Feature #1835
closeduPNP IPv6 support
Added by Chris Buechler over 13 years ago. Updated about 9 years ago.
0%
Description
uPNP needs IPv6 support.
Files
miniupnpd.zip (61.8 KB) miniupnpd.zip | Daniel Becker, 03/03/2015 01:20 PM |
Updated by Seth Mos over 13 years ago
Thread in the miniupnp forum here.
http://miniupnp.tuxfamily.org/forum/viewtopic.php?t=728
This will take a while before the port is upto speed. From glancing the thread the firewall does have host options but not port options. That would be silly. More investigation.
Version 1.5.20110515 does have some IPv6 support.
http://miniupnp.tuxfamily.org/forum/viewtopic.php?t=69
We should be able to enable this after the 2.0 release after we update.
Updated by Chris Buechler over 13 years ago
probably will have to add a new port for miniupnpd-v6 or similar, as we're going to keep RELENG_2_0 snapshot builders going for likely 2.0.1, etc. releases. or else tag tools with RELENG_2_0, that may be better.
Updated by Seth Mos about 13 years ago
The newer miniupnpd is going forward with more then just the ipv6 firewall control bits. It also fixes and enhances quite a few other features such as the connection status.
Going to import the new one, we can always roll back.
Updated by Seth Mos almost 13 years ago
- Status changed from New to Resolved
Newer miniupnpd is included, another open ticket for the latest import though.
Updated by Jim Pingle over 12 years ago
- Status changed from Resolved to New
The newer miniupnpd does support it, but produces errors when it's enabled and run. It compiles OK, but doesn't function. Still needs investigation.
Updated by Denis Dzyubenko almost 10 years ago
Is there an update on this? I am running pfsense 2.2 but it seems upnp here still doesn't support ipv6 :(
Updated by Daniel Becker almost 10 years ago
There's a patch to enable IPv6 in miniupnpd in issue #4321, but so far it doesn't look like anybody's looked at it.
Updated by Daniel Becker almost 10 years ago
- File miniupnpd.zip miniupnpd.zip added
Updated by Denis Dzyubenko almost 10 years ago
I just tried this binary and I see no changes between this and the original miniupnpd in pfsense 2.2
Actually after investigating it more it seems the issue is that the traffic is blocked by pf. I am not sure how miniupnpd supposed to work here, is there a script somewhere that adds pf entries forwarding incoming traffic?
After adding "pass incoming ipv6 tcp to all ports" rule in the pfsense gui everything seems to work, so I guess the issue is with the rules but not miniupnpd itself.
Updated by Denis Dzyubenko almost 10 years ago
Denis Dzyubenko wrote:
I just tried this binary and I see no changes between this and the original miniupnpd in pfsense 2.2
Actually after investigating it more it seems the issue is that the traffic is blocked by pf. I am not sure how miniupnpd supposed to work here, is there a script somewhere that adds pf entries forwarding incoming traffic?
After adding "pass incoming ipv6 tcp to all ports" rule in the pfsense gui everything seems to work, so I guess the issue is with the rules but not miniupnpd itself.
ah I see in the miniupnpd source code the rules are created there, not with any external scripts. Well I guess ipv6 rules do not work yet :(
Updated by Denis Dzyubenko almost 10 years ago
Denis Dzyubenko wrote:
Denis Dzyubenko wrote:
I just tried this binary and I see no changes between this and the original miniupnpd in pfsense 2.2
Actually after investigating it more it seems the issue is that the traffic is blocked by pf. I am not sure how miniupnpd supposed to work here, is there a script somewhere that adds pf entries forwarding incoming traffic?
After adding "pass incoming ipv6 tcp to all ports" rule in the pfsense gui everything seems to work, so I guess the issue is with the rules but not miniupnpd itself.
ah I see in the miniupnpd source code the rules are created there, not with any external scripts. Well I guess ipv6 rules do not work yet :(
Disclaimer: I am very new to FreeBSD and PF. I am clearly misunderstanding something, even for ipv4 connections there are no rules created that are visible with "pfctl -sr", but there are some state table entries on the affected ports in "pfctl -ss" for both ipv4 and ipv6 addresses. I am giving up for now though, I need to learn PF before I can investigate this further.
Updated by Daniel Becker almost 10 years ago
If you do a "sockstat" with the new binary running, you should see that it's now listening on v4 and v6 sockets, where the original binaries listens on v4 sockets only.
To see the rules created by miniupnpd, you can do "pfctl -a miniupnpd -s rules" / "pfctl -a miniupnpd -s nat". You will obviously need a client that actually tries to generate v6 pinholes in the first place, though, which I'm not sure there are a whole lot of in the wild.
Updated by Renato Botelho about 9 years ago
- Assignee set to Renato Botelho
- Target version set to 2.3
Updated by Jim Pingle about 9 years ago
- Status changed from New to Resolved
Duplicated by #4321 but a fix was committed on that ticket rather than this one. It's already set to Feedback.