Router: TP-Link TL-WR841N/ND v8 4MB ROM with 32 MB RAM Firmware Version: OpenWrt SNAPSHOT r10863-e1dcfe02b2 / LuCI Master (git-19.243.51105-2fab0ad) Kernel Version: 4.14.138 Issue: Every time I launch qBitorrent software I get to see "Failed to add NAT-PMP" error in the system log.
Is this a known bug for a long time? I haven't found much info about it online, so I hope anyone here knows about this?
Also, my public IP address isn't static. I've forwarded all ports in firewall. Default firewall rules + Added rules for DSCP tagging but nothing else to interfere UPnP modules (as per my knowledge) Log:
Sat Sep 7 01:38:45 2019 user.notice SQM: layer_cake.qos was started on pppoe-wan successfully
Sat Sep 7 01:38:46 2019 user.notice firewall: Reloading firewall due to ifup of wan (pppoe-wan)
Sat Sep 7 01:38:47 2019 daemon.err uhttpd[1575]: luci: accepted login on / for root from [192.168.1.101](https://192.168.1.101/)
Sat Sep 7 01:38:49 2019 [daemon.info](https://daemon.info/) dnsmasq[1581]: read /etc/hosts - 4 addresses
Sat Sep 7 01:38:49 2019 [daemon.info](https://daemon.info/) dnsmasq[1581]: read /tmp/hosts/dhcp.cfg01411c - 6 addresses
Sat Sep 7 01:38:49 2019 [daemon.info](https://daemon.info/) dnsmasq-dhcp[1581]: read /etc/ethers - 0 addresses
Sat Sep 7 01:38:49 2019 [daemon.info](https://daemon.info/) dnsmasq[1581]: using local addresses only for domain [zzhc.vnet.cn](https://zzhc.vnet.cn/)
Sat Sep 7 01:38:49 2019 [daemon.info](https://daemon.info/) dnsmasq[1581]: using local addresses only for domain [zy16eoat1w.com](https://zy16eoat1w.com/)
Sat Sep 7 01:38:49 2019 [daemon.info](https://daemon.info/) dnsmasq[1581]: using local addresses only for domain [zumobi.com](https://zumobi.com/)
Sat Sep 7 01:38:49 2019 [daemon.info](https://daemon.info/) dnsmasq[1581]: using local addresses only for domain [zqtk.net](https://zqtk.net/)
Sat Sep 7 01:38:49 2019 [daemon.info](https://daemon.info/) dnsmasq[1581]: using local addresses only for domain [zmedia.com](https://zmedia.com/)
Sat Sep 7 01:38:49 2019 [daemon.info](https://daemon.info/) dnsmasq[1581]: using local addresses only for domain [zlp6s.pw](https://zlp6s.pw/)
Sat Sep 7 01:38:49 2019 [daemon.info](https://daemon.info/) dnsmasq[1581]: using local addresses only for domain [zintext.com](https://zintext.com/)
Sat Sep 7 01:38:49 2019 [daemon.info](https://daemon.info/) dnsmasq[1581]: using local addresses only for domain [zeusclicks.com](https://zeusclicks.com/)
Sat Sep 7 01:38:49 2019 [daemon.info](https://daemon.info/) dnsmasq[1581]: using nameserver [1.1.1.1#53](https://1.1.1.1/#53)
Sat Sep 7 01:38:49 2019 [daemon.info](https://daemon.info/) dnsmasq[1581]: using 4146 more local addresses
Sat Sep 7 01:38:51 2019 [user.info](https://user.info/) adblock-3.8.4[11611]: blocklist with overall 4147 domains loaded successfully (TP-Link TL-WR841N/ND v8, OpenWrt SNAPSHOT r10863-e1dcfe02b2)
Sat Sep 7 01:41:20 2019 daemon.err miniupnpd[2129]: Failed to add NAT-PMP 8999 tcp->[192.168.1.101:8999](https://192.168.1.101:8999/) 'NAT-PMP 8999 tcp' <-------
Sat Sep 7 01:41:20 2019 daemon.err miniupnpd[2129]: Failed to add NAT-PMP 8999 udp->[192.168.1.101:8999](https://192.168.1.101:8999/) 'NAT-PMP 8999 udp' <------- THIS
Sat Sep 7 01:41:25 2019 daemon.err uhttpd[1575]: luci: accepted login on / for root from [192.168.1.101](https://192.168.1.101/)
P.S. My router's CPU supports 533 MHz & have plentyyy of free RAM for other modules to work properly (minimum total available is always 5 MB). Will the CPU cause even slight bottleneck to day to day surfing & watching videos? Especially sending & receiving game UDP packets?
Will restart my router & update the status
Update: Didn't work. "Failed to add NAT-PMP" same thing. Btw does this have to do this with my dynamic public address?
