP ::ffff:192.168.2.160 2166 :: 0 :: 0 0 proc -
1s 001ms 404us INFO : PCP server ::ffff:192.168.2.254 terminated.
|
Internally I am not using IPv6. Which I may need to fix first. 192.168.2.254 is the next hop in my network, next is 192.168.2.253, which runs the Dual-Stack tunnel and the internet dial in.
When I use a Fritz Box as gateway, this claims 'used PCP server: 192.0.0.1. So a assumed this is the server I need to send PCP messages to.
I understood that I would need to send the PCP message to an IPv6 host? But to be clear I would like to use the PCP to control an IPv4 session, the one which is tunneled via the Dual-Stack tunnel.
Best regards,
kai |
|
| Back to top |
|
|
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1598
|
| Posted: Sat Aug 30, 2025 3:49 pm Post subject: |
|
|
You dont need to send the PCP message to an IPv6 host.
The PCP message should be sent to the gateway for the default route ! (in either IPv4 or IPv6)
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
| Back to top |
|
|
kai
Joined: 17 Jul 2025
Posts: 5
Location: Germany
|
| Posted: Mon Sep 01, 2025 11:51 am Post subject: |
|
|
Thanks.
It looks like it works with a Fritz Box. I could do a tcpdump with the messages. Would this help to identify what the right command would be for this with miniupnp?
Best regards,
kai |
|
| Back to top |
|
|
miniupnp
Site Admin
Joined: 14 Apr 2007
Posts: 1598
|
| Posted: Mon Sep 01, 2025 9:19 pm Post subject: |
|
|
what do you want to dump with tcpdump ? the PCP packets ?
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
