UPnP not working UPnPError 501: ActionFailed

Hi,

iam new in OpenWrt and trying to reconfigure my old network to run over OpenWrt router.

my configurations is like this:
LTE modem with static public IP configured to DMZ to OpenWrt WAN IP

LTE modem local IP: 192.168.8.1. DMZ to 192.168.8.2
WAN interface IP on OpenWrt: 192.168.8.2
LAN interface IP on OpenWrt: 192.168.1.1

Static port forwarding is working. but also i want my devices to be able to open ports using UPnP.

upnpd.conf: not sure what should i put as external_ip? (i have tried all options with no luck: my real public ip, 192.168.8.1, 192.168.8.2)

config upnpd 'config'
	option download '1024'
	option upload '512'
	option internal_iface 'lan'
	option port '5000'
	option upnp_lease_file '/var/run/miniupnpd.leases'
	option enabled '1'
	option uuid 'fdf08393-a39b-4cc3-a9e7-fc825c08f8b4'
	option log_output '1'
	option external_iface 'wan'
	option external_ip '192.168.8.1'

config perm_rule
	option action 'allow'
	option ext_ports '1024-65535'
	option int_addr '0.0.0.0/0'
	option int_ports '1024-65535'
	option comment 'Allow high ports'

config perm_rule
	option ext_ports '0-65535'
	option int_addr '0.0.0.0/0'
	option int_ports '0-65535'
	option comment 'Default deny'
	option action 'allow'

log:

Sat Aug 29 22:24:41 2020 daemon.info miniupnpd[2493]: HTTP REQUEST from [::ffff:192.168.1.161]:54678 : POST /ctl/IPConn (HTTP/1.1)
Sat Aug 29 22:24:41 2020 daemon.debug miniupnpd[2493]: "Expect: 100-Continue" header detected
Sat Aug 29 22:24:41 2020 daemon.debug miniupnpd[2493]: Host: 192.168.1.1:5000
Sat Aug 29 22:24:41 2020 daemon.info miniupnpd[2493]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:2#AddPortMapping
Sat Aug 29 22:24:41 2020 daemon.info miniupnpd[2493]: AddPortMapping: ext port 4444 to 192.168.1.161:4444 protocol TCP for: Test leaseduration=3600 rhost=*
Sat Aug 29 22:24:41 2020 daemon.debug miniupnpd[2493]: UPnP permission rule 0 matched : port mapping accepted
Sat Aug 29 22:24:41 2020 daemon.debug miniupnpd[2493]: Check protocol tcp for port 4444 on ext_if br-lan 192.168.1.1, 0101A8C0
Sat Aug 29 22:24:41 2020 daemon.info miniupnpd[2493]: redirecting port 4444 to 192.168.1.161:4444 protocol TCP for: Test
Sat Aug 29 22:24:41 2020 daemon.info miniupnpd[2493]: Returning UPnPError 501: ActionFailed

You don't need to configure anything for the wan ip. Set aside the fact that 8.1 is wrong.
in the first rule you need to have 192.168.1.0/24 as internal addresses and in the second rule to deny as action.
This is the default configuration more or less, which should work out of the box.

1 Like

Thanks for replay. Finally i got UPnP working!

Options i needed to configure was: enable_natpmp (0), external_ip (my public IP), int_addr(192.168.1.0/24) for allow rule.

Here is full working upnpd.config:


config upnpd 'config'
	option enabled '1'
	option enable_natpmp '0'
	option external_ip '{my public IP}'
	option upnp_lease_file '/var/run/miniupnpd.leases'
	option uuid 'ec089b86-e9d4-4879-b553-7d65fc299669'

config perm_rule
	option action 'allow'
	option ext_ports '1024-65535'
	option int_addr '192.168.1.0/24'
	option int_ports '1024-65535'
	option comment 'Allow high ports'

config perm_rule
	option action 'deny'
	option ext_ports '0-65535'
	option int_addr '0.0.0.0/0'
	option int_ports '0-65535'
	option comment 'Default deny'

This one is not needed. You are not supposed to update it every time the wan IP changes.

In my case without external_ip UPnP not working. Here is the log from starting upnpd:

miniupnpd[24101]: Reserved / private IP address 192.168.1.1 on ext interface br-lan: Port forwarding is impossible
miniupnpd[24101]: You are probably behind NAT, enable option ext_perform_stun=yes to detect public IP address
miniupnpd[24101]: Or use ext_ip= / -o option to declare public IP address

What is the output of the following?

ubus call system board; uci export network; ip -4 addr

Here is the output

root@OpenWrt:~# ubus call system board; uci export network; ip -4 addr
{
        "kernel": "4.14.167",
        "hostname": "OpenWrt",
        "system": "Feroceon 88FR131 rev 1 (v5l)",
        "model": "Linksys Viper (E4200v2 / EA4500)",
        "board_name": "linksys,viper",
        "release": {
                "distribution": "OpenWrt",
                "version": "19.07.1",
                "revision": "r10911-c155900f66",
                "target": "kirkwood/generic",
                "description": "OpenWrt 19.07.1 r10911-c155900f66"
        }
}
package network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdc2:a5f3:c988::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.8.2'
        list dns '8.8.8.8'
        list dns '4.4.4.4'

config interface 'wan'
        option ifname 'eth1.2'
        option proto 'static'
        option netmask '255.255.255.0'
        option gateway '192.168.8.1'
        option ipaddr '192.168.8.2'
        option force_link '0'

config interface 'wan6'
        option ifname 'eth1.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 5t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
9: eth1.2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.8.2/24 brd 192.168.8.255 scope global eth1.2
       valid_lft forever preferred_lft forever

Remove the gateway from the LAN interface

Also configure the DNS servers under WAN interface.

Do you have static public IP or dynamic?

Thanks for advice, i have updated my configuration.

Do you have static public IP or dynamic?

My public IP is static, so not a big deal to have it in hard-coded in configuration.

1 Like

We are all so now on 19.07.3 soon to be .4

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.