Hi, thank you for this great job!
As frager has already said the script does not work out of the box.
It would be nice if someone update the script on the google page.
Because this is a true alternative to the standard UPNP daemon in DD-Wrt.
I have the MINIUPNPD usually used behind the ESTABLISHED rule in the FORWARD chain. I think it's better than the rule set to the top of the FORWARD chain, as frager has said it.
I find that this is a real alternative, especially so because my media server works properly with MINIUPNPD. It is incompatible with the standard DD-WRT UPNP and I always had to do everything manually.
Thanks for this good work. Keep on running the thing, I like it . _________________ Netgear WNR834B v2 - Eko build v24-sp2 15943M mini NEWD K2.4 (running MINIUPNPD)
Tested with BS 15943 mini build with my 32/1 line over wireless:
Hello, I just tried this script, but when I test with Vuze (torrent client) with a computer in the LAN, the ports still seem blocked. The built-in UPnP doesn't have this problem. Vuze supports both UPnP and NAT-PMP, and neither modes seem to be able to get past Miniupnp.
So to reproduce, I disable the built-in DD-WRT UPnP.
I then run the miniupnpd.sh script as described in this thread.
The console text implies everything is working. But when I actually go to Vuze, Vuze still seems unhappy.
Here is my output of iptables:
iptables -L MINIUPNPD
I then run the Vuze NAT/Firewall test to further see what's going on. I arbitrarily pick another port, 60888
If I run iptables again, I see the new entry:
iptables -L MINIUPNPD
Chain MINIUPNPD (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 192.168.0.11 udp dpt:60881
ACCEPT tcp -- anywhere 192.168.0.11 tcp dpt:60881
ACCEPT tcp -- anywhere 192.168.0.11 tcp dpt:6969
ACCEPT tcp -- anywhere 192.168.0.11 tcp dpt:60888
But Vuze is still unhappy and eventually times out after 20 seconds saying the port is blocked.
Now if I kill miniupnp or reboot and go back to the built-in UPnP, Vuze is really happy. For comparison, the web gui looks like this:
Azureus UPnP 60881 UDP Yes 60881 60881 192.168.0.11 UDP
Azureus UPnP 60881 TCP Yes 60881 60881 192.168.0.11 TCP
Azureus UPnP 6969 TCP Yes 6969 6969 192.168.0.11 TCP
When I run the test on 60888, it also appears there.
For miniupnp, I also tried applying the -A/-I fix mentioned a few posts earlier in this thread, but saw no difference.
I would like to use miniupnp because I use Macs and would like to move to NAT-PMP.
Any ideas why the iptables looks okay, but the ports still seem to be blocked?
I am running:
DD-WRT v24-sp2 (06/09/10) mini-usb - build 14583M NEWD Eko
In addition to changing the -A to -I in:
$IPT -t filter -A FORWARD -i $WAN -o ! $WAN -j MINIUPNPD
I also changed the line from -A to -I in:
$IPT -t nat -A PREROUTING -i $WAN -j MINIUPNPD
Once I did that, things started working. I hope this was the right thing to do.
Now I am trying to automatically start this up. My understanding from this thread is it must come after the firewall goes up. So is running this in a .wanup script the correct thing to do?
In addition to changing the -A to -I in:
$IPT -t filter -A FORWARD -i $WAN -o ! $WAN -j MINIUPNPD
I also changed the line from -A to -I in:
$IPT -t nat -A PREROUTING -i $WAN -j MINIUPNPD
Once I did that, things started working. I hope this was the right thing to do.
Now I am trying to automatically start this up. My understanding from this thread is it must come after the firewall goes up. So is running this in a .wanup script the correct thing to do?
Thanks
Hi,
just do this to the firewall startscript from page 1 from this thread.
It will simply delete the wrong rule and set it to the top of the forward chain.
