View previous topic :: View next topic |
Author |
Message |
NickH
Joined: 10 Feb 2018 Posts: 26
|
Posted: Sat Feb 10, 2018 5:06 pm Post subject: Trouble getting miniupnpd to work |
|
|
Hi,
I've been running miniupnpd on ClearOS 7.4 (a Centos 7.4 derivative) for years but it has recently stopped working. The version they supplied was miniupnpd-1.9.20150609. I am trying to test with upnp-test(dot)en(dot)lo4d(dot)com (sorry but not allowed a link on my first post) and I get the following results:
Code: | TEST 1 - Operating System Support - PASSED
TEST 2 - SSDP Service Running Check - FAILED
TEST 3 - SSDP Service Automatic Check - FAILED
TEST 4 - UPnPHost Service Running Check - FAILED
TEST 5 - UPnPHost Service Automatic Check - FAILED
TEST 6 - UPnP Framework Firewall Exception Check - PASSED
TEST 7 - Adapter #0 - 172.17.2.118 - PASSED
TEST 8 - Get External IP Address (Result: 82.22.103.125) - PASSED
TEST 7 - Adapter #1 - 192.168.56.1 - FAILED
TEST 8 - Get External IP Address - FAILED
UPnP Test Program v1.16 Copyright Mark Gillespie 2010 | My notes from years ago said I have to add a route to 239.0.0.0 to the LAN interface. Is this still needed? I've added one anyway (but it was the same without it)
My miniupnpd.conf looks like:
Code: | ext_ifname=enp2s0
listening_ip=172.17.2.1
port=0
enable_natpmp=yes
enable_upnp=yes
lease_file=/var/lib/miniupnpd/upnp.leases
bitrate_up=1000000
bitrate_down=10000000
secure_mode=yes
system_uptime=yes
notify_interval=60
clean_ruleset_interval=600
uuid=60943e58-b9ff-42bc-a825-5cd04c359f57
serial=12345678
model_number=1
allow 1024-65535 192.168.0.0/16 1024-65535
allow 1024-65535 10.0.0.0/8 1024-65535
allow 0-65535 172.16.0.0/12 1024-65535
deny 0-65535 0.0.0.0/0 0-65535
|
The process looks like:
Code: | [root@server miniupnpd]# ps aux | grep miniup
root 27633 0.0 0.0 42532 1296 ? Ss 15:56 0:00 /usr/sbin/miniupnpd -f /etc/miniupnpd/miniupnpd.conf |
The filter firewall:
Code: | iptables -nvL | egrep -i 'miniupnpd|chain|pkts'
Chain INPUT (policy DROP 121 packets, 7839 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
607K 1804M MINIUPNPD all -- enp2s0 !enp2s0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain DROP-lan (0 references)
pkts bytes target prot opt in out source destination
Chain IPSET_BLK (0 references)
pkts bytes target prot opt in out source destination
Chain MINIUPNPD (1 references)
pkts bytes target prot opt in out source | Note the MINIUPNPD chain stays empty even after using the tester but it does get populated sometimes with IP addresses. One device has added one as I wrote this post.
The nat firewall:
Code: | iptables -nvL -t nat | egrep -i 'miniupnpd|chain|pkts'
Chain PREROUTING (policy ACCEPT 1711 packets, 164K bytes)
pkts bytes target prot opt in out source destination
5299 694K MINIUPNPD all -- enp2s0 * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 957 packets, 107K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 445 packets, 63603 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 143 packets, 40407 bytes)
pkts bytes target prot opt in out source destination
Chain MINIUPNPD (1 references)
pkts bytes target prot opt in out source destination
| Same comment about the MINIUPNPD chain as the filter table.
I note also there is no MINIUPNPD-PCP-PEER chain but the ClearOS implementation has never created one and it always used to work. They do not use the /etc/miniupnpd/iptables_init.sh to initiate the firewall but do their own thing.
