View previous topic :: View next topic |
Author |
Message |
Naenyn
Joined: 07 Oct 2007 Posts: 9
|
Posted: Sun Oct 07, 2007 4:54 am Post subject: openbsd, xbox360, & UPnP |
|
|
Greets!
I've a fairly new OpenBSD user. I'm still learning my way around pf, how to view what its doing/logging, configuring rules, and whatnot. I've got pf configured and working properly so far, I think. I wanted to get UPnP working so that my Xbox360 could connect properly to other people, so I figured I'd give miniupnp a shot.
Will a connection test on an xbox360 ever show NAT as something other than 'Strict' with a correctly configured miniupnp install? I'm not sure how I can test it otherwise. miniupnp starts up and listens on 5555 as it should but my xbox360 continues to report 'strict' NAT.
I grabbed a UPnP Tester application from http://noeld.com . It sees the UPnP daemon. Looks okay, I think.. but is that presentation URL supposed to work? And should the ModelNumber and SerialNumber have a reasonable value of some sort or does it matter?
My pf.conf is available.
My miniupnpd.conf is available.
Please let me know what I'm doing wrong (if anything). Hope you can help.
Thanks!
-nyn
[EDIT] I've removed the links. If someone needs/wants to see them, contact me.
Last edited by Naenyn on Mon Oct 08, 2007 12:21 am; edited 1 time in total |
|
Back to top |
|
|
Naenyn
Joined: 07 Oct 2007 Posts: 9
|
Posted: Sun Oct 07, 2007 5:11 am Post subject: |
|
|
Another note.. I tested a PS3 also and it reported that UPnP was not available. =( I must be doing something wrong...
-nyn
EDIT: I've just read elsewhere online that Sony has UPnP disabled for some reason, so even if miniupnpd was working, my ps3 would be having issues I guess. I'd still like to get the xbox360 working though.. and upnp in general. =] |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Sun Oct 07, 2007 9:14 am Post subject: |
|
|
Code: |
# UPnP permission rules
# (allow|deny) (external port range) ip/mask (internal port range)
# A port range is <min port>-<max port> or <port> if there is only
# one port in the range.
# ip/mask format must be nn.nn.nn.nn/nn
#allow 1024-65535 192.168.0.0/24 1024-65535
allow 1024-65535 192.168.1.120 1024-65535
#allow 1024-65535 192.168.0.0/23 22
#allow 12345 192.168.7.113/32 54321
deny 0-65535 0.0.0.0/0 0-65535
|
Are you sure your UPnP clients all have the ip 192.168.1.120 ?
you should give a try with
Code: | allow 1024-65535 192.168.1.0/24 1024-65535 | before using something more restrictive !
also you should post here the result of Code: | grep miniupnpd /var/log/daemon | just after your XBOX 360 testing the UPnP _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Sun Oct 07, 2007 9:18 am Post subject: |
|
|
you can also test miniupnp with a Windows client :
in the "network connection panel" on the UPnP IGD device in properties, you can add a redirection.
Then use "pfctl -a miniupnpd -s nat" to display the added rule. _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
Naenyn
Joined: 07 Oct 2007 Posts: 9
|
Posted: Sun Oct 07, 2007 3:45 pm Post subject: |
|
|
My xbox360 is on 192.168.1.120, but for testing purposes I changed my allow line to 192.168.1.0/24. I just started up miniupnpd and tested xbox live connectivity with my 360. Here's the output from the daemon log:
Code: | Oct 7 08:28:52 yggdrasil miniupnpd[31960]: HTTP listening on port 5555
Oct 7 08:28:52 yggdrasil miniupnpd[31960]: ioctl(dev, DIOCGETRULES, ...): Invalid argument |
I downloaded your windows client and ran:
Code: | upnpc.exe -a 192.168.1.20 65500 65500 tcp |
In that window, it stated:
Code: | List of UPNP devices found on network :
desc: http://192.168.1.1:5555/rootDesc.xml
st: urn:schema-upnp-org:device:InternetGatewayDevice:1
Found valid IGD : http://192.168.1.1:5555/ctl/IPConn
Local LAN ip address : 192.168.1.20
ExternalIPAddress = 70.190.242.64
AddPortMapping(65500, 65500, 192.168.1.20) failed
GetSpecificPortMappingEntry failed.