For me "eth1" is wan port, just use your interface in the script and all should be working. _________________ Netgear WNR834B v2 - Eko build v24-sp2 15943M mini NEWD K2.4 (running MINIUPNPD)
Tested with BS 15943 mini build with my 32/1 line over wireless:
Posted: Sun Jul 18, 2010 15:16 Post subject: Nice Blog!
ewmailing,
Thanks for the link to your blog. You explained the issue quite well. I have encountered dd-wrt's UPnP bug (or is it dd-wrt's fault?) on every build, including the latest June 2010 beta. The daemon appears to hang and stop forwarding ports. A router re-boot fixes it temporarily.
When are you going to add the MiniUPnP howto?
I'm looking for the newbie step-by-step instructions since I haven't used the telnet command line interface yet with dd-wrt.
(However, I am very LINUX savvy... )
EDIT: Just followed the code on page 1 of this thread once I figured out how to log into the router via telnet. My issue was logging in (correct user & password). Next I googled howto create the firewall script, which was extremely easy using the web interface. Even had a "Save Firewall" button!
Further update: Vuze test NAT fails even with the MINIUPNPD FORWARD table fix. However, Vuze reports successful port mappings when I start it up! I noticed that 2 FORWARD table entries exist when deleting and adding; one MINIUPNPD at the top, and one at the bottom. Doesn't seem to have any effect if maually delete the last duplicate entry with;
iptables -D FORWARD 12
(The duplicate is the 12 entry.)
Thanks for the feedback. If you jump to the end of my blog (like part 9 and 10), you see that I run into trouble again with the forwarding rules. Maybe you solved that problem. But I gave up and switched to Tomato since MiniUPnP is built-in.
ewmailing,
Excellent addition to your blog. I'm with you entirely on the switch to Tomato. I'm going to do that today. I spent a few hours trying to get miniupnp to work on DD-WRT, but to no avail. If I manually forward the Vuze port, Vuze is happy (NAT test succeeds). I have a teenager in the family who is an avid gamer. I don't want to spend a great deal of time manually forwarding ports and then disabling them afterwards.
Although iptables is well documented, I also don't want to become an expert on that topic either unless some company pays me for it. After all, distros like Ubuntu & Fedora provide GUIs for it.
I hope the DD-WRT developers do change their attitude towards UPnP and fix the issue.
Joined: 24 Feb 2009 Posts: 2026 Location: Sol System > Earth > USA > Arkansas
Posted: Sat Aug 24, 2013 20:52 Post subject:
To make people aware, the binaries in this thread are for the 2.4 kernel only. For those that use optware, there is a miniupnpd package that works for the 2.6 kernels.
Code:
ipkg install miniupnpd
The above command should be enough to get the working executable on your system. The file will then be located at "/opt/sbin/miniupnpd". _________________ E3000 22200M KongVPN K26
WRT600n v1.1 refirb mega 18767 BS K24 NEWD2 [not used]
WRT54G v2 16214 BS K24 [access point]
Try Dropbox for syncing files - get 2.5gb online for free by signing up.
Read! Peacock thread
*PLEASE* upgrade PAST v24SP1 or no support.
Joined: 24 Feb 2009 Posts: 2026 Location: Sol System > Earth > USA > Arkansas
Posted: Wed Oct 30, 2013 1:55 Post subject:
Not a problem autobot. I still have not gotten miniupnpd to work. (But then I have not spent that much time on it either.)
I will probably begin some more testing here in the near future to see if I can get miniupnpd to work for me. _________________ E3000 22200M KongVPN K26
WRT600n v1.1 refirb mega 18767 BS K24 NEWD2 [not used]
WRT54G v2 16214 BS K24 [access point]
Try Dropbox for syncing files - get 2.5gb online for free by signing up.
Read! Peacock thread
*PLEASE* upgrade PAST v24SP1 or no support.
To make people aware, the binaries in this thread are for the 2.4 kernel only. For those that use optware, there is a miniupnpd package that works for the 2.6 kernels.
Code:
ipkg install miniupnpd
The above command should be enough to get the working executable on your system. The file will then be located at "/opt/sbin/miniupnpd".
How do we get the latest version, 1.8? I just installed OTRW2 as I thought that would be up-to-date but it is still using the old version:
Code:
ipkg list | grep miniupnpd
miniupnpd - 1.4.20100921-1 - A lightweight uPNP and NAT-PMP daemon