Bug #4500
closed
UPnP/NAT-PMP status page does not display all port mappings
100%
Description
It seems that some miniupnp entries are not parsed correctly and therefore not displayed in the Status page.
[2.2-RELEASE][root@edge.ddenis.local]/root: /sbin/pfctl -aminiupnpd -sn rdr quick on re0 inet proto udp from any to any port = 4501 keep state label "NAT-PMP 4501 udp" rtable 0 -> 10.68.68.103 port 4500 rdr quick on re0 inet proto udp from any to any port = 16403 keep state label "NAT-PMP 16403 udp" rtable 0 -> 10.68.68.103 port 16402 rdr quick on re0 inet proto udp from any to any port = 63687 keep state label "Transmission at 63687" rtable 0 -> 10.68.68.5 port 63687 rdr quick on re0 inet proto udp from any to any port = 51413 keep state label "Transmission at 51413" rtable 0 -> 10.68.68.5 port 51413 rdr quick on re0 inet proto tcp from any to any port = 9283 keep state label "NAT-PMP 9283 tcp" rtable 0 -> 10.68.68.5 port 4242 rdr quick on re0 inet proto udp from any to any port = 37370 keep state label "PAX UDP port mapping" rtable 0 -> 10.68.68.108 rdr quick on re0 inet proto tcp from any to any port = 37370 keep state label "PAX UDP port mapping" rtable 0 -> 10.68.68.108 rdr quick on re0 inet proto tcp from any to any port = 37899 keep state label "NAT-PMP 37899 tcp" rtable 0 -> 10.68.68.103 port 37899 rdr quick on re0 inet proto udp from any to any port = 37899 keep state label "NAT-PMP 37899 udp" rtable 0 -> 10.68.68.103 port 37899 rdr quick on re0 inet proto udp from any to any port = 4503 keep state label "NAT-PMP 4503 udp" rtable 0 -> 10.68.68.100 port 4500 rdr quick on re0 inet proto tcp from any to any port = 24031 keep state label "Plex Media Server" rtable 0 -> 10.68.68.5 port 32400 rdr quick on re0 inet proto udp from any to any port = 4502 keep state label "NAT-PMP 4502 udp" rtable 0 -> 10.68.68.5 port 4500 rdr quick on re0 inet proto tcp from any to any port = 51517 keep state label "Transmission at 51517" rtable 0 -> 10.68.70.100 port 51517 rdr quick on re0 inet proto udp from any to any port = 51517 keep state label "Transmission at 51517" rtable 0 -> 10.68.70.100 port 51517 rdr quick on re0 inet proto udp from any to any port = 37371 keep state label "PAX UDP port mapping" rtable 0 -> 10.68.68.108 rdr quick on re0 inet proto tcp from any to any port = 37371 keep state label "PAX UDP port mapping" rtable 0 -> 10.68.68.108 rdr quick on re0 inet proto tcp from any to any port = 63687 keep state label "NAT-PMP 63687 tcp" rtable 0 -> 10.68.68.5 port 63687 rdr quick on re0 inet proto udp from any to any port = 32785 keep state label "PCP MAP b33ebda616da3be8aa2188c8" rtable 0 -> 10.68.68.108 port 4500 rdr quick on re0 inet proto udp from any to any port = 32786 keep state label "PCP MAP b33ebda616da3be8aa2188c8" rtable 0 -> 10.68.68.108 port 5353 rdr quick on re0 inet proto tcp from any to any port = 51413 keep state label "NAT-PMP 51413 tcp" rtable 0 -> 10.68.68.5 port 51413
See line 6 which doesn't end with "port". See the attached screenshot how pfsense displays it
Files
Updated by Chris Buechler over 6 years ago
- Tracker changed from Feature to Bug
- Project changed from pfSense Packages to pfSense
- Category set to UPnP/NAT-PMP
- Status changed from New to Confirmed
- Affected Version set to All
Updated by Kris Phillips 11 months ago
I'm unable to reproduce this on pfSense Plus 22.01 with my UPnP table. I'm assuming that with UI changes since 2.3 that this was fixed along the way.
Updated by Jim Pingle 11 months ago
It's still possible to have multiple problems here. Though it may take some manual fiddling with upnpc and/or gupnp to make it happen.
The regex on the page still expects that "port" string as required, and it may not always be there as shown in the output above.
Additionally, the "label" part may be missing as well but is also required by the regex pattern.
If you make a UPnP entry without a description in a client like gupnp, the rule comes out like this:
rdr pass quick on vtnet0 inet proto tcp from any to any port = 12345 keep state rtable 0 -> 10.163.0.100 port 12345
You can get a similar rule without a label using upnpc as follows:
upnpc -e '' -r 12344 udp
Updated by Ryan Adams 7 months ago
I have this same issue, caused both when the "label" on a rule is missing OR in my case when the rule allows only from a specific source and not "any". It seems the current regex is to narrow to match these cases.
on (?P<iface>.*) inet proto (?P<proto>.*) from any to (?P<extaddr>.*) port = (?P<extport>.*) keep state label \"(?P<descr>.*)\" rtable [0-9] -> (?P<intaddr>.*) port (?P<intport>.*)
rdr pass quick on em0 inet proto tcp from 1.2.3.4 to any port = 2345 keep state label "test1" rtable 0 -> 192.168.10.106 port 2345 rdr pass quick on vtnet0 inet proto tcp from any to any port = 12345 keep state rtable 0 -> 10.163.0.100 port 12345
My suggestion is to update the regex to:
on (?P<iface>.*) inet proto (?P<proto>.*) from (?P<srcaddr>.*) to (?P<extaddr>.*) port = (?P<extport>.*) keep state (label \"(?P<descr>.*)\" )?rtable [0-9] -> (?P<intaddr>.*) port (?P<intport>.*)
which should catch all of these cases.
Updated by Ryan Adams 7 months ago
I've just submitted a pull request to fix both of these issues: https://github.com/pfsense/pfsense/pull/4610
Updated by Jim Pingle 7 months ago
- Status changed from Confirmed to Pull Request Review
- Assignee set to Jim Pingle
- Target version set to 2.7.0
- Plus Target Version set to 22.11
Updated by Jim Pingle 7 months ago
Tested the PR and it worked well for that last problem case I mentioned. PR will be merged shortly. Thanks!
Updated by Jim Pingle 7 months ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset 67f0518a9a00b6709e997b55b569926ef22c109d.
Updated by Kris Phillips 7 months ago
Tested and seems to apply and work fine here.
Updated by Jim Pingle 5 months ago
- Plus Target Version changed from 22.11 to 23.01
Updated by Jim Pingle 3 months ago
- Subject changed from Some miniupnp port mappings are not displayed in the Status page to UPnP/NAT-PMP status page does not display all port mappings
Updating subject for release notes.