Community discussions

 
ibeeby
newbie
Topic Author
Posts: 45
Joined: Tue Dec 12, 2006 8:49 am
Location: Matlock, England
Contact:

Apple Back to My Mac and Mikrotic uPnP implementation...

Tue Feb 02, 2010 1:07 am

Folks,

Sorry if this is a dumb question but I need your help..

I'm trying to set up Back to My Mac on my Mikrotik based network and I gather that this requires uPnP to be enabled which I have done in accordance with the Mikrotik manual, such as it is. I have an internal and an external interface defined etc etc.

It does not work.

The client mac reports that uPnP is not enabled etc etc.

The Mikrotiks, one an RB500 and the other an x86 box, are running 3.22 RouterOS.

Any constructive thoughts (step-by-step for this idiot please) gratefully received.

Has anyone done this successfully?

Best Regards

Ian Beeby
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Apple Back to My Mac and Mikrotic uPnP implementation...

Tue Feb 02, 2010 5:23 pm

wait for the release and check with v4.6 - there will be fixes about UPnP for XBox... maybe it will fix Macs too. if not - capture packets when Mac tries to use UPnP and send to support@mikrotik.com
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
ibeeby
newbie
Topic Author
Posts: 45
Joined: Tue Dec 12, 2006 8:49 am
Location: Matlock, England
Contact:

Re: Apple Back to My Mac and Mikrotic uPnP implementation...

Tue Feb 02, 2010 9:32 pm

Thanks for this - Before I capture packets, it might help to know how it should be set up so that I can first be sure that I did not screw that much up - then I'll be happy to capture as many packets as I can!

Best Regards

Ian
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24277
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Apple Back to My Mac and Mikrotic uPnP implementation...

Wed Feb 03, 2010 9:33 am

please post your upnp config.

like this:

[admin@MikroTik] > ip upnp export 
# jan/06/1970 22:51:45 by RouterOS 4.6
# software id = 36VY-YZJ9
#
/ip upnp
set allow-disable-external-interface=yes enabled=yes show-dummy-rule=yes
/ip upnp interfaces
add disabled=no interface=ether1-gateway type=external
add disabled=no interface=ether2-local-master type=internal


No answer to your question? How to write posts
 
rickhodger
just joined
Posts: 24
Joined: Tue Aug 18, 2009 6:32 pm
Location: Belfast, UK
Contact:

Re: Apple Back to My Mac and Mikrotic uPnP implementation...

Wed Feb 03, 2010 1:50 pm

Also, UPnP uses the web service on port 80 on your router. If your web service is disabled on on a different port it will not work.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24277
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Apple Back to My Mac and Mikrotic uPnP implementation...

Wed Feb 03, 2010 2:26 pm

why? uPnP doesn't use any such ports.
No answer to your question? How to write posts
 
ibeeby
newbie
Topic Author
Posts: 45
Joined: Tue Dec 12, 2006 8:49 am
Location: Matlock, England
Contact:

Re: Apple Back to My Mac and Mikrotic uPnP implementation...

Sat Jun 05, 2010 4:57 pm

Sorry for the delay.

Its still not working on 4.9 with RouterBoard (RB433UAH) or x86 units.

uPNP configuration for each are identical - here is the x86 exported configuration:

# jun/05/2010 15:45:28 by RouterOS 4.9
# software id = H96A- 414P
#
/ip upnp
set allow-disable-external-interface=no enabled=yes show-dummy-rule=yes
/ip upnp interfaces
add disabled=no interface=WAN_PPPoE type=external
add disabled=no interface=bridge1 type=internal

The WAN_PPPoE interface faces our internet service provider and the bridge1 interface is a bridge between several ethernet ports on the machine. Its a 1.2GHz Celeron with 256Mb RAM and has never been seen to run with more than 3% CPU.

Any thoughts greatly appreciated.

Ian
 
ibeeby
newbie
Topic Author
Posts: 45
Joined: Tue Dec 12, 2006 8:49 am
Location: Matlock, England
Contact:

Re: Apple Back to My Mac and Mikrotic uPnP implementation...

Mon Jul 12, 2010 10:45 pm

Its working - on one of my sites at least:

Set allow to disable external interface to NO and set show dummt rule to NO and hey presto!

The other site is not working with the same rules but it has a different ISP.

Ian
 
maruchinu
just joined
Posts: 3
Joined: Tue Jul 13, 2010 9:13 pm

Re: Apple Back to My Mac and Mikrotic uPnP implementation...

