Project

General

Profile

Actions

Bug #10398

closed

RFC1918 external address in miniupnp does not work after upgrade to 2.4.5

Added by Andy Kwong over 1 year ago. Updated over 1 year ago.

Status:
Needs Patch
Priority:
Normal
Assignee:
-
Category:
UPnP/NAT-PMP
Target version:
-
Start date:
03/31/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.5
Affected Architecture:
All

Description

After upgrading pfSense to 2.4.5, MiniUPnP refuses to assign port mappings when the WAN interface is RFC1918 -

ISP provided outside router is on 192.168.10.254 forwarding all ports to 192.168.10.1.

pfSense -
External WAN interface is 192.168.10.2 (192.168.10.1 CARP)
Internal LAN interface is 192.168.20.2 (192.168.20.1 CARP)

Test host is on 192.168.20.100

On 2.4.4p3 -

# upnpc -a 192.168.20.100 63000 64000 tcp
upnpc : miniupnpc library test client, version 2.1.
 (c) 2005-2018 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://192.168.20.2:2189/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found a (not connected?) IGD : http://192.168.20.2:2189/ctl/IPConn
Trying to continue anyway
Local LAN ip address : 192.168.20.100
ExternalIPAddress = 192.168.10.2
InternalIP:Port = 192.168.20.100:63000
external 192.168.10.2:64000 TCP is redirected to internal 192.168.20.100:63000 (duration=0)

On 2.4.5 -

# upnpc -a 192.168.20.100 63000 64000 tcp
upnpc : miniupnpc library test client, version 2.1.
 (c) 2005-2018 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://192.168.20.2:2189/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found a (not connected?) IGD : http://192.168.20.2:2189/ctl/IPConn
Trying to continue anyway
Local LAN ip address : 192.168.20.100
GetExternalIPAddress failed.
AddPortMapping(64000, 63000, 192.168.20.100) failed with code 501 (Action Failed)

It seems that the latest version of miniupnp includes a commit that forbids external addresses as per -

https://github.com/miniupnp/miniupnp/commit/8e10a1aeab9b8cd4d3b2e964b02e9ad409cf3aaa
https://github.com/miniupnp/miniupnp/issues/298
https://github.com/miniupnp/miniupnp/issues/333

One of the solutions recommended is to statically set the ext address in miniupnpd. This is not possible through the pfSence GUI. It's also problematic as the real ext address is assigned by PPPoE (on the outside router) in my setup.

Another thing I attempted is setting the WAN address in the UPnP page specifically to 192.168.10.x, but then the miniupnp daemon dies immediately.

It seems that other projects using miniupnp is also running into the same issue -

https://github.com/RMerl/asuswrt-merlin.ng/issues/444

Actions

Also available in: Atom PDF