external 70.190.242.64:65500 is redirected to internal : |
And in the daemon log, it now states:
Code: | Oct 7 08:28:52 yggdrasil miniupnpd[31960]: HTTP listening on port 5555
Oct 7 08:28:52 yggdrasil miniupnpd[31960]: ioctl(dev, DIOCGETRULES, ...): Invalid argument
Oct 7 08:37:00 yggdrasil miniupnpd[31960]: ioctl(dev, DIOCGETRULES, ...): Invalid argument
Oct 7 08:37:00 yggdrasil miniupnpd[31960]: ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: Invalid argument
Oct 7 08:37:00 yggdrasil miniupnpd[31960]: ioctl(dev, DIOCGETRULES, ...): Invalid argument |
Those invalid arguments don't look good... =\ What's next? ^_^
-nyn |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Sun Oct 07, 2007 4:20 pm Post subject: |
|
|
Naenyn wrote: |
Code: | Oct 7 08:28:52 yggdrasil miniupnpd[31960]: HTTP listening on port 5555
Oct 7 08:28:52 yggdrasil miniupnpd[31960]: ioctl(dev, DIOCGETRULES, ...): Invalid argument
Oct 7 08:37:00 yggdrasil miniupnpd[31960]: ioctl(dev, DIOCGETRULES, ...): Invalid argument
Oct 7 08:37:00 yggdrasil miniupnpd[31960]: ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: Invalid argument
Oct 7 08:37:00 yggdrasil miniupnpd[31960]: ioctl(dev, DIOCGETRULES, ...): Invalid argument |
Those invalid arguments don't look good... =\ What's next? ^_^
-nyn |
Indeed these Invalid arguments errors are likely to be the cause of the problem...
It can be caused by a compatibility problem between the Kernel and the include files used to compile miniupnpd. Are there any warning or error during the compilation of miniupnpd ? Have you recently upgraded OpenBSD ? (and kept old miniupnpd binary). Check the date of pfvar.h
Code: | nanard@openbox|18:15:46|~/code/_cvs_/miniupnp$ uname -a
OpenBSD openbox.opena.dyn.ro 4.1 GENERIC#1435 i386
nanard@openbox|18:16:28|~/code/_cvs_/miniupnp$ ll /usr/include/net/pfvar.h
-r--r--r-- 1 root bin 49191 Feb 23 2007 /usr/include/net/pfvar.h |
To check specificaly this code, you can go to the miniupnpd-xxx/openbsd subdirectory and use the testobsdrdr program. _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
Naenyn
Joined: 07 Oct 2007 Posts: 9
|
Posted: Sun Oct 07, 2007 6:37 pm Post subject: |
|
|
miniupnp wrote: | Are there any warning or error during the compilation of miniupnpd ? |
I didn't see any, but I'll clean and recompile.
miniupnp wrote: | Have you recently upgraded OpenBSD ? (and kept old miniupnpd binary). Check the date of pfvar.h
Code: | nanard@openbox|18:15:46|~/code/_cvs_/miniupnp$ uname -a
OpenBSD openbox.opena.dyn.ro 4.1 GENERIC#1435 i386[/quote]
This is a fairly new install. OpenBSD 4.1.
[code]# uname -a
OpenBSD yggdrasil.naenyn.com 4.1 GENERIC.MP#1225 i386[/code]
nanard@openbox|18:16:28|~/code/_cvs_/miniupnp$ ll /usr/include/net/pfvar.h
-r--r--r-- 1 root bin 49191 Feb 23 2007 /usr/include/net/pfvar.h |
To check specificaly this code, you can go to the miniupnpd-xxx/openbsd subdirectory and use the testobsdrdr program. |
Sorry, I'm not sure how to use that program... I went in there and did a 'make' on it, but I'm not sure what to do next.
Regarding checking the date of pfvar.h:
Code: | # ls -l /usr/include/net/pfvar.h
-r--r--r-- 1 root bin 49191 Feb 23 2007 /usr/include/net/pfvar.h |
-nyn
Last edited by Naenyn on Sun Oct 07, 2007 6:59 pm; edited 1 time in total |
|
Back to top |
|
|
Naenyn
Joined: 07 Oct 2007 Posts: 9
|
Posted: Sun Oct 07, 2007 6:41 pm Post subject: |
|
|
Here's the make output:
Code: | # make
./genconfig.sh
gcc -Wall -Os -c -o miniupnpd.o miniupnpd.c
gcc -Wall -Os -c -o upnphttp.o upnphttp.c
gcc -Wall -Os -c -o upnpdescgen.o upnpdescgen.c
gcc -Wall -Os -c -o upnpsoap.o upnpsoap.c
gcc -Wall -Os -c -o upnpredirect.o upnpredirect.c
gcc -Wall -Os -c -o getifaddr.o getifaddr.c
gcc -Wall -Os -c -o daemonize.o daemonize.c
gcc -Wall -Os -c -o upnpglobalvars.o upnpglobalvars.c
gcc -Wall -Os -c -o options.o options.c
gcc -Wall -Os -c -o upnppermissions.o upnppermissions.c
upnppermissions.c: In function `read_permission_line':
upnppermissions.c:76: warning: passing arg 2 of `inet_aton' from incompatible pointer type
