miniupnp.tuxfamily.org Forum Index miniupnp.tuxfamily.org
The forum about miniupnp and libnatpmp
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

miniupnpd + minissdpd + PF on OpenBSD 4.9

 
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Compilation/Installation
View previous topic :: View next topic  
Author Message
daringone



Joined: 13 Sep 2011
Posts: 3

PostPosted: Tue Sep 13, 2011 6:46 pm    Post subject: miniupnpd + minissdpd + PF on OpenBSD 4.9 Reply with quote

Greetings all:

I'm waving the white flag and asking for help Smile After successfully compiling and installing miniupnpd on my OpenBSD 4.9 PF box, I fired it up hoping to get my Xbox360 to show me an open NAT. Unfortunately, nothing seemed to be happening. When I went back and ran miniupnpd in debug mode, when turning on the 360, I saw the following:

Code:
# /sbin/miniupnpd -d       
miniupnpd[17583]: HTTP listening on port 9361
miniupnpd[17583]: SSDP M-SEARCH from 172.29.0.36:16514 ST: uuid:2ec2659e-5565-46da-9644-09ee709339b1
miniupnpd[17583]: SSDP M-SEARCH from 172.29.0.36:16514 ST: uuid:2ec2659e-5565-46da-9644-09ee709339b1
miniupnpd[17583]: SSDP M-SEARCH from 172.29.0.36:16514 ST: uuid:2ec2659e-5565-46da-9644-09ee709339b1
miniupnpd[17583]: 160 rt_msg : msglen=160 version=4 type=1
miniupnpd[17583]: unprocessed RTM message type=1


Great, I thought. My 360 is certainly talking to the daemon. I noticed the SSDP acronym in there and remembered there being another daemon available for that. I checked the front page for miniupnpd, and sure enough the minissdpd program works alongside miniupnpd. So I install that and run them both side by side. Now I get the following while watching in debug:

miniupnpd:
Code:
# /sbin/miniupnpd -d           
miniupnpd[16291]: HTTP listening on port 9955
miniupnpd[16291]: bind(udp): Address already in use
miniupnpd[16291]: Failed to open socket for receiving SSDP. Trying to use MiniSSDPd

minissdpd:
Code:
minissdpd[26387]: SSDP request: 'NOTIFY' (2) st=
minissdpd[26387]: new device discovered : uuid:00000000-0000-0000-0200-0025AE7906AD::urn:schemas-microsoft-com:nhed:presence:1
minissdpd[26387]: ** i=1 deltadev=0 **
minissdpd[26387]: SSDP request: 'NOTIFY' (2) st=
minissdpd[26387]: new device discovered : uuid:60028570-1805-2000-0000-0025ae7906ad::upnp:rootdevice
minissdpd[26387]: ** i=1 deltadev=1 **
minissdpd[26387]: SSDP request: 'NOTIFY' (2) st=
minissdpd[26387]: device updated : uuid:60028570-1805-2000-0000-0025ae7906ad::upnp:rootdevice
minissdpd[26387]: ** i=0 deltadev=2 **
minissdpd[26387]: 2 new devices added
minissdpd[26387]: SSDP request: 'NOTIFY' (2) st=
minissdpd[26387]: new device discovered : uuid:60028570-1805-2000-0000-0025ae7906ad
minissdpd[26387]: ** i=1 deltadev=0 **
minissdpd[26387]: SSDP request: 'NOTIFY' (2) st=
minissdpd[26387]: device updated : uuid:60028570-1805-2000-0000-0025ae7906ad
minissdpd[26387]: ** i=0 deltadev=1 **
minissdpd[26387]: 1 new devices added
minissdpd[26387]: SSDP request: 'NOTIFY' (2) st=
minissdpd[26387]: new device discovered : uuid:60028570-1805-2000-0000-0025ae7906ad::urn:schemas-upnp-org:device:MediaRenderer:1
minissdpd[26387]: ** i=1 deltadev=0 **
minissdpd[26387]: SSDP request: 'NOTIFY' (2) st=
minissdpd[26387]: device updated : uuid:60028570-1805-2000-0000-0025ae7906ad::urn:schemas-upnp-org:device:MediaRenderer:1
minissdpd[26387]: ** i=0 deltadev=1 **
minissdpd[26387]: 1 new devices added
minissdpd[26387]: SSDP request: 'NOTIFY' (2) st=
minissdpd[26387]: new device discovered : uuid:60028570-1805-2000-0000-0025ae7906ad::urn:schemas-upnp-org:service:ConnectionManager:1
minissdpd[26387]: ** i=1 deltadev=0 **
minissdpd[26387]: SSDP request: 'NOTIFY' (2) st=
minissdpd[26387]: device updated : uuid:60028570-1805-2000-0000-0025ae7906ad::urn:schemas-upnp-org:service:ConnectionManager:1
minissdpd[26387]: ** i=0 deltadev=1 **
minissdpd[26387]: 1 new devices added
minissdpd[26387]: SSDP request: 'NOTIFY' (2) st=
minissdpd[26387]: new device discovered : uuid:60028570-1805-2000-0000-0025ae7906ad::urn:schemas-upnp-org:service:RenderingControl:1
minissdpd[26387]: ** i=1 deltadev=0 **
minissdpd[26387]: SSDP request: 'NOTIFY' (2) st=
minissdpd[26387]: device updated : uuid:60028570-1805-2000-0000-0025ae7906ad::urn:schemas-upnp-org:service:RenderingControl:1
minissdpd[26387]: ** i=0 deltadev=1 **
minissdpd[26387]: 1 new devices added