And the routing table:
Code: | ip ro
default via 82.22.100.1 dev enp2s0
10.8.10.0/24 via 10.8.10.2 dev tun1
10.8.10.2 dev tun1 proto kernel scope link src 10.8.10.1
82.22.100.0/22 dev enp2s0 proto kernel scope link src my_WAN_IP
172.17.2.0/24 dev enp5s0 proto kernel scope link src 172.17.2.1
172.17.3.0/24 via 172.17.3.2 dev tun0
172.17.3.2 dev tun0 proto kernel scope link src 172.17.3.1
239.0.0.0/8 dev enp5s0 scope link
|
Is there a good program for testing from the LAN in Windows? I've tried downloading and unzipping upnpc-exe-win32-20150918.zip then running both the static and shared exe's in a command window but I don't know how to use it to test.
Do you know where I am going wrong?
I have had a go at compiling the latest version of miniupnpd but I am reluctant to install it as I am not good at compiling. |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1593
|
Posted: Sun Feb 11, 2018 9:25 pm Post subject: |
|
|
if you have the upnpc-static, what is the output of _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
NickH
Joined: 10 Feb 2018 Posts: 26
|
Posted: Sun Feb 11, 2018 9:29 pm Post subject: |
|
|
Code: | C:\Users\Nick\Desktop\miniupnpd\upnpc-exe-win32-20150918>upnpc-static -l
upnpc : miniupnpc library test client, version 1.9.
(c) 2005-2014 Thomas Bernard.
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
desc: http://172.17.2.1:33187/rootDesc.xml
st: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Found valid IGD : http://172.17.2.1:33187/ctl/IPConn
Local LAN ip address : 172.17.2.118
Connection Type : IP_Routed
Status : Connected, uptime=310224s, LastConnectionError : ERROR_NONE
Time started : Thu Feb 08 07:18:41 2018
MaxBitRateDown : 50000000 bps (50.0 Mbps) MaxBitRateUp 3000000 bps (3.0 Mbps)
ExternalIPAddress = 82.22.103.125
i protocol exPort->inAddr:inPort description remoteHost leaseTime
0 UDP 55736->172.17.2.111:55736 'Teredo 172.17.2.111:55736->55736 UDP' '' 0
GetGenericPortMappingEntry() returned 713 (SpecifiedArrayIndexInvalid) |
|
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1593
|
Posted: Sun Feb 11, 2018 9:56 pm Post subject: |
|
|
well it looks like everything works well.
you could try with a P2P software that uses UPNP (such as Transmission) _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
NickH
Joined: 10 Feb 2018 Posts: 26
|
Posted: Sun Feb 11, 2018 10:10 pm Post subject: |
|
|
Thanks very much for looking. I wish I could work out why both game platforms don't work for my son on the one game in my house when they work for his friends at their houses. |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1593
|
Posted: Sun Feb 11, 2018 10:18 pm Post subject: |
|
|
you should run miniupnpd in debug mode
Code: | /usr/sbin/miniupnpd -d -f /etc/miniupnpd/miniupnpd.conf
|
then launch the game to see what's going on.
post the logs here.
There should be first some SSDP trafic going
and then some HTTP/SOAP connections
with calls to SOAP methods GetExternalIPAddress() and AddPortMapping() _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
NickH
Joined: 10 Feb 2018 Posts: 26
|
Posted: Sun Feb 11, 2018 10:21 pm Post subject: |
|
|
Thanks for the idea. My son is away from tomorrow until Friday so I can't do anything 'till then. I am not even sure if the games are using upnp but I guess I'll find out then.
Btw is the route to 239.0.0.0 needed at all (from my other post)? |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1593
|
Posted: Sun Feb 11, 2018 11:17 pm Post subject: |
|
|
NickH wrote: | Thanks for the idea. My son is away from tomorrow until Friday so I can't do anything 'till then. I am not even sure if the games are using upnp but I guess I'll find out then.
Btw is the route to 239.0.0.0 needed at all (from my other post)? |
I don't know. It is for Multicast.
