Page 1 of 1

Incorrect Upnp entries when using VLANs in a bridge. What's missing?

Posted: Mon Jun 11, 2018 2:50 pm
by Chiverel
Hi,

I face a problem with dynamic Upnp rules created by my RB2011 running Ros6.42.3. Setup is following:
  • Upnp is on
  • eth2 is a wan port; it is the only external inteface in upnp settings
  • there is a bridge, containing VLAN and a number of ports. Setup is working properly (lan, internet access etc), 192.168.10.1 is set as IP on vlan. VLAN is an internal interface in upnp settings according to a wiki note.

Print
  
ip upnp interfaces print 
Flags: X - disabled, D - dynamic 
 #   INTERFACE                                                                                        TYPE     FORCED-IP      
 0   eth2-isp                                                                                         external
 6   vid222-guest                                                                                     internal
 7   vid10-home-wireless                                                                              internal
 8   vid10-home-wired                                                                                 internal

ip firewall nat print 
Flags: X - disabled, I - invalid, D - dynamic 
 2  D ;;; upnp 192.168.10.aaa: Transmission/2.92 at 192.168.10.aaa:BBBB
      chain=dstnat action=dst-nat to-addresses=192.168.10.aaa to-ports=BBBB protocol=tcp dst-address=192.168.10.1 
      in-interface=vid10-home-wired dst-port=CCCC 

 3    ;;; static
      chain=dstnat action=dst-nat to-addresses=192.168.10.aaa to-ports=BBBB protocol=tcp dst-port=CCCC log=no log-prefix="" 

The rule #2 is dynamic, then it is copied into rule #3 with removing VLAN ip as "dst-address" and vlan itself as "in-interface". Traffic is counting on #3 only which is expected with such settings.

Upnp worked properly when I had just bridges without any vlans. How to make MT creating proper dynamic entries now? Thanks.

Re: Incorrect Upnp entries when using VLANs in a bridge. What's missing?

Posted: Mon Jun 11, 2018 3:29 pm
by 2frogs
What happens when you add the Bridge to the upnp interface also?

Re: Incorrect Upnp entries when using VLANs in a bridge. What's missing?

Posted: Mon Jun 11, 2018 4:02 pm
by Chiverel
Thanks for a quick reply.
Rules are created exactly the same way. Using vlan IP and in-interface. Basically I was going the opposite way: I had both bridge and vlan in the Upnp -> internal interfaces; then disabled bridge there and that didn't improve the situation.

Re: Incorrect Upnp entries when using VLANs in a bridge. What's missing?

Posted: Mon Jun 11, 2018 4:22 pm
by 2frogs
I am guessing leaving just the Bridge doesn’t work either.

If not email support and include a supout. It looks to be treating the vlan as an external interface instead of internal...

Re: Incorrect Upnp entries when using VLANs in a bridge. What's missing?

Posted: Mon Jun 11, 2018 4:51 pm
by Chiverel
Ok, thanks for the hint. I'll try to reproduce the case on another device and provide supout from that box. I'm a bit unsure to send such data from my main router.

Re: Incorrect Upnp entries when using VLANs in a bridge. What's missing?

Posted: Fri Jun 15, 2018 1:48 pm
by Chiverel
There was some glitch with that RB. I've checked upnp replies from router even when disabled external interface or upnp completely. Reply contained information about 2 WANConnectionDevices. One of those had that vlan address as an external IP. It seems like some process got stuck and haven't received configuration updates. Not sure why, but some apps used one or another WANConnectionDevice entry and thus several NAT rules were created properly even with a glitch.

The only thing that helped me was a router reboot. UPNP configuration was sent out properly afterwards and new NAT rules appeared correctly.