Miniupnpd being stupid

Hi there.
Sorry if this has been answered before, but I couldn't find anything that would actually help me.

I'm trying to enable UPNP so I don't have to manually forward ports for every single game or software that needs some. Especially games are pretty needy and creating 5 rules per game isn't uncommon, plus it would leave these ports (a lot) open all the time, and not just when they're needed.

My router (WRT1900ACS) is connected to a modem/router from my ISP and I configured it as DMZ or exposed host, whatever you wanna call it. So all ports are forwarded to it. And that's why manual port forwarding works just fine.

Just miniupnpd literally says in the log file that "port forwarding is impossible, because wan IP is a local one and not public IP".
Look, I don't want it to be "intelligent". I just want it to add a rule like manual port forwarding does, because it actually works great and is anything but impossible.

I've tried to somehow get its STUN functionality going, so it can fetch the external IP by itself, but couldn't get it to work. Plus I'm not even sure if that would lead to success. Setting it manually isn't an acceptable option either, because it changes at least once a day.

Any ideas? I think DD-WRT was doing fine in this regard, but the WiFi drivers were somewhat off...
I was also thinking about trying Gargoyle, but I have a hunch I might run into the same problem there, because it's based on OpenWRT.

I'm using @davidc502 's newest build btw.

The miniupnpd package has been constantly updated, but new functionality has not been coded to be exposed to uci and luci-app-upnp.

STUN functionality can work, but you'd basically have to allow for all UDP packets to go through your firewall (which is bad).

Currently, there is no maintainer for the miniupnpd package - only volunteers who have been updating the package. Besides, I don't think anyone would really want to look at changing the config files until a version 2.2 comes out and everything gets more stabilized on miniupnpd's side.

You could try and just use an older version of miniupnpd (e.g. 2.1), before the introduction of the STUN mechanism. But then, you'd have to build an OpenWrt image yourself.

Looking at Gargoyle, their current master branch/v1.11.0 uses miniupnpd 2.1. Thus, you will be able to then run your DMZ configuration without miniupnpd acting "smart".

1 Like

Thanks for the detailed response.
After some hours of screwing around, including trying Gargoyle and even the factory firmware I settled on using DD-WRT again. It's the only thing that seems to work.

My WiFi is fine... thinking back I only got rid of DD-WRT because I was setting up a new laptop for someone and it just wouldn't work on 5ghz WiFi. I'm not even sure if that was due to a configuration error, because DD-WRT is pretty damn convoluted in the WiFi department, or because of a bad WiFi driver, but all my personal devices worked just fine with it, so screw it.

I kinda like OpenWrt Lede better, but until that particular issue gets fixed I'll settle for DD-WRT.