I'm facing a problem with upnp and two PS4 game consoles.
Basicaly upnp is working fine and it will open the required ports but after a short period of time the rules are getting deleted even if the game or service (party) is still active which results in a restricted NAT status on some games and the party chat.
Tue Mar 12 08:10:22 2019 daemon.debug miniupnpd[5100]: removing unused mapping 9307 UDP : still 0packets 0bytes
Tue Mar 12 08:10:22 2019 daemon.info miniupnpd[5100]: Trying to delete nat rule at index 1
Tue Mar 12 08:10:22 2019 daemon.info miniupnpd[5100]: Trying to delete filter rule at index 1
Tue Mar 12 08:10:22 2019 daemon.debug miniupnpd[5100]: removing unused mapping 9308 UDP : still 0packets 0bytes
Tue Mar 12 08:10:22 2019 daemon.info miniupnpd[5100]: Trying to delete nat rule at index 0
Tue Mar 12 08:10:22 2019 daemon.info miniupnpd[5100]: Trying to delete filter rule at index 0
Tue Mar 12 08:10:22 2019 daemon.notice miniupnpd[5100]: removed 2 unused rules
So the problem seems to be that miniupnpd thinks that there is no more traffic flowing through the related port(s) and therefore deleting the redirects.
Do you guys have idea what's wrong with my current config or how I can fix this problem?
I've seen issues before (not OpenWrt specific) where running two similar devices behind a NAT'ing firewall that both want the same ports forwarded will clash.
I don't believe they're getting deleted because the router thinks they're unused, I think they're getting deleted because the other console wants the same ports forwarded to its IP address, so one rule gets deleted to be replaced by a new one.
I'm afraid I don't know of a solution to this ¯\_(ツ)_/¯
Thanks for your reply but it does also happen when there is only one console active.
I can set the Clean rules threshold above 1 but then there will be alot of unused forwards active as the Playstation 4 doesn't close them on it's own and after a while I got like 9 forwards active.
Seems to be quite buggy and I don't know how to fix or debug this problem, so any ideas are welcome.
First of all I would like to know if the same problems happens to any of you guys, so if it's a general problem or related to a specific setup/config.
I'm not sure, but I think that having the Clean Rules threshold set at 1 will make upnp clean when any redirect is made, meaning you tell it to clean at 1, then it sees a redirect (1), so it cleans it, so you might have to at least set it to 2.
You could set clean time at 300 ( option clean_ruleset_interval '300' ) and the clean rules threshold at 5 (although default as @trendy suggested would be fine) , that should keep old forwards to a minimum and clear them out pretty quickly.
Only NAT-PMP does not work and together with upnp and it still does not fix the problem for me.
I just don't understand it... If i understand it correctly the miniupnpd service checks every 600 (in my case every 300) seconds if any data flows through the open port and if that's the case the port forward will remain active but for some reason it does not work with the PS4/PSN and old forwards will remain active until the threshold limit is reached (default 20 in my case).
edit2: It seem like that min-max_lifetime is only working for PCP, so again I'm out of ideas.
My ISP will change my public IP every 24h so I'll try Clean rules interval=86400 + Clean rules threshold=1.
What I figured out so far is that no packet or traffic is going through the opened PSN and game ports.
For example miniupnpd opens port 3659 for Apex Legends (EA Tunnel) but I can't see any traffic or packet in my NAT firewall for this port.
I guess that's why the ports will close after a while (Clean rules interval)...
I'm still trying to figure out why there is no traffic on the forwarded ports at Chain MINIUPNPD and Chain MINIUPNPD-POSTROUTING. I guess that's the reason why these port forwards are getting deleted... Or is it supposed to be like this?
I've tested miniupnp with my windows laptop and qBittorrent and everything is working fine over there. The rules are staying active while downloading a torrent and the rules are getting automaticly deleted after closing the programm. I can also see packets/traffic at the correct miniupnpd chain with qBittorrent.
So my conclusion is that the implementation of upnp on PS4 is buggy or miniupnpd isn't working correctly with PS4/PSN and thats why I don't see any traffic on the forwarded ports at the miniupnpd chain and the ports are getting closed after the default Clean rules interval and a Clean rules threshold of 1. Id love to test this with Xbox Live but I don't own a xbox. It would be great if someone with a xbox one could test this...
Here is my current upnp config for two PS4 consoles:
In Postrouting SNAT/Masquerade takes place, so I am not sure what is supposed to be found there.
On the other hand I am not using (and neither anyone security concerned) upnp, so I cannot say for sure. If the application has successfully created a flow using the ports it needs, then upnp is not necessary.
I just don't understand why miniupnpd doesn't pick up the traffic on port 3074 and I think it's the reason why the port forward is getting deleted from the chain. My knowlege about these things is very limited but it feels like that it shouldn't be like this.
Here is an example with qBittorrent (upnp working correctly, the port forwardings are staying active while downloading):
And here is an example with my PS4 playing Modern Warfare Multiplayer(game port is getting closed after 10mins. The Real Time connection Graph still shows traffic on port 3074 while the port forward is getting deleted/closed):
If the game is using the existing outgoing connection for the incoming traffic too, hole punching the firewall and keeping the connection active, then the port forward is basically useless.
I was just confused because miniupnpd were always closing every port forward for my PS4 and it happend on every PS4 Game that I've played... So everything is working as expected and there is no problem with miniupnpd and PS4/PSN?