Tue Jul 13, 2010 9:54 pm

Today I went bug hunting to find out why UPNP and Apple's Back to my Mac are not working if put together...

First of all:

I have a Routerboard RB450G that is running the latest RouterOS 5.0beta4.

Setup is the following:
  • Routerboard 450G is configured as the main NAT (Masquerading) router for my small network. IP: 192.168.0.1
  • My computer connects directly to the Routerboard over Ethernet. IP: 192.168.0.102
My UPNP settings are the following:
[admin@MikroTik] /ip upnp> print
                           enabled: yes
  allow-disable-external-interface: no
                   show-dummy-rule: yes
I tried several different program that forward ports through UPNP and/or NAT-PMP. All worked fine except for the Back to my Mac service, which constantly tells me, that my router doesn't support UPNP (yeah, sure ^^).

I tried everything that can be found on the internet to make it work (like the post just above this one), but Back to my Mac and RouterOS just do not want to play together.

This damn incompatibility bugged me so much, that i figured to start up Wireshark and look a bit deeper.

I tried to forward a port with 3 different programs to see where the difference is:
With first two programs a get what a expect. A nice success response to the port forwarding request.

Transmission:
===REQUEST===

POST /upnp/control/wanipconn-7 HTTP/1.0
Host: 192.168.0.1:2828
User-Agent: Darwin/10.4.0, UPnP/1.0, MiniUPnPc/1.4
Content-Length: 606
Content-Type: text/xml
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping"
Connection: Close
Cache-Control: no-cache
Pragma: no-cache

<?xml version="1.0"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>51417</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>51417</NewInternalPort><NewInternalClient>192.168.0.102</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>Transmission at 51417</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>

===RESPONSE===

HTTP/1.1 200 OK
CONTENT-LENGTH: 282
CONTENT-TYPE: text/xml; charset="utf-8"
DATE: Tue, 13 Jul 2010 15:08:31 GMT
EXT: 
SERVER: RouterOS/5.0beta4UPnP/1.0 MikroTik UPnP/1.0

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
  <s:Body>
    <u:AddPortMappingResponse xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"></u:AddPortMappingResponse>
  </s:Body>
</s:Envelope>
Portmap:
===REQUEST===

POST /upnp/control/wanipconn-7 HTTP/1.1
Host: 192.168.0.1:2828
User-Agent: POSIX, UPnP/1.0, miniUPnPc/1.0
Content-Length: 614
Content-Type: text/xml
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping"
Connection: Close
Cache-Control: no-cache
Pragma: no-cache

<?xml version="1.0"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>12345</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>12345</NewInternalPort><NewInternalClient>192.168.0.102</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>cPM.Port.Map.925d7518fc597af0</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></m:AddPortMapping></s:Body></s:Envelope>


===RESPONSE===

HTTP/1.1 200 OK
CONTENT-LENGTH: 282
CONTENT-TYPE: text/xml; charset="utf-8"
DATE: Tue, 13 Jul 2010 15:09:48 GMT
EXT: 
SERVER: RouterOS/5.0beta4UPnP/1.0 MikroTik UPnP/1.0

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
  <s:Body>
    <u:AddPortMappingResponse xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"></u:AddPortMappingResponse>
  </s:Body>
</s:Envelope>
But when I try to do the same thing with Apple's Back to my Mac service, I get NOTHING.

Back to my Mac:
===REQUEST===


POST /upnp/control/wanipconn-7 HTTP/1.1
Content-Type: text/xml; charset="utf-8"
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#DeletePortMapping"
User-Agent: Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)
Host: 192.168.0.1:2828
Content-Length: 604
Connection: close
Pragma: no-cache

<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:DeletePortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string"></NewRemoteHost><NewExternalPort xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui2">4500</NewExternalPort><NewProtocol xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">UDP</NewProtocol></m:DeletePortMapping></SOAP-ENV:Body></SOAP-ENV:Envelope>


===RESPONSE===
No error message, nothing! Only an empty packet as response:
84	6.360812	192.168.0.1	192.168.0.102	TCP	itm-lm > 63728 [ACK] Seq=1 Ack=913 Win=7616 Len=0 TSV=480186 TSER=464120379

0000   58 b0 35 f5 8b a4 00 0c 42 3e 8f be 08 00 45 00  X.5.....B>....E.
0010   00 34 51 e9 40 00 40 06 67 23 c0 a8 00 01 c0 a8  .4Q.@.@.g#......
0020   00 66 0b 0c f8 f0 10 fe 02 53 f2 09 ac 58 80 10  .f.......S...X..
0030   01 dc e3 d2 00 00 01 01 08 0a 00 07 53 ba 1b a9  ............S...
0040   ea 3b                                            .;
Shouldn't there be at least some sort of response and/or error message? (like defined in 2.4.16.1 of http://upnp.org/specs/gw/UPnP-gw-WANIPC ... ervice.pdf)

The only really visible difference in these 3 requests is that apple uses XML namespaces and attributes more extensively than the other 2 programs.

