Community discussions

 
User avatar
stunpix
just joined
Topic Author
Posts: 6
Joined: Tue Dec 15, 2015 2:49 pm

[SOLVED] UPnP seems not working with PPPoE

Tue Dec 15, 2015 3:47 pm

Hi,

I need advice about my network configuration. For me it looks like I have not working UPnP over PPPoE despite I have set internet access correctly and all my devices in LAN have access to internet.

Configuration looks OK (I've compared it with different guides), but it doesn't work: all my torrent clients in LAN are failing to check incoming connections. Of course all of them have UPnP NAT settings enabled.

I'd added firewall rules to log these incoming connections from PPPoE iface and they were captured, but never reached LAN clients.

RouterOS and H/W:
        routerboard: yes
             model: 951G-2HnD
     serial-number: XXXXXX
     firmware-type: ar9344
  current-firmware: 3.24
  upgrade-firmware: 3.24
  
[admin@MikroTik] > system package print 
Flags: X - disabled 
 #   NAME                   VERSION      SCHEDULED              
 0   routeros-mipsbe        6.33.3
 1   system                 6.33.3
 2 X wireless-cm2           6.33.3
 3 X ipv6                   6.33.3
 4   wireless-fp            6.33.3
 5   hotspot                6.33.3
 6   dhcp                   6.33.3
 7   mpls                   6.33.3
 8   routing                6.33.3
 9   ppp                    6.33.3
10   security               6.33.3
11   advanced-tools         6.33.3
Here is interface list:
[admin@MikroTik] > interface print                                                         
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                 TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU MAC-ADDRESS      
 0  R  ether1-gateway        ether       1500     1598       4074 
 1  RS ether2-master-local   ether       1500     1598       4074 
 2  RS ether3-slave-local    ether       1500     1598       4074 
 3   S ether4-slave-local    ether       1500     1598       4074 
 4   S ether5-slave-local    ether       1500     1598       4074 
 5  XS wlan1                 wlan        1500     1600            
 6  R  bridge-local          bridge      1500     1598            
 7  R  pppoe-isp             pppoe-out   1480
PPP interface and profiles:
[admin@MikroTik] > interface pppoe-client print
Flags: X - disabled, R - running 
 0  R name="pppoe-isp" max-mtu=1480 max-mru=1480 mrru=1600 interface=ether1-gateway user="XXXX" password="XXXXX" profile=enc-mss-upnp-comp keepalive-timeout=60 service-name="" ac-name="" add-default-route=yes 
      default-route-distance=1 dial-on-demand=no use-peer-dns=yes allow=pap,chap,mschap1,mschap2 

[admin@MikroTik] > ppp profile print
Flags: * - default 
 0 * name="default" use-mpls=default use-compression=yes use-encryption=yes only-one=default change-tcp-mss=yes use-upnp=yes address-list="" on-up="" on-down="" 

 1   name="enc-mss-upnp-comp" use-mpls=default use-compression=yes use-encryption=yes only-one=default change-tcp-mss=yes use-upnp=default address-list="" on-up="" on-down="" 

 2 * name="default-encryption" use-mpls=default use-compression=default use-encryption=yes only-one=default change-tcp-mss=yes use-upnp=default address-list="" on-up="" on-down="" 
UPnP settings:
[admin@MikroTik] > ip upnp print 
                           enabled: yes
  allow-disable-external-interface: yes
                   show-dummy-rule: yes

[admin@MikroTik] > ip upnp interfaces print 
Flags: X - disabled, D - dynamic 
 #   INTERFACE          TYPE     FORCED-IP      
 0   bridge-local       internal
 1   pppoe-isp          external
Firewall and NAT rules:
[admin@MikroTik] > ip firewall filter print 
Flags: X - disabled, I - invalid, D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward 

 1    ;;; default configuration
      chain=input action=accept protocol=icmp log=no log-prefix="" 

 2    ;;; default configuration
      chain=input action=accept connection-state=established,related log=no log-prefix="" 

 3    ;;; default configuration
      chain=input action=drop in-interface=ether1-gateway log=no log-prefix="" 