I think everything is handled correctly by default with recent linux kernels
edit: upnpc-static discovered your router, so Multicast is definitely working _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
NickH
Joined: 10 Feb 2018 Posts: 26
|
Posted: Fri Feb 16, 2018 1:49 pm Post subject: |
|
|
miniupnp wrote: | you should run miniupnpd in debug mode
Code: | /usr/sbin/miniupnpd -d -f /etc/miniupnpd/miniupnpd.conf
|
then launch the game to see what's going on.
| Hmm. Does this only work interactively or is there a way to enable it in daemon mode?
[edit]
Do you know where can I find the full list of command line options? miniupnpd -h gives some, but it does not, for example list -w. I am not good at reading code so I can't even work out which file contains the command line parser.
[/edit] |
|
Back to top |
|
|
NickH
Joined: 10 Feb 2018 Posts: 26
|
Posted: Fri Feb 16, 2018 5:50 pm Post subject: |
|
|
I have some debug output but I don't know how much. It is all that was in the PuTTy buffer as I have not worked out how to log to file.
The data copied from the screen buffer is here and the message log from the whole last debug session is here.
There may be nothing as it is not a given that it is a uPnP error.
[edit]
In the filter table I can see: Code: | Chain MINIUPNPD (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 172.17.2.112 udp dpt:9305
0 0 ACCEPT udp -- * * 0.0.0.0/0 172.17.2.116 udp dpt:19132
0 0 ACCEPT udp -- * * 0.0.0.0/0 172.17.2.112 udp dpt:9308
| and in the nat table I can see: Code: | Chain MINIUPNPD (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:9305 to:172.17.2.112:9305
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:19132 to:172.17.2.116:19132
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:9308 to:172.17.2.112:9308
| and in both tables I can see the rules jumping to these chains.
[/edit] |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1593
|
Posted: Sat Feb 17, 2018 6:19 pm Post subject: |
|
|
Code: |
miniupnpd[3442]: level=0 type=8
miniupnpd[3442]: ifindex = 3 172.17.2.1
miniupnpd[3442]: ST: ssdp:all (ver=0)
miniupnpd[3442]: SSDP M-SEARCH from 172.17.2.1:55659 ST: ssdp:all
miniupnpd[3442]: ssdp:all found
miniupnpd[3442]: SendSSDPResponse(): 0 bytes to 172.17.2.1:55659 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:60943e58-b9ff-42bc-a825-5cd04c359f57::upnp:rootdevice
EXT:
SERVER: ClearOS/7.4.0 UPnP/1.1 MiniUPnPd/2.0
LOCATION: http://172.17.2.1:45616/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1518802204
BOOTID.UPNP.ORG: 1518802204
CONFIGID.UPNP.ORG: 1337
|
that's strange, the client IP is 172.17.2.1 and the router ip is 172.17.2.1 as well...
from the other log :
Code: |
Feb 16 17:30:05 server miniupnpd[3442]: SSDP M-SEARCH from 172.17.2.111:50534 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Feb 16 17:30:05 server miniupnpd[3442]: Single search found
Feb 16 17:30:05 server miniupnpd[3442]: HTTP REQUEST from 172.17.2.118:59008 : GET /rootDesc.xml (HTTP/1.1)
Feb 16 17:30:05 server miniupnpd[3442]: SSDP M-SEARCH from 172.17.2.111:50534 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Feb 16 17:30:05 server miniupnpd[3442]: Single search found
Feb 16 17:30:05 server miniupnpd[3442]: HTTP REQUEST from 172.17.2.111:51011 : GET /rootDesc.xml (HTTP/1.1)
Feb 16 17:30:06 server miniupnpd[3442]: HTTP REQUEST from 172.17.2.118:59013 : GET /rootDesc.xml (HTTP/1.1)
Feb 16 17:30:08 server miniupnpd[3442]: SSDP M-SEARCH from 172.17.2.111:50534 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Feb 16 17:30:08 server miniupnpd[3442]: Single search found
...
