OpenWrt Forum Archive

Topic: miniupnpd errors (was miniupnpd[xxxx]: Can't find in which sub netwo

The content of this topic has been archived on 19 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

I am getting the following errors showing up in the log about every 3 seconds.
What is the cause?
What can i do to fix it?
Should I report this as a bug?

miniupnpd config:

01-17-2012    14:02:22    Daemon.Error    192.168.30.1    Jan 17 14:02:24 miniupnpd[18897]: Can't find in which sub network the client is
01-17-2012    14:02:22    Daemon.Info    192.168.30.1    Jan 17 14:02:24 miniupnpd[18897]: SSDP M-SEARCH from 192.168.30.14:54618 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
01-17-2012    14:02:19    Daemon.Error    192.168.30.1    Jan 17 14:02:21 miniupnpd[18897]: Can't find in which sub network the client is
01-17-2012    14:02:19    Daemon.Info    192.168.30.1    Jan 17 14:02:21 miniupnpd[18897]: SSDP M-SEARCH from 192.168.30.14:54618 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
01-17-2012    14:02:16    Daemon.Error    192.168.30.1    Jan 17 14:02:18 miniupnpd[18897]: Can't find in which sub network the client is
01-17-2012    14:02:16    Daemon.Info    192.168.30.1    Jan 17 14:02:18 miniupnpd[18897]: SSDP M-SEARCH from 192.168.30.14:54618 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Please paste your current /var/etc/miniupnpd.conf

sorry its been a long day, I thought I had included this in the original posting!
network config -
interfaces
     wan  -   pppoe (ifixed ip block routed over the dsl connection) 74.111.222.17/28
     dmz  -  74.111.222.17/28
     guest -  192.168.20.1/28       (wlan0-1)
     lan  -  192.168.30.1/27          (br-lan)
     henat -  2001:470....

Only guest and lan should be able to use upnp.

Would it be more secure to turn ipnp off and only use pmp-nat? what woould I lose by doing so?


==========
miniupnpd config:

config 'perm_rule'
    option 'ext_ports' '1024-65535'
    option 'int_addr' '192.168.20.1/28'
    option 'int_ports' '1024-65535'
    option 'action' 'allow'
    option 'comment' 'Guest allow high ports'

config 'perm_rule'
    option 'action' 'allow'
    option 'ext_ports' '1024-65535'
    option 'int_ports' '1024-65535'
    option 'int_addr' '192.168.30.1/27'
    option 'comment' 'LAN allow high ports'

config 'perm_rule'
    option 'ext_ports' '0-65535'
    option 'int_addr' '192.168.20.1/28'
    option 'int_ports' '0-65535'
    option 'action' 'deny'
    option 'comment' 'Guest default deny'

config 'perm_rule'
    option 'action' 'deny'
    option 'ext_ports' '0-65535'
    option 'int_ports' '0-65535'
    option 'int_addr' '192.168.30.1/27'
    option 'comment' 'LAN default deny'

config 'upnpd' 'config'
    option 'download' '4048'
    option 'upload' '512'
    option 'external_iface' 'wan'
    option 'internal_iface' 'guest lan'
    option 'port' '5000'
    option 'presentation_url' 'http://192.168.30.1/'
    option 'log_output' '1'
    option 'uuid' 'ef68d298-9c45-4c42-a2f0-a5c5385a944c'
    option 'model_number' 'OpenWRT'
    option 'serial_number' 'r29697'

I meant /var/etc/miniupnpd.conf

I should have mentioned that both the guest & lan networks have ip6 addresses (2001:470:dead:10::/64 & 2001:470:dead:30::/64 respectively

ext_ifname=pppoe-wan
listening_ip=192.168.20.1/255.255.255.240
listening_ip=192.168.30.1/255.255.255.224
port=5000
enable_natpmp=yes
enable_upnp=yes
secure_mode=yes
system_uptime=yes
bitrate_down=33161216
bitrate_up=4194304
presentation_url=http://192.168.30.1/
uuid=ef68d298-9c45-4c42-a2f0-a5c5385a944c
serial=r29697
model_number=OpenWRT
allow 1024-65535 192.168.20.1/28 1024-65535
allow 1024-65535 192.168.30.1/27 1024-65535
deny 0-65535 192.168.20.1/28 0-65535
deny 0-65535 192.168.30.1/27 0-65535

(Last edited by zzz2002 on 17 Jan 2012, 21:57)

Ah ok, you're running a buggy version of miniupnpd. The listen_ip stanzas in the generated config must be in CIDR format, so

listening_ip=192.168.20.1/28
listening_ip=192.168.30.1/27

This has been fixed with https://dev.openwrt.org/changeset/29722

I hand carried the code across and the problem appears to be solved.

Life is good and I off to supper!

