Modify

Opened 5 years ago

Closed 2 years ago

#13826 closed defect (moved_to_github)

miniupnpd cannot open ports in firewall

Reported by: alzhao Owned by: developers
Priority: normal Milestone: Chaos Calmer 15.05
Component: packages Version: Trunk
Keywords: upnpd Cc:

Description

I enabled upnpd and opened two ports. In luci upnpd module, I can see the two ports opening.

In the firewall, I also can see miniupnpd and the ports. But I cannot access the ports from internet. While by adding a port forward manually, everything works fine. Please check.


Universal Plug & Play
UPnP allows clients in the local network to automatically configure the router.
Active UPnP Redirects
Protocol External Port Client Address Client Port
TCP 8888 192.168.8.234 8888
TCP 9999 192.168.8.234 9999


Firewall Status
IPv4 Firewall
IPv6 Firewall

Actions
Reset Counters
Restart Firewall

Table: Filter

Chain INPUT (Policy: ACCEPT, Packets: 0, Traffic: 0.00 B)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 5177 723.19 KB delegate_input all -- * * 0.0.0.0/0 0.0.0.0/0 -

Chain FORWARD (Policy: DROP, Packets: 0, Traffic: 0.00 B)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 16541 6.80 MB delegate_forward all -- * * 0.0.0.0/0 0.0.0.0/0 -

Chain OUTPUT (Policy: ACCEPT, Packets: 0, Traffic: 0.00 B)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 7091 2.56 MB delegate_output all -- * * 0.0.0.0/0 0.0.0.0/0 -

Chain MINIUPNPD (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B ACCEPT tcp -- * * 0.0.0.0/0 192.168.8.234 tcp dpt:8888
2 0 0.00 B ACCEPT tcp -- * * 0.0.0.0/0 192.168.8.234 tcp dpt:9999

Chain delegate_forward (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 16541 6.80 MB forwarding_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for forwarding */
2 15658 6.74 MB ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
3 883 58.71 KB zone_lan_forward all -- br-lan * 0.0.0.0/0 0.0.0.0/0 -
4 0 0.00 B zone_wan_forward all -- eth0 * 0.0.0.0/0 0.0.0.0/0 -
5 0 0.00 B reject all -- * * 0.0.0.0/0 0.0.0.0/0 -

Chain delegate_input (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 313 29.91 KB ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 -
2 4864 693.28 KB input_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for input */
3 3065 551.68 KB ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
4 201 9.48 KB syn_flood tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
5 1375 114.35 KB zone_lan_input all -- br-lan * 0.0.0.0/0 0.0.0.0/0 -
6 424 27.25 KB zone_wan_input all -- eth0 * 0.0.0.0/0 0.0.0.0/0 -

Chain delegate_output (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 313 29.91 KB ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 -
2 6778 2.53 MB output_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for output */
3 4966 2.30 MB ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
4 431 146.77 KB zone_lan_output all -- * br-lan 0.0.0.0/0 0.0.0.0/0 -
5 1381 94.25 KB zone_wan_output all -- * eth0 0.0.0.0/0 0.0.0.0/0 -

Chain reject (References: 3)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 148 6.30 KB REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
2 262 16.42 KB REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain syn_flood (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 201 9.48 KB RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 25/sec burst 50
2 0 0.00 B DROP all -- * * 0.0.0.0/0 0.0.0.0/0 -

Chain zone_lan_dest_ACCEPT (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 431 146.77 KB ACCEPT all -- * br-lan 0.0.0.0/0 0.0.0.0/0 -

Chain zone_lan_forward (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 883 58.71 KB forwarding_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for forwarding */
2 883 58.71 KB zone_wan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* forwarding lan -> wan */
3 0 0.00 B zone_lan_src_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 -

Chain zone_lan_input (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 1375 114.35 KB input_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for input */
2 1375 114.35 KB zone_lan_src_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 -

Chain zone_lan_output (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 431 146.77 KB output_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for output */
2 431 146.77 KB zone_lan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 -

Chain zone_lan_src_ACCEPT (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 1375 114.35 KB ACCEPT all -- br-lan * 0.0.0.0/0 0.0.0.0/0 -

Chain zone_lan_src_REJECT (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B reject all -- br-lan * 0.0.0.0/0 0.0.0.0/0 -

Chain zone_wan_dest_ACCEPT (References: 2)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 2264 152.96 KB ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0 -

