Upnp DOESN'T WORK!

isslam · February 12, 2020, 12:01pm

Active UPnP Redirects is empty i tried to add option external_ip to config upnpd 'config' at /etc/config/upnpd and still doesn't work and i add rule at luci web gui allow 1-65535 and my lan ip 223.0.0.0/24 i installed miniupnpd libminiupnpc
miniupnpc
here my

/etc/config/upnpd

config perm_rule
option action 'allow'
option ext_ports '1024-65535'
option int_ports '1024-65535'
option comment 'Allow high ports'
option int_addr '223.0.0.0/24'

config upnpd 'config'
option download '1024'
option upload '512'
option internal_iface 'lan'
option port '5000'
option upnp_lease_file '/var/run/miniupnpd.leases'
option enabled '1'
option secure_mode '0'
option igdv1 '1'
option log_output '1'
option uuid 'ce2d9055-6dfc-4754-b754-d0366780836a'
option external_ip 'x.x.x.x'

trendy · February 12, 2020, 1:36pm

int_addr needs to be the lan addresses you want to allow, e/g 192.168.1.0/24

isslam · February 12, 2020, 2:12pm

My lan is 223.0.0.1 when i switch back to lede it works i think there somthing wrong with new version

trendy · February 12, 2020, 2:39pm

Then change the LAN address to a private space, like 192.168.1.0/24. The address space you are using is public and reserved.

dlakelan · February 12, 2020, 2:45pm

well, it is possible that it's reserved to isslam.

lleachii · February 12, 2020, 3:25pm

Nope.

Screenshot from 2020-02-12 10-19-32

descr:          Operations & Support Center, Computer Network
descr:          Information CenterChinese Academy of Sciences

Actually, it's public; and in use.

dlakelan · February 12, 2020, 3:27pm

Well, I don't know who isslam is but he might be a network tech for the Chinese Academy of Sciences

eduperez · February 12, 2020, 4:44pm

Do you see anything on the logs when a client tries to open a port? Can you see the requests arriving, for example using 'tcpdump'?

theMan · February 13, 2020, 4:04am

I have the same problem. 19.07.1 (probably was the case in .0 too) will try to switch back to 18.06.x

hu Feb 13 03:32:13 2020 user.info banIP-0.3.11[3117]: start banIP processing (refresh)
Thu Feb 13 03:32:14 2020 daemon.err miniupnpd[3296]: could not open lease file: /var/run/miniupnpd.leases
Thu Feb 13 03:32:14 2020 daemon.notice miniupnpd[3296]: HTTP listening on port 5000
Thu Feb 13 03:32:14 2020 daemon.notice miniupnpd[3296]: HTTP IPv6 address given to control points : [fd11:9ad:3f0e::1]
Thu Feb 13 03:32:14 2020 daemon.notice miniupnpd[3296]: Listening for NAT-PMP/PCP traffic on port 5351
Thu Feb 13 03:32:14 2020 daemon.notice netifd: Interface 'wan6' is now up


Thu Feb 13 03:34:19 2020 daemon.err miniupnpd[3296]: upnp_event_recv: recv(): Connection reset by peer
Thu Feb 13 03:34:19 2020 daemon.err miniupnpd[3296]: upnpevents_processfds: 0x3fa70, remove subscriber uuid:b8a16b82-7455-4dd5-9560-0ffb7882948c after an ERROR cb: http://192.168.2.138:2869/upnp/eventing/dvvgpvfixy
Thu Feb 13 03:34:19 2020 daemon.err miniupnpd[3296]: upnp_event_recv: recv(): Connection reset by peer
Thu Feb 13 03:34:19 2020 daemon.err miniupnpd[3296]: upnpevents_processfds: 0x3f980, remove subscriber uuid:ddec5a63-21dc-4b2f-ace7-dc0e65af14f8 after an ERROR cb: http://192.168.2.138:2869/upnp/eventing/xjrbnncipo
Thu Feb 13 03:35:30 2020 daemon.warn miniupnpd[3296]: HTTP Connection from 192.168.2.118 closed unexpectedly
Thu Feb 13 03:35:33 2020 daemon.warn miniupnpd[3296]: HTTP Connection from 192.168.2.118 closed unexpectedly
Thu Feb 13 03:35:40 2020 daemon.err miniupnpd[3296]: Failed to add NAT-PMP 26194 tcp->192.168.2.118:22000 'NAT-PMP 26194 tcp'
Thu Feb 13 03:35:40 2020 daemon.err miniupnpd[3296]: Failed to add NAT-PMP 59954 tcp->192.168.2.118:22000 'NAT-PMP 59954 tcp'
Thu Feb 13 03:35:40 2020 daemon.err miniupnpd[3296]: Failed to add NAT-PMP 35852 tcp->192.168.2.118:22000 'NAT-PMP 35852 tcp'
Thu Feb 13 03:35:40 2020 daemon.err miniupnpd[3296]: Failed to add NAT-PMP 14780 tcp->192.168.2.118:22000 'NAT-PMP 14780 tcp'
Thu Feb 13 03:35:40 2020 daemon.err miniupnpd[3296]: Failed to add NAT-PMP 25314 tcp->192.168.2.118:22000 'NAT-PMP 25314 tcp'
Thu Feb 13 03:35:40 2020 daemon.err miniupnpd[3296]: Failed to add NAT-PMP 10126 tcp->192.168.2.118:22000 'NAT-PMP 10126 tcp'

And so on..

isslam · February 13, 2020, 4:21am

i will change it back to 192.168.1.1

dlakelan · February 13, 2020, 4:41am

I mean, technically, when you think about it, as long as you NEVER EVER need to connect to the chinese academy of sciences, and you are in fact doing NAT at your WAN, it doesn't really matter But yeah, change it back, but whatever, it's not the source of the problem.

isslam · February 14, 2020, 3:24pm

you can manually open these port in upnp in ssh
iptables -t nat -I MINIUPNPD -p tcp or udp --dport your port -j DNAT --to your lan ip:your port
it works for me

JulietWhiskeyO9I4 · February 16, 2020, 1:38pm

Just an FYI, UPnP should never be used as it's a massive security risk.

Manually forward the ports you need to forward and completely remove UPnP.

system · February 26, 2020, 1:50pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.