# Generated by iptables-save v1.8.3 on Sun Sep 8 03:15:01 2019
*raw
:PREROUTING ACCEPT [17950:5167079]
:OUTPUT ACCEPT [7535:2616772]
:zone_lan_helper - [0:0]
-A PREROUTING -i br-lan -m comment --comment "!fw3: lan CT helper assignment" -j zone_lan_helper
COMMIT
# Completed on Sun Sep 8 03:15:01 2019
# Generated by iptables-save v1.8.3 on Sun Sep 8 03:15:01 2019
*nat
:PREROUTING ACCEPT [809:137095]
:INPUT ACCEPT [277:23792]
:OUTPUT ACCEPT [184:17495]
:POSTROUTING ACCEPT [55:8363]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp -m comment --comment "!fw3: DMZ" -j REDIRECT --to-ports 0-65535
-A zone_wan_prerouting -p udp -m udp -m comment --comment "!fw3: DMZ" -j REDIRECT --to-ports 0-65535
-A zone_wan_prerouting -j MINIUPNPD
COMMIT
# Completed on Sun Sep 8 03:15:01 2019
# Generated by iptables-save v1.8.3 on Sun Sep 8 03:15:01 2019
*mangle
:PREROUTING ACCEPT [17973:5167999]
:INPUT ACCEPT [6423:572579]
:FORWARD ACCEPT [11540:4595063]
:OUTPUT ACCEPT [7558:2621244]
:POSTROUTING ACCEPT [19099:7216359]
:dscp_mark - [0:0]
:qos_Default - [0:0]
:qos_Default_ct - [0:0]
-A FORWARD -j dscp_mark
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A dscp_mark -p icmp -j DSCP --set-dscp 0x28
-A dscp_mark -p udp -m udp --sport 6015 -j DSCP --set-dscp 0x2e
-A dscp_mark -p udp -m udp --sport 3074 -j DSCP --set-dscp 0x2e
-A dscp_mark -p udp -m udp --sport 10000:10099 -j DSCP --set-dscp 0x2e
-A dscp_mark -p udp -m udp --dport 6015 -j DSCP --set-dscp 0x2e
-A dscp_mark -p udp -m udp --dport 3074 -j DSCP --set-dscp 0x2e
-A dscp_mark -p udp -m udp --dport 10000:10099 -j DSCP --set-dscp 0x2e
-A qos_Default -j CONNMARK --restore-mark --nfmask 0xf --ctmask 0xf
-A qos_Default -m mark --mark 0x0/0xf -j qos_Default_ct
-A qos_Default -p udp -m mark --mark 0x0/0xf0 -m length --length 0:500 -j MARK --set-xmark 0x22/0xff
-A qos_Default -p icmp -j MARK --set-xmark 0x11/0xff
-A qos_Default -p tcp -m mark --mark 0x0/0xf0 -m tcp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x44/0xff
-A qos_Default -p udp -m mark --mark 0x0/0xf0 -m udp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x44/0xff
-A qos_Default -j CONNMARK --save-mark --nfmask 0xff --ctmask 0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 22,53 -m comment --comment "ssh, dns" -j MARK --set-xmark 0x11/0xff
-A qos_Default_ct -p udp -m mark --mark 0x0/0xf -m udp -m multiport --ports 22,53 -m comment --comment "ssh, dns" -j MARK --set-xmark 0x11/0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 20,21,25,80,110,443,993,995 -m comment --comment "ftp, smtp, http(s), imap" -j MARK --set-xmark 0x33/0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 5190 -m comment --comment "AOL, iChat, ICQ" -j MARK --set-xmark 0x22/0xff
-A qos_Default_ct -p udp -m mark --mark 0x0/0xf -m udp -m multiport --ports 5190 -m comment --comment "AOL, iChat, ICQ" -j MARK --set-xmark 0x22/0xff
-A qos_Default_ct -j CONNMARK --save-mark --nfmask 0xff --ctmask 0xff
COMMIT
# Completed on Sun Sep 8 03:15:01 2019
# Generated by iptables-save v1.8.3 on Sun Sep 8 03:15:01 2019
*filter
:INPUT ACCEPT [26:4238]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sun Sep 8 03:15:01 2019
This will ofc show me on Luci status>firewall right?
I can see 'MINIUPNPD' entry in multiple chains BUT 'Chain MINIUPNPD' & 'Chain MINIUPNPD-POSTROUTING' entries are empty. Means it didn't add 8999 port at all
Edited:
Did you consider to add a static port redirect?
Yes I did. As I've mentioned my internal IP is static but not the public IP.
It doesn't matter whether your WAN IP is static or not, but LAN IP matters.
UPnP is only useful when your LAN client doesn't have a static IP or when you need many dynamic redirects.
Ah yes for dynamic redirects but what do you think where the problem lies? I've uploaded my menu config if possible can you compare it with your config? Am I missing any dependency?