miniupnp.tuxfamily.org Forum Index miniupnp.tuxfamily.org
The forum about miniupnp and libnatpmp
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

OpenBSD changing port number inside UDP packet

 
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> NAT/UPnP
View previous topic :: View next topic  
Author Message
ssjkakaroto



Joined: 31 May 2009
Posts: 9

PostPosted: Thu Jul 23, 2009 4:42 pm    Post subject: OpenBSD changing port number inside UDP packet Reply with quote

Hi miniupnp author, this post is not related to miniupnp but I hoped you could help me.
As I posted here, I'm having connection troubles with my PS3, using a OpenBSD box as the NAT server.
When I connected the PS3 directly to the router, the connection test was successful, so I decided to capture the packets being sent by the PS3 when it's was doing its connection test to try to see what was going wrong.
After comparing both captures (directly connected to the router and connected to the OpenBSD box) I noticed the following difference on the packets right at the time the test fails:
Successful connection
Code:
No.     Time        Source                Destination           Protocol Info
    171 33.894835   198.107.158.129       192.168.1.3           STUN     Message: Binding Response

Frame 171 (122 bytes on wire, 122 bytes captured)
Ethernet II, Src: D-Link_e1:b9:00 (00:1b:11:e1:b9:00), Dst: SonyComp_96:61:25 (00:1f:a7:96:61:25)
Internet Protocol, Src: 198.107.158.129 (198.107.158.129), Dst: 192.168.1.3 (192.168.1.3)
User Datagram Protocol, Src Port: stun (3478), Dst Port: 50526 (50526)
    Source port: stun (3478)
    Destination port: 50526 (50526)
    Length: 88
    Checksum: 0xe9db [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
Simple Traversal of UDP Through NAT
    [Request In: 170]
    [Time: 0.140815000 seconds]
    Message Type: Binding Response (0x0101)
    Message Length: 0x003c
    Message Transaction ID: BCEA76A6F4EAEE3ABFEA173E40579CBC
    Attributes
        Attribute: SOURCE-ADDRESS
        Attribute: CHANGED-ADDRESS
        Attribute: XOR_MAPPED_ADDRESS
            Attribute Type: XOR_MAPPED_ADDRESS (0x8020)
            Attribute Length: 8
            Protocol Family: IPv4 (0x0001)
            Port (XOR-d): 31156
            [Port: 50526]
            IP (XOR-d): 117.178.149.236 (117.178.149.236)
            [IP: 201.88.227.74 (201.88.227.74)]
        Attribute: MESSAGE-INTEGRITY

Failed Connection
Code:
No.     Time        Source                Destination           Protocol Info
    162 36.836648   198.107.157.137       10.0.0.8              STUN     Message: Binding Response

Frame 162 (122 bytes on wire, 122 bytes captured)
Ethernet II, Src: CnetTech_67:99:f8 (00:08:a1:67:99:f8), Dst: SonyComp_96:61:25 (00:1f:a7:96:61:25)
Internet Protocol, Src: 198.107.157.137 (198.107.157.137), Dst: 10.0.0.8 (10.0.0.8)
User Datagram Protocol, Src Port: stun (3478), Dst Port: 50516 (50516)
    Source port: stun (3478)
    Destination port: 50516 (50516)
    Length: 88
    Checksum: 0x6f8f [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
Simple Traversal of UDP Through NAT
    [Request In: 161]
    [Time: 0.133701000 seconds]
    Message Type: Binding Response (0x0101)
    Message Length: 0x003c
    Message Transaction ID: 0FDF0B74DA2676EC4751BFB3AE4CBAC2
    Attributes
        Attribute: SOURCE-ADDRESS
        Attribute: CHANGED-ADDRESS
        Attribute: XOR_MAPPED_ADDRESS
            Attribute Type: XOR_MAPPED_ADDRESS (0x8020)
            Attribute Length: 8
            Protocol Family: IPv4 (0x0001)
            Port (XOR-d): 50030
            [Port: 52401]
            IP (XOR-d): 198.135.232.62 (198.135.232.62)
            [IP: 201.88.227.74 (201.88.227.74)]
        Attribute: MESSAGE-INTEGRITY


As you can see, when connected to the router, the destination port inside UDP is the same of XOR_MAPPED_ADDRESS, but when going through OpenBSD, the port number changes in XOR_MAPPED_ADDRESS, do you have any idea why?

I have posted the full packets here:
Request (Successful): http://paste2.org/p/337420
Response (Successful): http://paste2.org/p/337422
Request (Failure): http://paste2.org/p/337424
Response (Failure): http://paste2.org/p/337426

Thanks for any help
Back to top
View user's profile Send private message
dormando



Joined: 11 Sep 2009
Posts: 4

PostPosted: Fri Sep 11, 2009 1:44 am    Post subject: Reply with quote

Did you ever figure this out? I'm running an OpenBSD gateway and having similar issues... Except I don't seem to even get as far as you do.

The PS3 sends a UPNP discover packet, my server responds, and then a moment later the PS3 sends another packet. after three attempts it gives up and says I don't support it.

I actually tried putting miniupnd on my laptop to see if it'd at least negotiate with the PS3, but was getting the same results. So it might not even be the PS3...