Chain zone_wan_forward (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B MINIUPNPD all -- * * 0.0.0.0/0 0.0.0.0/0 -
2 0 0.00 B forwarding_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for forwarding */
3 0 0.00 B zone_wan_src_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 -

Chain zone_wan_input (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 424 27.25 KB input_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for input */
2 12 4.45 KB ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68 /* Allow-DHCP-Renew */
3 0 0.00 B ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 /* Allow-Ping */
4 0 0.00 B ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:81 /* glservice */
5 0 0.00 B ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:81 /* glservice */
6 2 80.00 B ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 /* glvideo */
7 0 0.00 B ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:8080 /* glvideo */
8 0 0.00 B ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6911 /* btservice */
9 0 0.00 B ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:6911 /* btservice */
10 410 22.72 KB zone_wan_src_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 -

Chain zone_wan_output (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 1381 94.25 KB output_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for output */
2 1381 94.25 KB zone_wan_dest_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 -

Chain zone_wan_src_REJECT (References: 2)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 410 22.72 KB reject all -- eth0 * 0.0.0.0/0 0.0.0.0/0 -

Table: NAT

Chain PREROUTING (Policy: ACCEPT, Packets: 45, Traffic: 3.66 KB)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 2649 261.25 KB delegate_prerouting all -- * * 0.0.0.0/0 0.0.0.0/0 -

Chain POSTROUTING (Policy: ACCEPT, Packets: 7, Traffic: 804.00 B)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 2362 166.01 KB delegate_postrouting all -- * * 0.0.0.0/0 0.0.0.0/0 -

Chain MINIUPNPD (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 0 0.00 B DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 to:192.168.8.234:8888
2 0 0.00 B DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999 to:192.168.8.234:9999

Chain delegate_postrouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 2362 166.01 KB postrouting_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for postrouting */
2 61 15.59 KB zone_lan_postrouting all -- * br-lan 0.0.0.0/0 0.0.0.0/0 -
3 2147 140.94 KB zone_wan_postrouting all -- * eth0 0.0.0.0/0 0.0.0.0/0 -

Chain delegate_prerouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 2649 261.25 KB prerouting_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for prerouting */
2 2247 236.72 KB zone_lan_prerouting all -- br-lan * 0.0.0.0/0 0.0.0.0/0 -
3 402 24.53 KB zone_wan_prerouting all -- eth0 * 0.0.0.0/0 0.0.0.0/0 -

Chain zone_lan_postrouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 61 15.59 KB postrouting_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for postrouting */

Chain zone_lan_prerouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 2247 236.72 KB prerouting_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for prerouting */

Chain zone_wan_postrouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 2147 140.94 KB postrouting_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for postrouting */
2 2147 140.94 KB MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 -

Chain zone_wan_prerouting (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 402 24.53 KB MINIUPNPD all -- * * 0.0.0.0/0 0.0.0.0/0 -
2 402 24.53 KB prerouting_wan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for prerouting */

Table: Mangle

Chain PREROUTING (Policy: ACCEPT, Packets: 22131, Traffic: 7.61 MB)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 22131 7.61 MB fwmark all -- * * 0.0.0.0/0 0.0.0.0/0 -

Chain FORWARD (Policy: ACCEPT, Packets: 16541, Traffic: 6.80 MB)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 16541 6.80 MB mssfix all -- * * 0.0.0.0/0 0.0.0.0/0 -

Chain mssfix (References: 1)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 517 32.20 KB TCPMSS tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 /* wan (mtu_fix) */ TCPMSS clamp to PMTU

Table: Raw

Chain PREROUTING (Policy: ACCEPT, Packets: 22131, Traffic: 7.61 MB)
Rule # Pkts. Traffic Target Prot. Flags In Out Source Destination Options
1 22131 7.61 MB notrack all -- * * 0.0.0.0/0 0.0.0.0/0 -

Attachments (0)

Change History (2)

comment:1 Changed 4 years ago by cquijano

Works well with, udp

root@OpenWrt:~# iptables -t nat -L MINIUPNPD -n -v
Chain MINIUPNPD (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:60247 to:10.75.247.85:60247
  198 24158 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:60247 to:10.75.247.85:60247

But fails with tcp redireccion. Ideas ? Maybe somthing related whith cstate rules ?

comment:2 Changed 2 years ago by nbd

  • Resolution set to moved_to_github
  • Status changed from new to closed

miniupnpd is maintained here: ​https://github.com/openwrt-routing/packages

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.