upnppermissions.c:89: warning: passing arg 2 of `inet_aton' from incompatible pointer type
gcc -Wall -Os -c -o minissdp.o minissdp.c
gcc -Wall -Os -c -o openbsd/obsdrdr.o openbsd/obsdrdr.c
gcc -Wall -Os -c -o openbsd/getifstats.o openbsd/getifstats.c
gcc -Wall -Os -c -o upnpreplyparse.o upnpreplyparse.c
gcc -Wall -Os -c -o minixml.o minixml.c
gcc -Wall -Os -o miniupnpd miniupnpd.o upnphttp.o upnpdescgen.o upnpsoap.o upnpredirect.o getifaddr.o daemonize.o upnpglobalvars.o options.o upnppermissions.o minissdp.o openbsd/obsdrdr.o openbsd/getifstats.o upnpreplyparse.o minixml.o -lkvm
gcc -Wall -Os -c -o testupnpdescgen.o testupnpdescgen.c
gcc -Wall -Os -o testupnpdescgen testupnpdescgen.o upnpdescgen.o
gcc -Wall -Os -c -o testgetifstats.o testgetifstats.c
gcc -Wall -Os -o testgetifstats testgetifstats.o openbsd/getifstats.o -lkvm
gcc -Wall -Os -c -o testupnppermissions.o testupnppermissions.c
gcc -Wall -Os -o testupnppermissions testupnppermissions.o upnppermissions.o
gcc -Wall -Os -c -o miniupnpdctl.o miniupnpdctl.c
gcc -Wall -Os -o miniupnpdctl miniupnpdctl.o |
Here's the install putput:
Code: | # make install
mv miniupnpd.conf miniupnpd.conf.before
sed -e "s/^uuid=[-0-9a-f]*/uuid=00000000-0000-0000-0000-000000000000/" miniupnpd.conf.before > miniupnpd.conf
rm -f miniupnpd.conf.before
strip miniupnpd
install -m 555 miniupnpd /sbin
install miniupnpd.conf /etc
|
Everything looks good except that I blew away my config file changes. =P Hafta go fix.
-nyn
EDIT:
Code: | upnppermissions.c: In function `read_permission_line':
upnppermissions.c:76: warning: passing arg 2 of `inet_aton' from incompatible pointer type
upnppermissions.c:89: warning: passing arg 2 of `inet_aton' from incompatible pointer type
|
Is this important? |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Sun Oct 07, 2007 9:00 pm Post subject: |
|
|
Naenyn wrote: | Here's the make output:
EDIT:
Code: | upnppermissions.c: In function `read_permission_line':
upnppermissions.c:76: warning: passing arg 2 of `inet_aton' from incompatible pointer type
upnppermissions.c:89: warning: passing arg 2 of `inet_aton' from incompatible pointer type
|
Is this important? |
No. Everything is ok in your compilation. _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Sun Oct 07, 2007 9:58 pm Post subject: |
|
|
So I think we understood how (but not why) came your problem.
So if you people have that ioctl(dev, DIOCGETRULES, ...): Invalid argument error in your /var/log/daemon file :
check the result of pfctl -s nat. it should include the rdr-anchor miniupnpd line
if it doesn't, check your /etc/pf.conf file for that line (and also anchor miniupnpd) and reload it with pfctl -f /etc/pf.conf
after that pfctl -a miniupnpd -s nat should not error.
If both pfctl -a miniupnpd -s nat and pfctl -a miniupnpd -s rule work, miniupnpd should be able to list, add and delete rules forwarding and filtering rules. _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
Naenyn
Joined: 07 Oct 2007 Posts: 9
|
Posted: Mon Oct 08, 2007 12:17 am Post subject: |
|
|
Just thought I'd add that I followed the same steps for my ps3. I removed all my port forwarding rules that gave me access previously, reverting my connection to Sony's "NAT 3". Then, I set up the PS3 with DHCP and enabled UPnP. Poof, back to "NAT 2" as Sony likes to call it. Looking good!
Looks like that posting I read about Sony disabling UPnP was false. =]
So, if you've got a PS3 and want to get it to recognize your nat settings as NAT 2 instead of NAT 3, you can use miniupnpd instead of having to create a ton of bunch of port forwarding rules. =]
-nyn |
|
Back to top |
|
|
Naenyn
Joined: 07 Oct 2007 Posts: 9
|
Posted: Mon Oct 08, 2007 12:20 am Post subject: |
|
|
Oh, also.. these two rules
Code: | pass out on $int_if from any to 239.0.0.0/8 keep state
pass in on $int_if from any to 239.0.0.0/8 keep state |
turned out to be unnecssary. I commented them out and restarted pf and miniupnpd and the xbox360 and ps3 still worked fine.
-nyn |
|
Back to top |
|
|
|