 4    chain=input action=drop in-interface=all-ppp log=no log-prefix="" 

 5    ;;; default configuration
      chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix="" 

 6    ;;; default configuration
      chain=forward action=accept connection-state=established,related log=no log-prefix="" 

 7    ;;; default configuration
      chain=forward action=drop connection-state=invalid log=no log-prefix="" 

 8    ;;; default configuration
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1-gateway log=no log-prefix="" 

[admin@MikroTik] > ip firewall nat print       
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; default configuration
      chain=srcnat action=masquerade out-interface=ether1-gateway log=no log-prefix="" 

 1    chain=srcnat action=masquerade out-interface=all-ppp log=no log-prefix="
You can notice rules 3 and 4 in input chain to "drop incoming connections", but I'd tried to turn them off and on without success.

Could someone point me, please, what is wrong with my configuration?

Thanks!
Last edited by stunpix on Thu Dec 17, 2015 1:07 pm, edited 1 time in total.
 
User avatar
pukkita
Trainer
Trainer
Posts: 2979
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: UPnP seems not working with PPPoE

Tue Dec 15, 2015 5:13 pm

 chain=input action=drop in-interface=all-ppp log=no log-prefix="" 
 
and
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1-gateway log=no log-prefix="" 
You should change in-interface on those to pppoe-isp.

Can you post interfaces and ip address export outputs?
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
User avatar
stunpix
just joined
Topic Author
Posts: 6
Joined: Tue Dec 15, 2015 2:49 pm

Re: UPnP seems not working with PPPoE

Thu Dec 17, 2015 12:54 am

Sorry, I missed your message, because forum has disabled notifications by default.

I've tried different configurations with firewall drop filters (changed, enabled/disabled them), but nothing was helping me.

Suddenly I fixed up my upnp: I deleted all upnp internal/external interfaces, then I disabled upnp by unchecking it and finally I pushed Apply button in upnp dialog. Then I enabled upnp, pushed Apply button and only then re-added internal/external upnp interfaces and magically everything started working! With same setup!

Most interesting that I did same steps earlier, but without success. This time it helped me and now I see dynamic dst-nat rules added by UPnP to Firewall NAT table.

I didn't figured out what caused this issue: order of actions for enabling upnp and adding upnp interfaces or something else, because I was unable to reproduce this issue again. This is definetely a kind of bug, because configuration I posted in first post is my current configuration, but now upnp is working. On other forums I found similar discussions that upnp settings reset helps sometimes.

For me I'm closing this thread as solved.
 
User avatar
inteq
Frequent Visitor
Frequent Visitor
Posts: 78
Joined: Wed Feb 25, 2015 8:15 pm

Re: [SOLVED] UPnP seems not working with PPPoE

Mon Apr 29, 2019 12:35 am

Thank you for the info @stunpix
It is a bug indeed, because only by following your steps it started working for me.
"I deleted all upnp internal/external interfaces, then I disabled upnp by unchecking it and finally I pushed Apply button in upnp dialog. Then I enabled upnp, pushed Apply button and only then re-added internal/external upnp interfaces and magically everything started working! With same setup!"
 
User avatar
stunpix
just joined
Topic Author
Posts: 6
Joined: Tue Dec 15, 2015 2:49 pm

Re: [SOLVED] UPnP seems not working with PPPoE

Mon Apr 29, 2019 10:56 am

Sadly bug exists 4.5 years later after I posted here.
 
colin
newbie
Posts: 29
Joined: Mon May 11, 2015 11:11 am

Re: [SOLVED] UPnP seems not working with PPPoE

Wed May 15, 2019 3:15 am

Some times if i disable upnp, and reenable it, the upnp will still keep disabled(you can check the tcp port 2828 by tcping, it was closed.).
After disable it and reenable again and again, it still disabled, then i find your solution and try it, and it worked again.
So thanks to your solution.

But most time it works as normal behavior(uncheck upnp it disable upnp, check upnp it enable),
So may be it's a bug not easy to find the reason.

my ros version: CHR 6.44.3

Who is online

Users browsing this forum: Bing [Bot] and 73 guests