For example
<NewExternalPort xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui2">4500</NewExternalPort>
instead of the much simpler form that the other 2 programs use
<NewExternalPort>12345</NewExternalPort>
This shouldn't pose a problem since the XML requests are all at least wellformed (it didn't validate them against the XSD, but a guess they are valid too), but could it be that RouterOS has a problem while parsing these XML requests?

I hope my information get's this bug fixed soon, because I really want to this feature and Apple's Back to my Mac won't be the only UPNP implementation that has problems with RouterOS.

Best regards,

Martin (aka maruchinu)

PS: I can supply the Wireshark files that I captured, but I don't want to post them publicly since they could contain other sensitive traffic/information.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24277
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Apple Back to My Mac and Mikrotic uPnP implementation...

Thu Jul 15, 2010 2:44 pm

Please send a supout.rif file to support, and it would be ideal if we could also have remote access to the router.
No answer to your question? How to write posts
 
maruchinu
just joined
Posts: 3
Joined: Tue Jul 13, 2010 9:13 pm

Re: Apple Back to My Mac and Mikrotic uPnP implementation...

Thu Jul 15, 2010 4:08 pm

Please send a supout.rif file to support, and it would be ideal if we could also have remote access to the router.
Sent the supout.rif, remote access login and some other information to the support through the support form. Hope this helps.

This thing is getting stranger with every day I look at it. Yesterday I tried a small programm called HTTPClient (http://ditchnet.org/httpclient/) to manually set off a UPNP request.

I copied the captured request from Back to my Mac (from wireshark) and used the program above to manually send the request. And it worked!?!
No problem, whatsoever.

HTTPClient:
POST /upnp/control/wanipconn-7 HTTP/1.1
Content-Type: text/xml; charset="utf-8"
Soapaction: "urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping"
User-Agent: Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)
Host: 192.168.0.1:2828
Connection: close
Content-Length: 1116 (<-- rewritten by HTTPClient from 1119 to 1116)
Pragma: no-cache

<?xml version="1.0"?>

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string"></NewRemoteHost><NewExternalPort xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui2">4501</NewExternalPort><NewProtocol xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">UDP</NewProtocol><NewInternalPort xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui2">4501</NewInternalPort><NewInternalClient xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">192.168.0.102</NewInternalClient><NewEnabled xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="boolean">1</NewEnabled><NewPortMappingDescription xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">iC4500</NewPortMappingDescription><NewLeaseDuration xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui4">0</NewLeaseDuration></m:AddPortMapping></SOAP-ENV:Body></SOAP-ENV:Envelope>

================================================================

HTTP/1.1 200 OK
CONTENT-LENGTH: 282
CONTENT-TYPE: text/xml; charset="utf-8"
DATE: Wed, 14 Jul 2010 18:06:30 GMT
EXT: 
SERVER: RouterOS/5.0beta4UPnP/1.0 MikroTik UPnP/1.0

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
  <s:Body>
    <u:AddPortMappingResponse xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"></u:AddPortMappingResponse>
  </s:Body>
</s:Envelope>
Then I retried the same thing using the Back to my mac service and - of course - it didn't work!?!

Back to my Mac:
POST /upnp/control/wanipconn-7 HTTP/1.1
Content-Type: text/xml; charset="utf-8"
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping"
User-Agent: Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)
Host: 192.168.0.1:2828
Content-Length: 1119
Connection: close
Pragma: no-cache

<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string"></NewRemoteHost><NewExternalPort xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui2">4500</NewExternalPort><NewProtocol xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">UDP</NewProtocol><NewInternalPort xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui2">4500</NewInternalPort><NewInternalClient xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">192.168.0.102</NewInternalClient><NewEnabled xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="boolean">1</NewEnabled><NewPortMappingDescription xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">iC4500</NewPortMappingDescription><NewLeaseDuration xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="ui4">0</NewLeaseDuration></m:AddPortMapping></SOAP-ENV:Body></SOAP-ENV:Envelope>


==========================================


NO RESPONSE!
The only difference that I saw using Wireshark was that HTTPClient seems to have overwritten the Content-Length header attribute, but that shouldn't be cause of the problem, should it?

