UPNP -> which port are open?

losty · March 8, 2020, 5:40pm

Hi all

Let’s assume I have UPNP stuff enabled. Is there any way in RouterOS to see which ports are currently open/forwarded via UPNP?

Thanks in advance,
Losty

freemannnn · March 8, 2020, 5:52pm

I remember when i was testing this feature that you can see automatic rules created by upnp in FIREWALL-NAT

anav · March 8, 2020, 6:46pm

https://www.grc.com/x/ne.dll?bh0bkyd2

Use the Shieldup tool to check port status.
Besides Port queries, Steve Gibson has other tests such as UPNP exposure.

inteq · March 8, 2020, 8:00pm

As freemannnn stated, you can see the automatically created rules in Firewall/NAT, with the comment starting with “upnp”
If you do not see any such rules, go to IP/UPnP, disable the service, delete all your upnp interfaces and recreate them. Enable the service. See http://forum.mikrotik.com/t/solved-upnp-seems-not-working-with-pppoe/93802/1

losty · March 9, 2020, 10:27am

Thanks for that info.

Hmm.. I checked Firewall → NAT, but no UPNP rules there. Is this realistic? I would expect some running Spotify or Tidal app or FireTV to have open some port here, does it?

I also disabled and re-enabled UPNP and interfaces as suggested in you link → still the same. Is there some service port (e.g. 1900/SSDP ?) I need to explicitly enable? Couldn’t find any particular setting for this. At least the firewall should already allow all traffic from the internal network to the router…

normis · March 9, 2020, 10:33am

Spotify and Tidal should not be opening any ports. This us mostly used by programs that need inbound connections, not music services.

inteq · March 9, 2020, 11:25am

You can test your upnp with https://www.xldevelopment.net/upnpwiz.php ( https://www.virustotal.com/gui/file/817c2ac62b3fa4315d0129cf1117a22c771f3ffeadea01bc8e398d1579fb1a6d/detection )
The tool allows for test upnp rules creation on your router and it works with mikrotik.

losty · March 9, 2020, 7:00pm

Thanks for the hint. Unfortunately I have only some macs and linuxs around here, so couldn’t use UPNP Wizard (obviously Windows only), but googled a bit and found https://github.com/kaklakariada/portmapper should basically do the same but platform-independend and it also has extensive log output:

