Community Forum

Resolved
0 votes
I've built and packaged MiniUPNP daemon so that it will work with ClearOS
http://miniupnp.free.fr/

It relies on your system being configured in gateway mode, it also has only been tested in a single WAN environment. MultiWAN is experimental and can be acheived by editing the config (/etc/miniupnpd/miniupnpd.conf) and iptables (see below)

This can be used as a direct replacement for LinuxIGD, which as a flaw whereby multiple rules will be created with the same port for multiple devices.

MiniUPNPD also supports NAT-PMP

INSTALL:-
Setup the community yum repo by following the instructions HERE
yum --enablerepo=timb install miniupnpd


Add the following code to /etc/rc.d/rc.firewall.local to create the MiniUPNPD tables, required so that after a firewall restart the tables do not disappear.
##
#MINIUPNPD required tables
##
IPTABLES=/sbin/iptables
#EXTIF= (not required as uses automagic to determine WAN, can be manually specified)
#adding the MINIUPNPD chain for nat
$IPTABLES -t nat -N MINIUPNPD
#adding the rule to MINIUPNPD
$IPTABLES -t nat -A PREROUTING -i $EXTIF -j MINIUPNPD

#adding the MINIUPNPD chain for filter
$IPTABLES -t filter -N MINIUPNPD
#adding the rule to MINIUPNPD
$IPTABLES -t filter -A FORWARD -i $EXTIF -o ! $EXTIF -j MINIUPNPD


Then review the config in /etc/miniupnpd/miniupnpd.conf - shouldn't need any changes....the External WAN is determined using the ClearOS automagic function.

Then restart the firewall to create the tables, and start the service
service firewall restart
service miniupnpd start


Voila! you should now have a functioning UPNP gateway device, you can check logs and entries by running
grep upnpd /var/log/messages
or
iptables -t nat -L MINIUPNPD -n -v
iptables -L MINIUPNPD -n -v


Enjoy :D
Saturday, November 27 2010, 11:26 PM
Share this post:
Responses (81)
  • Accepted Answer

    UrbanSk
    UrbanSk
    Offline
    Thursday, November 27 2014, 11:53 AM - #Permalink
    Resolved
    0 votes
    Any chance to get miniupnpd updated to the latest version?

    Regards,

    Urban
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, September 30 2014, 04:17 AM - #Permalink
    Resolved
    0 votes
    Thanks Nick, it was "allow 0-65535 192.168.0.0/16 0-65535" again! you would think that the miniupnpd package would have been updated for that now that it is mainstream. good news was auto magic worked.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, September 29 2014, 04:55 PM - #Permalink
    Resolved
    0 votes
    OK. I strongly recommend you give WHS a fixed IP of some sort. It can be done through the Leases section of the DHCP Server screen, in which case you can use anywhere between 192.168.0.2 and 192.168.7.254, or just by giving it a fixed IP in WHS, in which case you will need to have it in the range 192.168.1.2 - 192.168.1.0.

    If you are free to play with subnets at the moment, I also strongly recommend you avoid the 192.168.0.0/24 and 192.168.1.0/24 subnets. In your case, because you want such a large range, you could go to 192.168.8.0/21 or somewhere completely different.

    Did you read the thread I linked you to? I suspect you'll find your answer there.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, September 29 2014, 03:19 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:
    You have an odd configuration for your subnet. Presumably you subnet mask is 255.255.248.0 and you are reserving addresses from 192.168.0.1 to 192.168.1.0 for fixed IP's? You've got your gateway IP overlapping with your DHCP server range which is not a good idea. Which IP is your whs using?

    What is the output to:
    ifconfig | grep Eth -A 1


    Also you have the same warning as in this thread. Also look at the ports solution.


    I changed my ip address to 192.168.0.1 and gateway and dns to the same under dhcp.

    # ifconfig | grep Eth -A 1
    eth0 Link encap:Ethernet HWaddr 90:2B:34:XX:XX:XX
    inet addr:192.168.0.1 Bcast:192.168.7.255 Mask:255.255.248.0
    --
    eth1 Link encap:Ethernet HWaddr 90:2B:34:XX:XX:XX
    inet addr:66.182.XXX.52 Bcast:66.182.XXX.255 Mask:255.255.255.0