This thing is really, really strange...
 
ibeeby
newbie
Topic Author
Posts: 45
Joined: Tue Dec 12, 2006 8:49 am
Location: Matlock, England
Contact:

Re: Apple Back to My Mac and Mikrotic uPnP implementation...

Mon Jul 19, 2010 5:01 pm

See my report above - set dummy rule = NO should do the trick - it did with my setup.

The second machine that is not passing uPnP is an x86 based router - not sure whether that makes any difference.

Regards

Ian
 
maruchinu
just joined
Posts: 3
Joined: Tue Jul 13, 2010 9:13 pm

Re: Apple Back to My Mac and Mikrotic uPnP implementation...

Mon Jul 19, 2010 5:12 pm

See my report above - set dummy rule = NO should do the trick - it did with my setup.
As I mentioned in my first post, I tried _every_ workaround, including dummy rule = NO, and nothing worked.

By the way, turning off the dummy rule is not what I really wanted to do, because from time to time I have Windows PCs in my network where UPNP should also work ;)

This clearly is a bug, either on the Mikrotik side or on the Apple side that needs proper investigation and fixing.

Best regards
Martin
 
ibeeby
newbie
Topic Author
Posts: 45
Joined: Tue Dec 12, 2006 8:49 am
Location: Matlock, England
Contact:

Re: Apple Back to My Mac and Mikrotic uPnP implementation...

Mon Jul 19, 2010 5:40 pm

You are probably right here - the position is certainly not well documented and this applies to both Mikrotik and Apple. On the other hand, security concerns have been raised about using uPnP in any case.

What does concern me is the difference between x86 and MIPS based Mikrotiks. I have seen this in a couple of other areas too - not large differences but big enough to become annoying.

Have you checked that the path to the Internet is clear? In the case of one of my remote offices, the xDSL modem had a uPnP passthrough option which was not enabled by default. Doing so appeared to enable it BUT un-documented was the further requirement for a reboot before that came into effect. it was only then that I had any success - having to check and un-check the (poorly documented) Mikrotik option boxes in a rather OCD fashion on each occasion. Now one is working - but my x86 hosted site has no intermediate NAT or other impediment (the ISP assures me) and still does not work...

Ian
 
nizce
just joined
Posts: 9
Joined: Tue Sep 15, 2009 3:19 pm

Re: Apple Back to My Mac and Mikrotic uPnP implementation...

Thu Sep 18, 2014 12:50 am

Sorry to bring such an old thread back to life, but it seems like this is still not working.
Just tried "back to my mac" from two different Macs one running OS X 9 and the other 10.10.
No dynamic nat rules gets created.

Did anyone ever got UPNP and "back to my mack" to work?



My config looks like this:
@MikroTik] > ip upnp print
 enabled: yes
 allow-disable-external-interface: no
 show-dummy-rule: no

@MikroTik] > ip upnp interfaces print 
Flags: X - disabled, D - dynamic 
 #   INTERFACE                                      TYPE     FORCED-EXTERNAL-IP
 0   ether1-gateway                                external
 1   bridge-local                                      internal
I've tried with enabling "show-dummy-rule" and "allow-disable-external-interface" but with the same result.


Best regards
Daniel
 
piersdd
just joined
Posts: 2
Joined: Sun Mar 16, 2014 1:24 pm

Re: Apple Back to My Mac and Mikrotic uPnP implementation...

Mon Jun 22, 2015 8:18 am

I've not been able to get RouterOS 5.6 UPnP to work with Apple Back to My Mac
 
pjkundert
just joined
Posts: 1
Joined: Tue Aug 18, 2009 5:48 am

Re: Apple Back to My Mac and Mikrotic uPnP implementation...

Wed Nov 29, 2017 6:10 pm

Back to my Mac still doesn't work, in RouterOS version 6.40.4. This is very inconvenient. In addition, crippling defects in DNS caching prevent optimal deployments, even in simple home router applications... Any work on this uPnP defect ongoing?

Who is online

Users browsing this forum: Google [Bot], MSN [Bot] and 63 guests