Folks,
Sorry if this is a dumb question but I need your help..
I'm trying to set up Back to My Mac on my Mikrotik based network and I gather that this requires uPnP to be enabled which I have done in accordance with the Mikrotik manual, such as it is. I have an internal and an external interface defined etc etc.
It does not work.
The client mac reports that uPnP is not enabled etc etc.
The Mikrotiks, one an RB500 and the other an x86 box, are running 3.22 RouterOS.
Any constructive thoughts (step-by-step for this idiot please) gratefully received.
Has anyone done this successfully?
Best Regards
Ian Beeby
Re: Apple Back to My Mac and Mikrotic uPnP implementation...
wait for the release and check with v4.6 - there will be fixes about UPnP for XBox... maybe it will fix Macs too. if not - capture packets when Mac tries to use UPnP and send to support@mikrotik.com
Re: Apple Back to My Mac and Mikrotic uPnP implementation...
Thanks for this - Before I capture packets, it might help to know how it should be set up so that I can first be sure that I did not screw that much up - then I'll be happy to capture as many packets as I can!
Best Regards
Ian
Best Regards
Ian
Re: Apple Back to My Mac and Mikrotic uPnP implementation...
please post your upnp config.
like this:
like this:
Code: Select all
[admin@MikroTik] > ip upnp export
# jan/06/1970 22:51:45 by RouterOS 4.6
# software id = 36VY-YZJ9
#
/ip upnp
set allow-disable-external-interface=yes enabled=yes show-dummy-rule=yes
/ip upnp interfaces
add disabled=no interface=ether1-gateway type=external
add disabled=no interface=ether2-local-master type=internal
-
-
rickhodger
just joined
- Posts: 24
- Joined:
- Location: Belfast, UK
- Contact:
Re: Apple Back to My Mac and Mikrotic uPnP implementation...
Also, UPnP uses the web service on port 80 on your router. If your web service is disabled on on a different port it will not work.
Re: Apple Back to My Mac and Mikrotic uPnP implementation...
why? uPnP doesn't use any such ports.
Re: Apple Back to My Mac and Mikrotic uPnP implementation...
Sorry for the delay.
Its still not working on 4.9 with RouterBoard (RB433UAH) or x86 units.
uPNP configuration for each are identical - here is the x86 exported configuration:
# jun/05/2010 15:45:28 by RouterOS 4.9
# software id = H96A- 414P
#
/ip upnp
set allow-disable-external-interface=no enabled=yes show-dummy-rule=yes
/ip upnp interfaces
add disabled=no interface=WAN_PPPoE type=external
add disabled=no interface=bridge1 type=internal
The WAN_PPPoE interface faces our internet service provider and the bridge1 interface is a bridge between several ethernet ports on the machine. Its a 1.2GHz Celeron with 256Mb RAM and has never been seen to run with more than 3% CPU.
Any thoughts greatly appreciated.
Ian
Its still not working on 4.9 with RouterBoard (RB433UAH) or x86 units.
uPNP configuration for each are identical - here is the x86 exported configuration:
# jun/05/2010 15:45:28 by RouterOS 4.9
# software id = H96A- 414P
#
/ip upnp
set allow-disable-external-interface=no enabled=yes show-dummy-rule=yes
/ip upnp interfaces
add disabled=no interface=WAN_PPPoE type=external
add disabled=no interface=bridge1 type=internal
The WAN_PPPoE interface faces our internet service provider and the bridge1 interface is a bridge between several ethernet ports on the machine. Its a 1.2GHz Celeron with 256Mb RAM and has never been seen to run with more than 3% CPU.
Any thoughts greatly appreciated.
Ian
Re: Apple Back to My Mac and Mikrotic uPnP implementation...
Its working - on one of my sites at least:
Set allow to disable external interface to NO and set show dummt rule to NO and hey presto!
The other site is not working with the same rules but it has a different ISP.
Ian
Set allow to disable external interface to NO and set show dummt rule to NO and hey presto!
The other site is not working with the same rules but it has a different ISP.
Ian
Re: Apple Back to My Mac and Mikrotic uPnP implementation...
Today I went bug hunting to find out why UPNP and Apple's Back to my Mac are not working if put together...
First of all:
I have a Routerboard RB450G that is running the latest RouterOS 5.0beta4.