    My Lan is eth0 now set to 192.168.0.1, gateway 192.168.0.1, ip range start 192.168.1.1, ip range end 192.168.7.254, dns #1 192.168.1.1, netmask (Network/IP Settings) is 255.255.248.0

    correct, i'm reserving the lower reange. whs is using 192.168.4.204

    # iptables -t nat -L MINIUPNPD -n -v
    Chain MINIUPNPD (2 references)
    pkts bytes target prot opt in out source destination
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:51824 to:192.168.7.17:51824
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:63695 to:192.168.4.204:63695
    # iptables -L MINIUPNPD -n -v
    Chain MINIUPNPD (2 references)
    pkts bytes target prot opt in out source destination
    1 137 ACCEPT udp -- * * 0.0.0.0/0 192.168.7.17 udp dpt:51824
    4 548 ACCEPT udp -- * * 0.0.0.0/0 192.168.4.204 udp dpt:63695

    whs complains port forwarding is not configured correcctly on the router, and remote web access to your server is blocked...
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, September 28 2014, 07:44 AM - #Permalink
    Resolved
    0 votes
    You have an odd configuration for your subnet. Presumably you subnet mask is 255.255.248.0 and you are reserving addresses from 192.168.0.1 to 192.168.1.0 for fixed IP's? You've got your gateway IP overlapping with your DHCP server range which is not a good idea. Which IP is your whs using?

    What is the output to:
    ifconfig | grep Eth -A 1


    Also you have the same warning as in this thread. Also look at the ports solution.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, September 27 2014, 09:59 PM - #Permalink
    Resolved
    0 votes
    For some reason i can't get upnp to work, well at least my whs2011 can't configure its self to forward ports to its self.
    1) port forwarding is not configured correctly on the router.
    2) remote web access to your server is blocked

    I'm running ClearOS V6.5.
    set eth0 to be 192.168.1.1, gateway 192.168.1.1, ip range start 192.168.1.1, ip range end 192.168.7.254, dns #1 192.168.1.1
    set eth1 to dhcp and role as external

    Installed miniupnpd, added the fire wall stuff from first post to /etc/clearos/firewall.d/local:

    # grep upnpd /var/log/messages
    Sep 26 21:55:09 orion yum[27442]: Installed: miniupnpd-1.6.20120121-5.v6.x86_64
    Sep 26 22:01:27 orion miniupnpd: SNet version started
    Sep 26 22:01:27 orion miniupnpd[1077]: could not open lease file: /var/lib/miniupnpd/upnp.leases
    Sep 26 22:01:27 orion miniupnpd[1077]: HTTP listening on port 40186
    Sep 26 22:01:27 orion miniupnpd[1077]: Listening for NAT-PMP traffic on port 5351
    Sep 26 22:11:40 orion miniupnpd[1077]: received signal 15, good-bye
    Sep 26 22:11:40 orion miniupnpd: SNet version started
    Sep 26 22:11:40 orion miniupnpd[24066]: already expired lease in lease file
    Sep 26 22:11:40 orion miniupnpd[24066]: already expired lease in lease file
    Sep 26 22:11:40 orion miniupnpd[24066]: HTTP listening on port 42280
    Sep 26 22:11:40 orion miniupnpd[24066]: Listening for NAT-PMP traffic on port 5351
    Sep 26 22:16:12 orion miniupnpd[24066]: received signal 15, good-bye
    Sep 26 22:16:12 orion miniupnpd: SNet version started
    Sep 26 22:16:12 orion miniupnpd[1757]: already expired lease in lease file
    Sep 26 22:16:12 orion miniupnpd[1757]: already expired lease in lease file
    Sep 26 22:16:12 orion miniupnpd[1757]: HTTP listening on port 34953
    Sep 26 22:16:12 orion miniupnpd[1757]: Listening for NAT-PMP traffic on port 5351
    Sep 26 22:25:37 orion miniupnpd[1757]: received signal 15, good-bye
    Sep 26 22:25:37 orion miniupnpd: SNet version started
    Sep 26 22:25:37 orion miniupnpd[22810]: already expired lease in lease file
    Sep 26 22:25:37 orion miniupnpd[22810]: already expired lease in lease file
    Sep 26 22:25:37 orion miniupnpd[22810]: HTTP listening on port 57731
    Sep 26 22:25:37 orion miniupnpd[22810]: Listening for NAT-PMP traffic on port 5351
    Sep 26 22:37:25 orion miniupnpd[22810]: received signal 15, good-bye
    Sep 26 22:37:26 orion miniupnpd: SNet version started
    Sep 26 22:37:26 orion miniupnpd[16828]: already expired lease in lease file
    Sep 26 22:37:26 orion miniupnpd[16828]: already expired lease in lease file
    Sep 26 22:37:26 orion miniupnpd[16828]: HTTP listening on port 41820
    Sep 26 22:37:26 orion miniupnpd[16828]: Listening for NAT-PMP traffic on port 5351
    Sep 26 22:39:26 orion miniupnpd[16828]: received signal 15, good-bye
    Sep 26 22:40:05 orion miniupnpd: SNet version started
    Sep 26 22:40:05 orion miniupnpd[22905]: already expired lease in lease file
    Sep 26 22:40:05 orion miniupnpd[22905]: already expired lease in lease file
    Sep 26 22:40:05 orion miniupnpd[22905]: HTTP listening on port 58884
    Sep 26 22:40:05 orion miniupnpd[22905]: Listening for NAT-PMP traffic on port 5351
    Sep 26 22:54:16 orion miniupnpd[22905]: received signal 15, good-bye
    Sep 26 22:55:48 orion miniupnpd: SNet version started
    Sep 26 22:55:48 orion miniupnpd[2512]: already expired lease in lease file
    Sep 26 22:55:48 orion miniupnpd[2512]: already expired lease in lease file
    Sep 26 22:55:48 orion miniupnpd[2512]: HTTP listening on port 35623
    Sep 26 22:55:48 orion miniupnpd[2512]: Listening for NAT-PMP traffic on port 5351
    Sep 27 01:56:55 orion miniupnpd[2512]: received signal 15, good-bye
    Sep 27 01:56:55 orion miniupnpd: SNet version started
    Sep 27 01:56:55 orion miniupnpd[9641]: already expired lease in lease file
    Sep 27 01:56:55 orion miniupnpd[9641]: already expired lease in lease file
    Sep 27 01:56:55 orion miniupnpd[9641]: already expired lease in lease file
    Sep 27 01:56:55 orion miniupnpd[9641]: already expired lease in lease file
    Sep 27 01:56:55 orion miniupnpd[9641]: HTTP listening on port 45696
    Sep 27 01:56:55 orion miniupnpd[9641]: Listening for NAT-PMP traffic on port 5351


