OpenWrt Forum Archive

Post #1

urosnor

7 Aug 2007, 21:11

I'm using OpenWrt White Russian with X-Wrt Extensions 0.9 (Webif2 r2687) on my Linksys WRT54GL v1.1.
miniupnp is installed but uTorrent is complaining that there is no incoming connections. Port check (http://www.utorrent.com/testport.php?port=<p>) also fails.

But in Windows, under the Gateway Properties, I can see the port mappings, they are correct.

uTorrent log shows me:

[21:52:57] UPnP: Discovered host: http://192.168.<x>.1:5000/rootDesc.xml
[21:52:57] UPnP: Discovered new device: http://192.168.<x>.1:5000/ctl/IPConn
[21:52:57] UPnP: Mapped TCP port <p> -> 192.168.<x>.<x>:<p>
[21:52:57] UPnP: Getting external IP
[21:52:57] UPnP: Got external IP: <y>.<y>.<y>.<y>

Finally, connecting to the router:

root@OpenWrt:~$ iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP tcp -- anywhere anywhere tcp option=!2 flags:SYN/SYN
input_rule all -- anywhere anywhere
input_wan all -- anywhere anywhere
LAN_ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT gre -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
forwarding_rule all -- anywhere anywhere
forwarding_wan all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
MINIUPNPD all -- anywhere anywhere

Chain LAN_ACCEPT (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain MINIUPNPD (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 192.168.<x>.<x> tcp dpt:<p> # <-- this is it
ACCEPT tcp -- anywhere 192.168.<x>.<x> tcp dpt:<p1> # rest are irrelevant, may be msn
ACCEPT tcp -- anywhere 192.168.<x>.<x> tcp dpt:<p2>
ACCEPT tcp -- anywhere 192.168.<x>.<x> tcp dpt:<p3>
ACCEPT tcp -- anywhere 192.168.<x>.<x> tcp dpt:<p4>

Chain OUTPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
output_rule all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain forwarding_rule (1 references)
target prot opt source destination

Chain forwarding_wan (1 references)
target prot opt source destination

Chain input_rule (1 references)
target prot opt source destination

Chain input_wan (1 references)
target prot opt source destination

Chain output_rule (1 references)
target prot opt source destination
root@OpenWrt:~$

The port is truely closed, can't connected to it.

Can anyone tell me how to get it work? (Shall I get provide more info? What and how?)

Post #2

Borromini

7 Aug 2007, 21:15

I had the same issue with ktorrent, and just as with Oleg's firmware, UPnP was not working (I do not know what UPnP daemon Oleg uses). I switched back to static forwarding by the router's firewall, for what it's worth...

Post #3

urosnor

22 Aug 2007, 08:26

It must be working. Any ideas what to do? Replacing by other upnpd (linux-igd?) can be a solution?

Post #4

Borromini

22 Aug 2007, 12:16

Well, you say it yourself. Did you try the alternative? As i say i never checked what daemon Oleg's firmware uses, but it did not work (or only half of the time).

Post #5

urosnor

28 Aug 2007, 19:33

OK, I tried linux-igd, and it works perfectly!

However, it was a bit tricky to install it (at least by webif2): I had to issue 'ipkg update', then 'ipkg install libpthread', after this webif2 was also able install linux-igd.

Post #6

miniupnp

23 Sep 2007, 23:06

Both nat AND filter tables should be checked :

iptables -v -n -t nat -L PREROUTING
iptables -v -n -t nat -L MINIUPNPD
iptables -v -n -t filter -L FORWARD
iptables -v -n -t filter -L MINIUPNPD

Post #7

xarvox

25 Nov 2009, 01:22

i had some issues with getting upnp running with my bittorrent clients (utorrent and transmit, mac) untill i found the post above me, but it took me quite a while to figure out what to do with it..

Just copy/paste line by line from the code part of the beforementioned post into a terminal with a working ssh/telnet connection to the router.

that and removing all previous attempts (uninstalling software components) and installing only the miniupnpd v1.1-5 package enabled both my clients to respond with a green light next to the port number.

sorry for stating the obvious, but for some users (me included) its good to have a detailed description when searching for a solution

Post #8

tcp422

21 Jan 2011, 17:53

I'm using OpenWRT Backfire 10.03.1-rc4 on a Buffalo WZR-HP-G300NH. I have installed miniupnp and enabled it.

# opkg install luci-app-upnp miniupnpd

# /etc/init.d/miniupnpd enable
# /etc/init.d/miniupnpd start

I then ran the four iptables commands in the previous post and rebooted the router.

I can see the relevant ports in the firewall like the original poster, but the port does not forward. I can create a static NAT rule, so I'm confident that the service in question is live and that it's only the miniupnp that isn't seemingly forwarding the ports.

Any suggestions on how to debug?