Would be nice to see a full example session from someone with a working PS3.
Back to top
View user's profile Send private message
ssjkakaroto



Joined: 31 May 2009
Posts: 9

PostPosted: Fri Sep 11, 2009 2:15 am    Post subject: Reply with quote

I could've swear that I posted the solution here Embarassed

Just add static-port to the nat command:
nat on $ext_if from $int_if:network to any -> ($ext_if) static-port
Back to top
View user's profile Send private message
dormando



Joined: 11 Sep 2009
Posts: 4

PostPosted: Fri Sep 11, 2009 2:53 am    Post subject: Reply with quote

ssjkakaroto wrote:
I could've swear that I posted the solution here Embarassed

Just add static-port to the nat command:
nat on $ext_if from $int_if:network to any -> ($ext_if) static-port


That's a start, thanks Smile

My PS3 doesn't even detect UPnP on my router. Skype works with it great though.

I just see the PS3 pinging the upnp daemon, and under ktrace I can see the upnp daemon attempting to respond.

I found your other post and tried making my configs look more like yours, no dice. Any other tips, current state of config files, etc? I have no idea why the PS3 isn't seeing the upnp daemon...

Thanks!
Back to top
View user's profile Send private message
ssjkakaroto



Joined: 31 May 2009
Posts: 9

PostPosted: Fri Sep 11, 2009 3:54 am    Post subject: Reply with quote

Start with a very simple ruleset for pf, for example:
Code:
nat on $ext_if from $int_if:network to any -> ($ext_if) static-port
rdr-anchor miniupnpd
anchor miniupnpd
pass all

If you still have problems with UPnP with that ruleset then you might have bigger issues with the OS Razz
If not, just start adding rule by rule until you find what is causing the error.

On that other topic I also posted my miniupnpd.conf file, see if you're not too restrictive.
Also put miniupnpd on the foreground to see what exactly is going on in real time.
Back to top
View user's profile Send private message
dormando



Joined: 11 Sep 2009
Posts: 4

PostPosted: Fri Sep 11, 2009 4:01 am    Post subject: Reply with quote

ssjkakaroto wrote:
Start with a very simple ruleset for pf, for example:
Code:
nat on $ext_if from $int_if:network to any -> ($ext_if) static-port
rdr-anchor miniupnpd
anchor miniupnpd
pass all

If you still have problems with UPnP with that ruleset then you might have bigger issues with the OS Razz
If not, just start adding rule by rule until you find what is causing the error.

On that other topic I also posted my miniupnpd.conf file, see if you're not too restrictive.
Also put miniupnpd on the foreground to see what exactly is going on in real time.


I saw the miniupnpd.conf file, already adjusted that... I tried a simplified ruleset once, but I'll try again.

What version/release of miniupnpd are you on? What were your compile flags?

Thanks again Smile
Back to top
View user's profile Send private message
dormando



Joined: 11 Sep 2009
Posts: 4

PostPosted: Fri Sep 11, 2009 4:58 am    Post subject: Reply with quote

Yeah, doesn't work with a minimal resultset. That switches the NAT Type from "Type 3" to "Type 2", but it still insists that UPnP isn't available.

miniupnpd[4953]: HTTP listening on port 22053
miniupnpd[4953]: Listening for NAT-PMP traffic on port 5351
miniupnpd[4953]: SSDP M-SEARCH from 192.168.0.13:50938 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
miniupnpd[4953]: SSDP M-SEARCH from 192.168.0.13:50938 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
miniupnpd[4953]: SSDP M-SEARCH from 192.168.0.13:50938 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
miniupnpd[4953]: SSDP M-SEARCH from 192.168.0.13:50938 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
miniupnpd[4953]: SSDP M-SEARCH from 192.168.0.13:50938 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
miniupnpd[4953]: SSDP M-SEARCH from 192.168.0.13:50938 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1

... is all I see. ktrace shows the full packets and the response is being sent back correctly.

I'm using miniupnpd-20090605 - think I've tried 1.3 already...

Skype works fine with it. rules appear and whatnot as they should.

Any ideas? :/
Back to top
View user's profile Send private message
ssjkakaroto



Joined: 31 May 2009
Posts: 9

PostPosted: Fri Sep 11, 2009 1:39 pm    Post subject: Reply with quote

At least you can get NAT Type 2, which is a start.
I'm using miniupnpd-20090516 and I didn't use any specific flags when compiling, IIRC I just used 'make && make install'.

But I think you'll have to request some help from miniupnpd author Confused
Back to top
View user's profile Send private message
miniupnp
Site Admin


Joined: 14 Apr 2007
Posts: 1442

PostPosted: Fri Sep 11, 2009 5:06 pm    Post subject: Reply with quote

sorry for not answering before.
I don't know STUN enough to be sure, but I think that your capture show that your router and OpenBSD don't do NAT the same way so with your router STUN works and with OpenBSD is seems to fail. Indeed adding static-port should resolve this by forcing OpenBSD pf to keep the same port for the packet.

But it still doesnt explain why the PS3 doesnt like miniupnpd Sad
_________________
Main miniUPnP author.
http://miniupnp.tuxfamily.org/
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    miniupnp.tuxfamily.org Forum Index -> NAT/UPnP All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP
© 2007 Thomas Bernard, author of MiniUPNP.