Setup is the following:
I tried several different program that forward ports through UPNP and/or NAT-PMP. All worked fine except for the Back to my Mac service, which constantly tells me, that my router doesn't support UPNP (yeah, sure ^^).
I tried everything that can be found on the internet to make it work (like the post just above this one), but Back to my Mac and RouterOS just do not want to play together.
This damn incompatibility bugged me so much, that i figured to start up Wireshark and look a bit deeper.
I tried to forward a port with 3 different programs to see where the difference is:
Transmission:
Portmap:
But when I try to do the same thing with Apple's Back to my Mac service, I get NOTHING.
Back to my Mac:
No error message, nothing! Only an empty packet as response:
Shouldn't there be at least some sort of response and/or error message? (like defined in 2.4.16.1 of http://upnp.org/specs/gw/UPnP-gw-WANIPC ... ervice.pdf)
The only really visible difference in these 3 requests is that apple uses XML namespaces and attributes more extensively than the other 2 programs.
For example
instead of the much simpler form that the other 2 programs use
This shouldn't pose a problem since the XML requests are all at least wellformed (it didn't validate them against the XSD, but a guess they are valid too), but could it be that RouterOS has a problem while parsing these XML requests?
I hope my information get's this bug fixed soon, because I really want to this feature and Apple's Back to my Mac won't be the only UPNP implementation that has problems with RouterOS.
Best regards,
Martin (aka maruchinu)
PS: I can supply the Wireshark files that I captured, but I don't want to post them publicly since they could contain other sensitive traffic/information.
First of all:
I have a Routerboard RB450G that is running the latest RouterOS 5.0beta4.
Setup is the following:
- Routerboard 450G is configured as the main NAT (Masquerading) router for my small network. IP: 192.168.0.1
- My computer connects directly to the Routerboard over Ethernet. IP: 192.168.0.102
Code: Select all
[admin@MikroTik] /ip upnp> print
enabled: yes
allow-disable-external-interface: no
show-dummy-rule: yes
I tried everything that can be found on the internet to make it work (like the post just above this one), but Back to my Mac and RouterOS just do not want to play together.
This damn incompatibility bugged me so much, that i figured to start up Wireshark and look a bit deeper.
I tried to forward a port with 3 different programs to see where the difference is:
- Transmission (http://www.transmissionbt.com/)
- Portmap (http://www.codingmonkeys.de/portmap/)
- Apple's Back to my Mac Service
Transmission:
Code: Select all
===REQUEST===
POST /upnp/control/wanipconn-7 HTTP/1.0
Host: 192.168.0.1:2828
User-Agent: Darwin/10.4.0, UPnP/1.0, MiniUPnPc/1.4
Content-Length: 606
Content-Type: text/xml
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping"
Connection: Close
Cache-Control: no-cache
Pragma: no-cache
<?xml version="1.0"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>51417</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>51417</NewInternalPort><NewInternalClient>192.168.0.102</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>Transmission at 51417</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>
===RESPONSE===
HTTP/1.1 200 OK
CONTENT-LENGTH: 282
CONTENT-TYPE: text/xml; charset="utf-8"
DATE: Tue, 13 Jul 2010 15:08:31 GMT
EXT:
SERVER: RouterOS/5.0beta4UPnP/1.0 MikroTik UPnP/1.0
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<u:AddPortMappingResponse xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"></u:AddPortMappingResponse>
</s:Body>
</s:Envelope>
Code: Select all
===REQUEST===
POST /upnp/control/wanipconn-7 HTTP/1.1
Host: 192.168.0.1:2828
User-Agent: POSIX, UPnP/1.0, miniUPnPc/1.0
Content-Length: 614
Content-Type: text/xml
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping"
Connection: Close
Cache-Control: no-cache
Pragma: no-cache
<?xml version="1.0"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>12345</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>12345</NewInternalPort><NewInternalClient>192.168.0.102</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>cPM.Port.Map.925d7518fc597af0</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></m:AddPortMapping></s:Body></s:Envelope>
===RESPONSE===
HTTP/1.1 200 OK
CONTENT-LENGTH: 282
CONTENT-TYPE: text/xml; charset="utf-8"
DATE: Tue, 13 Jul 2010 15:09:48 GMT
EXT:
SERVER: RouterOS/5.0beta4UPnP/1.0 MikroTik UPnP/1.0
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<u:AddPortMappingResponse xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"></u:AddPortMappingResponse>
</s:Body>
</s:Envelope>
Back to my Mac:
Code: Select all
===REQUEST===
POST /upnp/control/wanipconn-7 HTTP/1.1
Content-Type: text/xml; charset="utf-8"
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#DeletePortMapping"
User-Agent: Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)
Host: 192.168.0.1:2828
Content-Length: 604
Connection: close
Pragma: no-cache
<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:DeletePortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string"></NewRemoteHost><NewExternalPort xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui2">4500</NewExternalPort><NewProtocol xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">UDP</NewProtocol></m:DeletePortMapping></SOAP-ENV:Body></SOAP-ENV:Envelope>
===RESPONSE===
Code: Select all
84 6.360812 192.168.0.1 192.168.0.102 TCP itm-lm > 63728 [ACK] Seq=1 Ack=913 Win=7616 Len=0 TSV=480186 TSER=464120379
0000 58 b0 35 f5 8b a4 00 0c 42 3e 8f be 08 00 45 00 X.5.....B>....E.