    # iptables -t nat -L MINIUPNPD -n -v
    Chain MINIUPNPD (2 references)
    pkts bytes target prot opt in out source destination
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:192.168.5.167:8000
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1025 to:192.168.5.167:1025
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:57024 to:192.168.4.61:57024
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:58880 to:192.168.4.61:58880
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:52066 to:192.168.2.69:52066

    # iptables -L MINIUPNPD -n -v
    Chain MINIUPNPD (2 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.167 tcp dpt:8000
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.167 tcp dpt:1025
    76 10412 ACCEPT udp -- * * 0.0.0.0/0 192.168.4.61 udp dpt:57024
    78 10686 ACCEPT udp -- * * 0.0.0.0/0 192.168.4.61 udp dpt:58880
    24 3288 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.69 udp dpt:52066
    The reply is currently minimized Show
  • Accepted Answer

    Robert
    Robert
    Offline
    Monday, July 08 2013, 10:00 PM - #Permalink
    Resolved
    0 votes
    Hi All,

    I wonder if somebody elso also observed that, but it takes always upto 30 minutes to show me the server and its content in Windows or Android. Is my server maybe to slow to prepare the data to send? Or is it taking longer and longer to show the servers content as more is on the server? I have about 500 songs and 20 movies on the server.

    Except this waiting thing everything else runs fine.

    Thanks for you help.

    Cheers

    Robert
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, July 02 2013, 06:38 PM - #Permalink
    Resolved
    0 votes
    Great man thank you!! :)

    As far as the lease file is concerned, there is no file in the path specified... can I just create a blank txt file with the same name and drop it into that directory?

    Update: I created the file and dropped it into that dir. Gave root full permissions and restarted the service.. no error.

    Works like a charm, I can see my PS3 by using

    iptables -L MINIUPNPD -n -v
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, July 02 2013, 06:21 PM - #Permalink
    Resolved
    0 votes
    That is the 5.x file location. For 6.x use /etc/clearos/firewall.d/local.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, July 02 2013, 04:52 PM - #Permalink
    Resolved
    0 votes
    Hi Everyone,

    I am using the newest flavor of Clearos and wanted to get upnp to work properly. I seem to be having some issues.

    First off I do not have a firewall file /etc/rc.d/rc.firewall.local.

    I ran the install using the Clearos 6 repo and not Tim's.. it installed ok.

    When I check the log file I see the following..

    Jul 1 04:04:14 wall yum[19603]: Installed: miniupnpd-1.6.20120121-4.v6.x86_64
    Jul 2 12:26:06 wall miniupnpd: SNet version started
    Jul 2 12:26:06 wall miniupnpd[18706]: could not open lease file: /var/lib/miniupnpd/upnp.leases
    Jul 2 12:26:06 wall miniupnpd[18706]: HTTP listening on port 44247
    Jul 2 12:26:06 wall miniupnpd[18706]: Listening for NAT-PMP traffic on port 535

    I can play xbox and ps3 online, however I always could even before installing the service. So it appears that it is not truly opening up ports.

    Any ideas?
    The reply is currently minimized Show
Your Reply