> java -jar portmapper-2.2.0.jar -add -externalPort 4321 -internalPort 4321 -protocol tcp
19:35:09.706 [main] INFO  org.chris.portmapper.PortMapperCli - Creating router factory for class org.chris.portmapper.router.cling.ClingRouterFactory
19:35:09.711 [main] DEBUG org.chris.portmapper.PortMapperCli - Creating a new instance of the router factory class org.chris.portmapper.router.cling.ClingRouterFactory
19:35:09.734 [main] INFO  org.chris.portmapper.PortMapperCli - Searching for routers...
19:35:09.734 [main] DEBUG o.c.p.r.cling.ClingRouterFactory - System property 'portmapper.locationUrl' not defined: discover routers automatically.
19:35:09.776 [main] INFO  org.fourthline.cling.UpnpServiceImpl - >>> Starting UPnP service...
19:35:09.776 [main] INFO  org.fourthline.cling.UpnpServiceImpl - Using configuration: org.fourthline.cling.DefaultUpnpServiceConfiguration
19:35:09.794 [main] INFO  o.fourthline.cling.transport.Router - Creating Router: org.fourthline.cling.transport.RouterImpl
19:35:09.802 [main] INFO  o.f.c.t.spi.MulticastReceiver - Creating wildcard socket (for receiving multicast datagrams) on port: 1900
19:35:09.808 [main] INFO  o.f.c.t.spi.MulticastReceiver - Joining multicast group: /239.255.255.250:1900 on network interface: en0
19:35:09.837 [main] INFO  o.f.cling.transport.spi.StreamServer - Created server (for receiving TCP streams) on: /10.41.42.112:62353
19:35:09.839 [main] INFO  o.f.cling.transport.spi.DatagramIO - Creating bound socket (for datagram input/output) on: /10.41.42.112
19:35:09.846 [main] INFO  org.fourthline.cling.UpnpServiceImpl - <<< UPnP service started successfully
19:35:09.846 [main] DEBUG o.c.p.r.cling.ClingRouterFactory - Start searching using upnp service
19:35:10.852 [cling-9] WARN  o.f.c.p.RetrieveRemoteDescriptors - Could not hydrate device or its services from descriptor: (RemoteDevice) Identity: (RemoteDeviceIdentity) UDN: uuid:6f909190-31c2-4ff4-a819-ddd2badb0e38, Descriptor: http://10.41.42.5:49152/description.xml, Root: true
19:35:10.852 [cling-14] WARN  o.f.c.p.RetrieveRemoteDescriptors - Could not hydrate device or its services from descriptor: (RemoteDevice) Identity: (RemoteDeviceIdentity) UDN: uuid:6f909190-31c2-4ff4-a819-ddd2badb0e38, Descriptor: http://10.41.42.5:49152/description.xml, Root: true
19:35:10.853 [cling-9] WARN  o.f.c.p.RetrieveRemoteDescriptors - Cause was: org.fourthline.cling.model.types.InvalidValueException: Can't parse device type string (namespace/type/version): upnp:rootdevice
19:35:10.853 [cling-14] WARN  o.f.c.p.RetrieveRemoteDescriptors - Cause was: org.fourthline.cling.model.types.InvalidValueException: Can't parse device type string (namespace/type/version): upnp:rootdevice
19:35:11.511 [cling-9] DEBUG o.c.p.r.cling.ClingRegistryListener - Found service of wrong type urn:schemas-upnp-org:device:fritzbox:1, expected urn:schemas-upnp-org:device:InternetGatewayDevice:1.
19:35:11.888 [cling-6] DEBUG o.c.p.r.cling.ClingRegistryListener - Found service of wrong type urn:schemas-upnp-org:device:avm-aha:1, expected urn:schemas-upnp-org:device:InternetGatewayDevice:1.
19:35:11.889 [cling-7] WARN  o.f.c.p.RetrieveRemoteDescriptors - Could not hydrate device or its services from descriptor: (RemoteDevice) Identity: (RemoteDeviceIdentity) UDN: uuid:6f909190-31c2-4ff4-a819-ddd2badb0e38, Descriptor: http://10.41.42.5:49152/description.xml, Root: true
19:35:11.889 [cling-7] WARN  o.f.c.p.RetrieveRemoteDescriptors - Cause was: org.fourthline.cling.model.types.InvalidValueException: Can't parse device type string (namespace/type/version): upnp:rootdevice
19:35:13.062 [cling-12] WARN  o.f.c.p.RetrieveRemoteDescriptors - Could not hydrate device or its services from descriptor: (RemoteDevice) Identity: (RemoteDeviceIdentity) UDN: uuid:6f909190-31c2-4ff4-a819-ddd2badb0e38, Descriptor: http://10.41.42.5:49152/description.xml, Root: true
19:35:13.062 [cling-12] WARN  o.f.c.p.RetrieveRemoteDescriptors - Cause was: org.fourthline.cling.model.types.InvalidValueException: Can't parse device type string (namespace/type/version): upnp:rootdevice
19:35:14.859 [main] DEBUG o.c.p.r.cling.ClingRouterFactory - Did not find a service after 5 seconds
19:35:14.859 [main] ERROR org.chris.portmapper.PortMapperCli - Found no router
19:35:14.859 [main] ERROR org.chris.portmapper.PortMapperCli - No router found: exit

He actually found some UPNP devices, but none of them being the Mikrotik Router (That FritzBox is just for SmartHome and Voip).

Internet should be provided by a Mikrotik CCR on 10.41.42.1, but obviously UPNP is not working then, correct?

Since I see multicast-magic going on here: do I need some special setting there? Generally multicast should be working - I remember setting this up for my TV service (which is still working fine).