Seeing the new devices added line makes me think I'm in business. Unfortunately, still a strict NAT type. When I check PF, I see my problem. No rules!

Code:
pfctl -a miniupnpd -sr produces no output


I'm sure I've got my anchor in there, though the only thing I've noticed is that everything I've been able to find seems to refer to PF before the rules change in OpenBSD 4.7.

pf.conf:

Code:
#############
# Xbox Live #
#############

# In order to get Xbox Live to work properly, we've got to throw traffic to a UPnP daemon. 
# It will then make the rules in PF to allow traffic to flow properly.

anchor "miniupnpd"


The last oddity I'm running into is despite the servers apparently reacting to the 360, if I run the upnpc-static.exe -s command on my Windows 7 machine, I get an error: "No IGD UPnP Device found on the network!"

So I'm currently at a loss for why PF rules aren't being created. Help would be greatly appreciated!
Back to top
View user's profile Send private message
daringone



Joined: 13 Sep 2011
Posts: 3

PostPosted: Wed Sep 14, 2011 4:28 pm    Post subject: Reply with quote

Alright, so new development. As I came in to work today to bang on this some more, I brought up my Windows 7 machine and for giggles after making some changes, tried the miniupnp client again. I get a response now when doing a upnpc-static.exe -s command! I'm thinking I must have botched something with Windows, as I was having issues with my machine all yesterday even getting it on the network I've set up. In any case, here's my output:

Windows Console:
Code:
C:\Users\daringone\Desktop\upnpc-exe-win32-20110714>upnpc-static.exe -s
upnpc : miniupnpc library test client. (c) 2006-2011 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://172.29.0.1:18372/rootDesc.xml
 st: upnp:rootdevice

Found valid IGD : http://172.29.0.1:18372/ctl/IPConn
Local LAN ip address : 172.29.0.5
Connection Type : IP_Routed
Status : Connected, uptime=89352s, LastConnectionError : ERROR_NONE
  Time started : Tue Sep 13 11:33:09 2011
MaxBitRateDown : 15000000 bps (15.0 Mbps)   MaxBitRateUp 15000000 bps (15.0 Mbps
)
ExternalIPAddress = X.X.X.X (obfuscated... it's valid though, trust me)
Bytes:   Sent:  3834560 Recv: 35360548
Packets: Sent:    23777 Recv:   194812


minissdpd:
Code:
# /usr/sbin/minissdpd -d -i 172.29.0.1
minissdpd[1901]: (s=6) new request connection
minissdpd[1901]: (s=6) request type=4 str='upnp:rootdevice'
minissdpd[1901]: usn='uuid:a9acf00b-bc81-418d-b482-c3dd346bdd58::upnp:rootdevice'
minissdpd[1901]: server='OpenBSD/4.9 UPnP/1.0 MiniUPnPd/1.6'
minissdpd[1901]: location='http://172.29.0.1:18372/rootDesc.xml'
minissdpd[1901]: (s=6) request connection closed
minissdpd[1901]: SSDP request: 'M-SEARCH' (1) st=urn:schemas-upnp-org:device:InternetGatewayDevice:1
minissdpd[1901]: SSDP M-SEARCH from 172.29.0.5:58619 ST:urn:schemas-upnp-org:device:InternetGatewayDevice:1
minissdpd[1901]: ** i=0 deltadev=0 **
minissdpd[1901]: SSDP request: 'M-SEARCH' (1) st=urn:schemas-upnp-org:service:WANIPConnection:1
minissdpd[1901]: SSDP M-SEARCH from 172.29.0.5:58619 ST:urn:schemas-upnp-org:service:WANIPConnection:1
minissdpd[1901]: ** i=0 deltadev=0 **
minissdpd[1901]: SSDP request: 'M-SEARCH' (1) st=urn:schemas-upnp-org:service:WANPPPConnection:1
minissdpd[1901]: SSDP M-SEARCH from 172.29.0.5:58619 ST:urn:schemas-upnp-org:service:WANPPPConnection:1
minissdpd[1901]: ** i=0 deltadev=0 **
minissdpd[1901]: SSDP request: 'M-SEARCH' (1) st=upnp:rootdevice
minissdpd[1901]: SSDP M-SEARCH from 172.29.0.5:58619 ST:upnp:rootdevice
minissdpd[1901]: ** i=0 deltadev=0 **