Feb 16 17:31:04 server miniupnpd[3442]: SSDP M-SEARCH from 172.17.2.112:58638 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Feb 16 17:31:04 server miniupnpd[3442]: Single search found
Feb 16 17:31:04 server miniupnpd[3442]: HTTP REQUEST from 172.17.2.112:56655 : GET /rootDesc.xml (HTTP/1.1)
Feb 16 17:31:04 server miniupnpd[3442]: HTTP REQUEST from 172.17.2.112:51542 : POST /ctl/IPConn (HTTP/1.1)
Feb 16 17:31:04 server miniupnpd[3442]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress
Feb 16 17:31:04 server miniupnpd[3442]: HTTP REQUEST from 172.17.2.112:49744 : POST /ctl/IPConn (HTTP/1.1)
Feb 16 17:31:04 server miniupnpd[3442]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Feb 16 17:31:04 server miniupnpd[3442]: AddPortMapping: ext port 9308 to 172.17.2.112:9308 protocol UDP for: 172.17.2.112:9308 to 9308 (UDP) leaseduration=0 rhost=
Feb 16 17:31:04 server miniupnpd[3442]: updating existing port mapping 9308 UDP (rhost '') => 172.17.2.112:9308
Feb 16 17:31:05 server miniupnpd[3442]: SSDP M-SEARCH from 172.17.2.112:65249 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Feb 16 17:31:05 server miniupnpd[3442]: Single search found
Feb 16 17:31:05 server miniupnpd[3442]: HTTP REQUEST from 172.17.2.112:64712 : GET /rootDesc.xml (HTTP/1.1)
Feb 16 17:31:05 server miniupnpd[3442]: HTTP REQUEST from 172.17.2.112:60313 : POST /ctl/IPConn (HTTP/1.1)
Feb 16 17:31:05 server miniupnpd[3442]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress
Feb 16 17:31:05 server miniupnpd[3442]: HTTP REQUEST from 172.17.2.112:61775 : POST /ctl/IPConn (HTTP/1.1)
Feb 16 17:31:05 server miniupnpd[3442]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Feb 16 17:31:05 server miniupnpd[3442]: AddPortMapping: ext port 9308 to 172.17.2.112:9308 protocol UDP for: 172.17.2.112:9308 to 9308 (UDP) leaseduration=0 rhost=
Feb 16 17:31:05 server miniupnpd[3442]: updating existing port mapping 9308 UDP (rhost '') => 172.17.2.112:9308
|
for some reason 172.17.2.111 is discovering the IGD, getting the root description but stopping there.
But you see that later 172.17.2.112 do everything up to adding a port mapping (updating it in fact)
So as far as I can see, miniupnpd works well, the SSDP packets are flowing on your LAN without problem, clients don't have any issue connecting the HTTP/SOAP socket, etc. _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
NickH
Joined: 10 Feb 2018 Posts: 26
|
Posted: Sat Feb 17, 2018 7:59 pm Post subject: |
|
|
Thanks very much for looking at it. I'm glad everything is looking OK as I suspected.
Today I found a new kernel in a testing repo and installed it, and rebooted. Then my ISP had an outage. We've been up for an hour or so and the PS4 is working again.
I suspect the problem was the earlier kernel which was a knee-jerk reaction to Spectre and Meltdown and was not fully tested.
I'm not sure what 172.17.2.1 is doing on port 55659. It runs Transmission but on a different port, and, being the gateway, should not need uPnP to do a port forward.
I'd love an answer on my earlier edit. How can I find all the command line switches available -h lists some but not all and I can't read code, unless, perhaps, you point me to the file which does the command line parsing. |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1593
|
Posted: Sat Feb 17, 2018 11:58 pm Post subject: |
|
|
NickH wrote: |
I'd love an answer on my earlier edit. How can I find all the command line switches available -h lists some but not all and I can't read code, unless, perhaps, you point me to the file which does the command line parsing. |
if the man page is correctly installed...
https://github.com/miniupnp/miniupnp/blob/master/miniupnpd/miniupnpd.c#L1313
Code: | $ ./miniupnpd -h
Usage:
./miniupnpd [-f config_file] [-i ext_ifname] [-o ext_ip]
[-a listening_ip] [-p port] [-d] [-L] [-U] [-S] [-N]
[-u uuid] [-s serial] [-m model_number]
[-t notify_interval] [-P pid_filename]
[-B down up] [-w url] [-r clean_ruleset_interval]
[-q queue] [-T tag]
[-A "permission rule"] [-b BOOTID]
Notes:
There can be one or several listening_ips.
