[SOLVED] uPNP + NAT = help ?

ciphercore · January 29, 2010, 4:18pm

I cannot seem to get uPNP working. I know I can just do this via firewall/nat rules, but thats not the point. I would like to be able to enable this, as we may start selling these units to customers (I work at a ISP)

I have a RB750G. It is being used as a basic NAT’d home router.
Ether1 is DHCP client (for wimax)
Ether2-master (DHCP server for private 192.168.0.1/24)
Ether3-4 slaves to Ether2

[admin@xxx] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; Forward Winbox to router
     chain=dstnat action=dst-nat to-addresses=192.168.0.1 to-ports=8291 protocol=tcp in-interface=ether1-gateway 
     dst-port=8291 

 1 X ;;; default configuration
     chain=srcnat action=log src-address=192.168.0.0/24 out-interface=ether1-gateway log-prefix="WINBOX-WAN" 

 2   ;;; default configuration
     chain=srcnat action=masquerade src-address=192.168.0.0/24 out-interface=ether1-gateway

[admin@xxx] > /ip upnp print
                           enabled: yes
  allow-disable-external-interface: no
                   show-dummy-rule: yes

Flags: X - disabled 
 #   INTERFACE                                                                                                     TYPE    
 0   ether1-gateway                                                                                                external
 1   ether2-local-master                                                                                           internal

When uPNP is working, is there an area that I can see the dynamic forwards created ?

ciphercore · February 1, 2010, 2:17pm

To clarify, I have not been able to get uPNP working on a basic nat’d setup.

ciphercore · February 3, 2010, 2:52pm

Anyone ?

fewi · February 3, 2010, 2:56pm

4.6 will contain a fix for at least XBox360 UPnP. Maybe wait for that release and try again.

ciphercore · February 3, 2010, 3:05pm

Thanks for the info fewi. I did not know of that issue. Perhaps they are related. Like I said, myself I don’t use uPNP, but I plan to sell these (750G’s)to customers… I need to be able to turn uPNP on.

ktw-matt · February 8, 2010, 3:48am

For what it’s worth, I’m having the same issue, but on a RB532 (older model RouterBOARD) running RouterOS 3.30.

I’ve tried a handful of ways to get it to work, but even still, my PlayStation 3 isn’t seeing the router’s UPnP.

ciphercore · February 8, 2010, 2:34pm

If anyone is using uPNP and has it working, please post your config.

ciphercore · February 8, 2010, 7:40pm

Looking like fewi was correct.

http://forum.mikrotik.com/t/xbox-live-and-ros-3-0rc13/17921/46

ciphercore · February 11, 2010, 7:00pm

So it looks like the pre4.6 didn’t fix my issue. On the off chance it was my firewall, I disabled all rules and upnp works. I have tracked it down to this rule:

12   ;;; default configuration
     chain=input action=drop

My question, is what rule(s) do I need before to enable nat’d clients to open ports via uPNP ?

ciphercore · February 11, 2010, 8:21pm

This rule fixed my issue

chain=input action=accept src-address=192.168.0.0/24

cata02 · April 26, 2010, 3:18am

you need to open 1900, udp, input chain, dst address 239.255.255.250 and tcp open 2828, input chain.

http://www.upnp-hacks.org/upnp.html

ciphercore · April 26, 2010, 12:37pm

thanks for the info.

noviy · August 24, 2015, 5:12pm

I used a similar rule, but faced with the problem that is described in a new topic - UPnP incorrect a response port. (ROS v6.31)