Thanks

JohnA

I am having similar issues to above but my generate config is showing the correct CIDR format.
In my case I have a WAN interface and a LAN interface that are on different subnets 192.168.0.0 and 192.168.1.1 respectively.

My WAN interface is connected to a second router 192.168.0.12 .. and the gateway to internet is on that. I have also pptp vpn interface which builds a tunnel out through 192.168.0.12 to remote internet location.
All works well and I am routing between 192.168.0.0 and 192.168.1.0 but upnp devices are not visible across the 2 subnets.
upnp is finding and responding to traffic on the 192.168.1.1 subnet correctly but shows this in the system log:

Jan 20 20:37:42 OpenWrt daemon.info miniupnpd[11799]: SSDP M-SEARCH from 192.168.0.1:55221 ST: upnp:rootdevice
Jan 20 20:37:42 OpenWrt daemon.err miniupnpd[11799]: Can't find in which sub network the client is

from anything on the 192.168.0.0 subnet.

I don't see 2 entries for "listening_ip" in my generated conf - could this be the problem?

upnpd is:

config 'upnpd' 'config'
        option 'download' '1024'
        option 'upload' '512'
        option 'external_iface' 'wan'
        option 'internal_iface' 'lan'
        option 'port' '5000'
        option 'uuid' 'f39a89ae-9abe-4c6d-82e6-0809fd99b203'
        option 'log_output' '1'


config 'perm_rule'
        option 'comment' 'Allow subnet 1 high ports'
        option 'ext_ports' '1024-65535'
        option 'int_addr' '192.168.0.0/24'
        option 'int_ports' '1024-65535'
        option 'action' 'allow'

config 'perm_rule'
        option 'comment' 'Allow subnet 2 high ports'
        option 'ext_ports' '1024-65535'
        option 'int_addr' '192.168.1.0/24'
        option 'int_ports' '1024-65535'
        option 'action' 'allow'

config 'perm_rule'
        option 'action' 'allow'
        option 'ext_ports' '1024-65535'
        option 'int_addr' '0.0.0.0/0'
        option 'int_ports' '1024-65535'
        option 'comment' 'Allow high ports'

config 'perm_rule'
        option 'action' 'deny'
        option 'ext_ports' '0-65535'
        option 'int_addr' '0.0.0.0/0'
        option 'int_ports' '0-65535'
        option 'comment' 'Default deny'

generated /var/etc/miniupnpd.conf :-

ext_ifname=eth1.1
listening_ip=192.168.1.196/24
port=5000
enable_natpmp=yes
enable_upnp=yes
secure_mode=yes
system_uptime=yes
bitrate_down=8388608
bitrate_up=4194304
uuid=f39a89ae-9abe-4c6d-82e6-0809fd99b203
allow 1024-65535 192.168.0.0/24 1024-65535
allow 1024-65535 192.168.1.0/24 1024-65535
allow 1024-65535 0.0.0.0/0 1024-65535
deny 0-65535 0.0.0.0/0 0-65535

Any clues?

Rgds

Alastair B

Yeah, a client in the 0 network is asking the miniupnpd serving only the 1 network.
In other words, perfectly normal.

Jow,
Do you have any advise of how can I get it to serve both networks? I have searched a lot for this error on forums. The reason I asked for help on this one is that the case above seemed to be serving both nets.
Am I missing another bit of configuration somewhere else??

Alastair B

Well add the second iface to "option 'internal_iface' 'lan'". This thread already contains an example.

Jow,

Great!. Added
        option 'external_iface' 'vpn'
        option 'internal_iface' 'lan wan'

and now I have ports being opened from both subnets and IP's from the router from both in the generated conf.
However there must still be something blocking or not forwarding the broadcasts between subnets as my upnp devices are still not visible to one another.

Maybe I should add the setup i am looking for.

So I am trying to have a "lan" subnet (192.168. 1.0) for a smart-tv, a NAS and an x-box (lan is also br-lan bridged to a wifi ssid). On  the other side of the openwrt router I have "wan" (192.168.0.0) and on that I have another router as default gateway to internet, running another wifi ssid, several PCs, - one acting as mediacenter, and a couple of netcams all upnp devices. These devices also access internet but directly through my ISP.
The "lan" subnet on openwrt uses pptp to build a VPN out through "wan" and the internet gateway to a VPN provider. that is why I put "vpn" as my external iface.
When the vpn is "up" I can still ping from one subnet to the other.. but I was looking for upnp to open the ports so that I can "discover" my media center from the smart tv on 192.168.1.0, or "discover" the NAS from a PC on 192.168.0.0

So again I am sure I am missing something - maybe I am missing the point altogether and what I am trying is not going to work! Do I need somekind of igmproxy? and if so any idea what kind of setup does it need?

Thanks very much for your help so far...I feel close to nailing this!

Rgds

Alastair

The discussion might have continued from here.