Notify interval is in seconds. Default is 30 seconds.
Default pid file is '/var/run/miniupnpd.pid'.
Default config file is '/etc/miniupnpd.conf'.
With -d miniupnpd will run as a standard program.
-L sets packet log in pf and ipf on.
-S sets "secure" mode : clients can only add mappings to their own ip
-U causes miniupnpd to report system uptime instead of daemon uptime.
-N enables NAT-PMP functionality.
-B sets bitrates reported by daemon in bits per second.
-w sets the presentation url. Default is http address on port 80
-q sets the ALTQ queue in pf.
-T sets the tag name in pf.
-A use following syntax for permission rules :
(allow|deny) (external port range) ip/mask (internal port range)
examples :
"allow 1024-65535 192.168.1.0/24 1024-65535"
"deny 0-65535 0.0.0.0/0 0-65535"
-b sets the value of BOOTID.UPNP.ORG SSDP header
-h prints this help and quits.
|
_________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
NickH
Joined: 10 Feb 2018 Posts: 26
|
Posted: Sun Feb 18, 2018 8:33 am Post subject: |
|
|
Hmm. Thanks.
I get: Code: | [root@server ~]# miniupnpd -h
Usage:
miniupnpd [-f config_file] [-i ext_ifname] [-o ext_ip]
[-a listening_ip] [-p port] [-d] [-U] [-S] [-N]
[-u uuid] [-s serial] [-m model_number]
[-t notify_interval] [-P pid_filename]
[-B down up] [-w url] [-r clean_ruleset_interval]
[-A "permission rule"] [-b BOOTID]
Notes:
There can be one or several listening_ips.
Notify interval is in seconds. Default is 30 seconds.
Default pid file is '/var/run/miniupnpd.pid'.
Default config file is '/etc/miniupnpd.conf'.
With -d miniupnpd will run as a standard program.
-S sets "secure" mode : clients can only add mappings to their own ip
-U causes miniupnpd to report system uptime instead of daemon uptime.
-N enables NAT-PMP functionality.
-B sets bitrates reported by daemon in bits per second.
-w sets the presentation url. Default is http address on port 80
-A use following syntax for permission rules :
(allow|deny) (external port range) ip/mask (internal port range)
examples :
"allow 1024-65535 192.168.1.0/24 1024-65535"
"deny 0-65535 0.0.0.0/0 0-65535"
-b sets the value of BOOTID.UPNP.ORG SSDP header
-h prints this help and quits.
| which is missing some bits (-L, -q, -T, -d). The man page is the same. I wonder if the man pages did not update when I tried creating my rpm using the 2.0.20180203 sources.
[edit]
Investigating further, it looks like the sources are wrong as miniupnpd.8 contains this:
Code: | .SH SYNOPSIS
.B miniupnpd
.RB [ "\-f \fIconfig_file" "] [" "\-i \fIext_ifname" "] [" "\-o \fIext_ip" ]
.RB [ "\-a \fIlistening_ip" "] [" "\-p \fIport" "] [" \-d "] [" \-U "] [" \-S "] [" \-N ]
.RB [ "\-u \fIuuid" "] [" "\-s \fIserial" "] [" "\-m \fImodel_number" ]
.RB [ "\-t \fInotify_interval" "] [" "\-P \fIpid_filename" ]
.RB [ "\-B \fIdown up" "] [" "\-w \fIurl" "] [" "\-r \fIclean_ruleset_interval" ]
.RB [ "\-A \fIpermission rule" "] [" "\-b \fIBOOTID" ] | which is also missing the extra options. It is in miniupnpd.c in the source so it makes me think my installation has gone wrong as well.
I don't understand as the miniupnpd.c source contains those lines but my rpm does not in /usr/sbin/miniupnpd.
[/edit] |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1593
|
Posted: Sun Feb 18, 2018 1:24 pm Post subject: |
|
|
-d is NOT missing.
-L, -q, -T are only available with PF builds. Under linux you are using netfilter. _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
|