0010 00 34 51 e9 40 00 40 06 67 23 c0 a8 00 01 c0 a8 .4Q.@.@.g#......
0020 00 66 0b 0c f8 f0 10 fe 02 53 f2 09 ac 58 80 10 .f.......S...X..
0030 01 dc e3 d2 00 00 01 01 08 0a 00 07 53 ba 1b a9 ............S...
0040 ea 3b .;
The only really visible difference in these 3 requests is that apple uses XML namespaces and attributes more extensively than the other 2 programs.
For example
Code: Select all
<NewExternalPort xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui2">4500</NewExternalPort>Code: Select all
<NewExternalPort>12345</NewExternalPort>I hope my information get's this bug fixed soon, because I really want to this feature and Apple's Back to my Mac won't be the only UPNP implementation that has problems with RouterOS.
Best regards,
Martin (aka maruchinu)
PS: I can supply the Wireshark files that I captured, but I don't want to post them publicly since they could contain other sensitive traffic/information.
Re: Apple Back to My Mac and Mikrotic uPnP implementation...
Please send a supout.rif file to support, and it would be ideal if we could also have remote access to the router.
Re: Apple Back to My Mac and Mikrotic uPnP implementation...
Sent the supout.rif, remote access login and some other information to the support through the support form. Hope this helps.Please send a supout.rif file to support, and it would be ideal if we could also have remote access to the router.
This thing is getting stranger with every day I look at it. Yesterday I tried a small programm called HTTPClient (http://ditchnet.org/httpclient/) to manually set off a UPNP request.
I copied the captured request from Back to my Mac (from wireshark) and used the program above to manually send the request. And it worked!?!
No problem, whatsoever.
HTTPClient:
Code: Select all
POST /upnp/control/wanipconn-7 HTTP/1.1
Content-Type: text/xml; charset="utf-8"
Soapaction: "urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping"
User-Agent: Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)
Host: 192.168.0.1:2828
Connection: close
Content-Length: 1116 (<-- rewritten by HTTPClient from 1119 to 1116)
Pragma: no-cache
<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string"></NewRemoteHost><NewExternalPort xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui2">4501</NewExternalPort><NewProtocol xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">UDP</NewProtocol><NewInternalPort xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui2">4501</NewInternalPort><NewInternalClient xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">192.168.0.102</NewInternalClient><NewEnabled xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="boolean">1</NewEnabled><NewPortMappingDescription xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">iC4500</NewPortMappingDescription><NewLeaseDuration xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui4">0</NewLeaseDuration></m:AddPortMapping></SOAP-ENV:Body></SOAP-ENV:Envelope>
================================================================
HTTP/1.1 200 OK
CONTENT-LENGTH: 282
CONTENT-TYPE: text/xml; charset="utf-8"
DATE: Wed, 14 Jul 2010 18:06:30 GMT
EXT:
SERVER: RouterOS/5.0beta4UPnP/1.0 MikroTik UPnP/1.0
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<u:AddPortMappingResponse xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"></u:AddPortMappingResponse>
</s:Body>
</s:Envelope>
Back to my Mac:
Code: Select all
POST /upnp/control/wanipconn-7 HTTP/1.1
Content-Type: text/xml; charset="utf-8"
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping"
User-Agent: Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)
Host: 192.168.0.1:2828
Content-Length: 1119
Connection: close
Pragma: no-cache
<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string"></NewRemoteHost><NewExternalPort xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui2">4500</NewExternalPort><NewProtocol xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">UDP</NewProtocol><NewInternalPort xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui2">4500</NewInternalPort><NewInternalClient xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">192.168.0.102</NewInternalClient><NewEnabled xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="boolean">1</NewEnabled><NewPortMappingDescription xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">iC4500</NewPortMappingDescription><NewLeaseDuration xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui4">0</NewLeaseDuration></m:AddPortMapping></SOAP-ENV:Body></SOAP-ENV:Envelope>
==========================================
NO RESPONSE!