miniupnpd:
Code:
# /sbin/miniupnpd -d
miniupnpd[16037]: HTTP listening on port 18372
miniupnpd[16037]: bind(udp): Address already in use
miniupnpd[16037]: Failed to open socket for receiving SSDP. Trying to use MiniSSDPd
miniupnpd[16037]: HTTP connection from 172.29.0.5:49254
miniupnpd[16037]: HTTP REQUEST : GET /rootDesc.xml (HTTP/1.1)
miniupnpd[16037]: HTTP connection from 172.29.0.5:49255
miniupnpd[16037]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[16037]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetStatusInfo
miniupnpd[16037]: HTTP connection from 172.29.0.5:49256
miniupnpd[16037]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[16037]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetConnectionTypeInfo
miniupnpd[16037]: HTTP connection from 172.29.0.5:49257
miniupnpd[16037]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[16037]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetStatusInfo
miniupnpd[16037]: HTTP connection from 172.29.0.5:49258
miniupnpd[16037]: HTTP REQUEST : POST /ctl/CmnIfCfg (HTTP/1.1)
miniupnpd[16037]: SOAPAction: urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetCommonLinkProperties
miniupnpd[16037]: HTTP connection from 172.29.0.5:49259
miniupnpd[16037]: HTTP REQUEST : POST /ctl/IPConn (HTTP/1.1)
miniupnpd[16037]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress
miniupnpd[16037]: HTTP connection from 172.29.0.5:49260
miniupnpd[16037]: HTTP REQUEST : POST /ctl/CmnIfCfg (HTTP/1.1)
miniupnpd[16037]: SOAPAction: urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetTotalBytesSent
miniupnpd[16037]: HTTP connection from 172.29.0.5:49261
miniupnpd[16037]: HTTP REQUEST : POST /ctl/CmnIfCfg (HTTP/1.1)
miniupnpd[16037]: SOAPAction: urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetTotalBytesReceived
miniupnpd[16037]: HTTP connection from 172.29.0.5:49262
miniupnpd[16037]: HTTP REQUEST : POST /ctl/CmnIfCfg (HTTP/1.1)
miniupnpd[16037]: SOAPAction: urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetTotalPacketsSent
miniupnpd[16037]: HTTP connection from 172.29.0.5:49263
miniupnpd[16037]: HTTP REQUEST : POST /ctl/CmnIfCfg (HTTP/1.1)
miniupnpd[16037]: SOAPAction: urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1#GetTotalPacketsReceived


So I'm getting somewhere here. When I turn on an Xbox, I still see what I did yesterday, where requests come in to the SSDP daemon, but nothing on the UPnP daemon, and no rules are ever created. I was thinking originally that my Xbox problem was no rules being created, but now I'm beginning to wonder if it's even actually talking correctly to the UPnP daemon. Anyhow, chime in with ideas if you've got them!
Back to top
View user's profile Send private message
daringone



Joined: 13 Sep 2011
Posts: 3

PostPosted: Wed Sep 14, 2011 7:36 pm    Post subject: Reply with quote

As is sometimes the case, you solve your own problems. This is one of those instances. I found the sticky post in this forum about needing the 360 to be using DHCP to properly use UPnP. In my laziness in not wanting to have to set up a lab DHCP server, I didn't. This resulted in a lot more time wasted than if I'd just done it from the get go. Anyhow, I broke down and configured the service and saw the same thing where minissdpd didn't appear to be forwarding on the 360's requests. I then thought, well, let's see what happens if I just don't run it. I've seen miniupnpd receive requests before. I killed the minissdp daemon and tried again, and I'm now GOLDEN. If anything, let this be an example to everyone of a working miniupnpd config on OpenBSD 4.9 and miniupnpd 1.6 with an Xbox 360. I'll be bringing in my PS3 next...

miniupnpd config.h file:

Ensure the define PF_ENABLE_FILTER_RULE line is not commented.

miniupnpd.conf

Code:
# WAN network interface
#ext_ifname=eth0
ext_ifname=bnx1
# if the WAN interface has several IP addresses, you
# can specify the one to use below
#ext_ip=

# LAN network interfaces IPs / networks
# there can be multiple listening ips for SSDP traffic.
# should be under the form nnn.nnn.nnn.nnn/nn
# HTTP is available on all interfaces
# When MULTIPLE_EXTERNAL_IP is enabled, the external ip
# address associated with the subnet follows. for example :
#  listening_ip=192.168.0.1/24 88.22.44.13
#listening_ip=192.168.0.1/24
#listening_ip=192.168.1.1/24
listening_ip=172.29.0.1/24 173.241.225.183
# port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
port=0

# path to the unix socket used to communicate with MiniSSDPd
# If running, MiniSSDPd will manage M-SEARCH answering.
# default is /var/run/minissdpd.sock
minissdpdsocket=/var/run/minissdpd.sock

# enable NAT-PMP support (default is no)
#enable_natpmp=no

# enable UPNP support (default is yes)
enable_upnp=yes

# chain names for netfilter (not used for pf or ipf).
# default is MINIUPNPD for both
#upnp_forward_chain=forwardUPnP
#upnp_nat_chain=UPnP

# lease file location
#lease_file=/var/log/upnp.leases

# bitrates reported by daemon in bits per second
bitrate_up=15000000
bitrate_down=15000000

# "secure" mode : when enabled, UPnP client are allowed to add mappings only
# to their IP.
#secure_mode=yes
secure_mode=no

# default presentation url is http address on port 80
# If set to an empty string, no presentationURL element will appear
# in the XML description of the device, which prevents MS Windows
# from displaying an icon in the "Network Connections" panel.
#presentation_url=http://www.mylan/index.php

# report system uptime instead of daemon uptime
system_uptime=yes

# notify interval in seconds. default is 30 seconds.
#notify_interval=240
notify_interval=60


# unused rules cleaning.
# never remove any rule before this threshold for the number
# of redirections is exceeded. default to 20
#clean_ruleset_threshold=10
# clean process work interval in seconds. default to 0 (disabled).
# a 600 seconds (10 minutes) interval makes sense
clean_ruleset_interval=600

# log packets in pf
packet_log=no

# ALTQ queue in pf
# filter rules must be used for this to be used.
# compile with PF_ENABLE_FILTER_RULES (see config.h file)
#queue=queue_name1

# tag name in pf
#tag=tag_name1

# make filter rules in pf quick or not. default is yes
# active when compiled with PF_ENABLE_FILTER_RULES (see config.h file)
#quickrules=no

# uuid : generate your own with "make genuuid"
uuid=(generate yourself a uuid)

# serial and model number the daemon will report to clients
# in its XML description
serial=12345678
model_number=1

# UPnP permission rules
# (allow|deny) (external port range) ip/mask (internal port range)
# A port range is <min port>-<max port> or <port> if there is only
# one port in the range.
# ip/mask format must be nn.nn.nn.nn/nn
# it is advised to only allow redirection of port above 1024
# and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
allow 1024-65535 172.29.0.0/24 1024-65535
#allow 1024-65535 192.168.0.0/24 1024-65535
#allow 1024-65535 192.168.1.0/24 1024-65535
#allow 1024-65535 192.168.0.0/23 22
#allow 12345 192.168.7.113/32 54321
deny 0-65535 0.0.0.0/0 0-65535


pf.conf relavent section:
Code:
#############
# Xbox Live #
#############

# In order to get Xbox Live to work properly, we've got to talk to a UPnP daemon.
# It will then make the rules in PF to allow traffic to flow properly.
anchor "miniupnpd"
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1589

PostPosted: Thu Sep 15, 2011 9:31 am    Post subject: Reply with quote

Thank you for sharing your experience.
DHCP enabled on the XBOX360 is the thing to check first Wink

Also about running miniSSDPd: This is only useful if you want to run several UPnP devices on the same box. For instance miniDLNA and miniUPnPd.
If only miniUPnPd run on the box, it can handle its SSDP trafic by itself.
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1589

PostPosted: Fri Feb 28, 2014 4:29 pm    Post subject: Reply with quote

daringone wrote:

miniupnpd config.h file:

Ensure the define PF_ENABLE_FILTER_RULE line is not commented.

Some one found a bug with PF_ENABLE_FILTER_RULE not commented.
see https://github.com/miniupnp/miniupnp/pull/52
are you having the issue (I guess) ?
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> miniupnpd Compilation/Installation All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP
© 2007 Thomas Bernard, author of MiniUPNP.