This thing is really, really strange...
Re: Apple Back to My Mac and Mikrotic uPnP implementation...
See my report above - set dummy rule = NO should do the trick - it did with my setup.
The second machine that is not passing uPnP is an x86 based router - not sure whether that makes any difference.
Regards
Ian
The second machine that is not passing uPnP is an x86 based router - not sure whether that makes any difference.
Regards
Ian
Re: Apple Back to My Mac and Mikrotic uPnP implementation...
As I mentioned in my first post, I tried _every_ workaround, including dummy rule = NO, and nothing worked.See my report above - set dummy rule = NO should do the trick - it did with my setup.
By the way, turning off the dummy rule is not what I really wanted to do, because from time to time I have Windows PCs in my network where UPNP should also work
This clearly is a bug, either on the Mikrotik side or on the Apple side that needs proper investigation and fixing.
Best regards
Martin
Re: Apple Back to My Mac and Mikrotic uPnP implementation...
You are probably right here - the position is certainly not well documented and this applies to both Mikrotik and Apple. On the other hand, security concerns have been raised about using uPnP in any case.
What does concern me is the difference between x86 and MIPS based Mikrotiks. I have seen this in a couple of other areas too - not large differences but big enough to become annoying.
Have you checked that the path to the Internet is clear? In the case of one of my remote offices, the xDSL modem had a uPnP passthrough option which was not enabled by default. Doing so appeared to enable it BUT un-documented was the further requirement for a reboot before that came into effect. it was only then that I had any success - having to check and un-check the (poorly documented) Mikrotik option boxes in a rather OCD fashion on each occasion. Now one is working - but my x86 hosted site has no intermediate NAT or other impediment (the ISP assures me) and still does not work...
Ian
What does concern me is the difference between x86 and MIPS based Mikrotiks. I have seen this in a couple of other areas too - not large differences but big enough to become annoying.
Have you checked that the path to the Internet is clear? In the case of one of my remote offices, the xDSL modem had a uPnP passthrough option which was not enabled by default. Doing so appeared to enable it BUT un-documented was the further requirement for a reboot before that came into effect. it was only then that I had any success - having to check and un-check the (poorly documented) Mikrotik option boxes in a rather OCD fashion on each occasion. Now one is working - but my x86 hosted site has no intermediate NAT or other impediment (the ISP assures me) and still does not work...
Ian
Re: Apple Back to My Mac and Mikrotic uPnP implementation...
Sorry to bring such an old thread back to life, but it seems like this is still not working.
Just tried "back to my mac" from two different Macs one running OS X 9 and the other 10.10.
No dynamic nat rules gets created.
Did anyone ever got UPNP and "back to my mack" to work?
My config looks like this:
I've tried with enabling "show-dummy-rule" and "allow-disable-external-interface" but with the same result.
Best regards
Daniel
Just tried "back to my mac" from two different Macs one running OS X 9 and the other 10.10.
No dynamic nat rules gets created.
Did anyone ever got UPNP and "back to my mack" to work?
My config looks like this:
Code: Select all
@MikroTik] > ip upnp print
enabled: yes
allow-disable-external-interface: no
show-dummy-rule: no
@MikroTik] > ip upnp interfaces print
Flags: X - disabled, D - dynamic
# INTERFACE TYPE FORCED-EXTERNAL-IP
0 ether1-gateway external
1 bridge-local internalBest regards
Daniel
Re: Apple Back to My Mac and Mikrotic uPnP implementation...
I've not been able to get RouterOS 5.6 UPnP to work with Apple Back to My Mac
Re: Apple Back to My Mac and Mikrotic uPnP implementation...
Back to my Mac still doesn't work, in RouterOS version 6.40.4. This is very inconvenient. In addition, crippling defects in DNS caching prevent optimal deployments, even in simple home router applications... Any work on this uPnP defect ongoing?