I am running a hotspot on ether3 of my 450g box and have a mythtv box on the local LAN which connects via ether2 of the same 450g box. I can access my mythtv web interface, ssh, etc, but my Myth Frontend cannot connect via UPNP. I have tried a number of firewall and walled garden rules, but am not getting it right. Does anyone have the specifics to get this working?
Myth Frontend 10.5.50.245
Myth Box 10.2.2.101
Re: Trouble allowing UPNP through to hotspot users
UPnP is used to punch holes into NAT as well as firewall filters.
If both the frontend and the MythTV box itself connect to the same router you shouldn't NAT between those. NAT traffic going out to the Internet only. Usually that involved finding that source NAT rule and adding an out-interface=WAN classifier to it. Once traffic between the MythTV box and the frontend isn't NAT'd anymore you don't need UPnP at all. NAT sucks. Only NAT when you have to on network boundaries where you don't control both networks, or where there is overlapping IP space. Hotspots don't block inbound traffic in the firewall filters for authenticated users. Users/devices that have IP bindings bypassing them or are logged in count as authenticated. By default there would at that point be no firewall rules blocking traffic established from either endpoint, and again you wouldn't need UPnP.
If both the frontend and the MythTV box itself connect to the same router you shouldn't NAT between those. NAT traffic going out to the Internet only. Usually that involved finding that source NAT rule and adding an out-interface=WAN classifier to it. Once traffic between the MythTV box and the frontend isn't NAT'd anymore you don't need UPnP at all. NAT sucks. Only NAT when you have to on network boundaries where you don't control both networks, or where there is overlapping IP space. Hotspots don't block inbound traffic in the firewall filters for authenticated users. Users/devices that have IP bindings bypassing them or are logged in count as authenticated. By default there would at that point be no firewall rules blocking traffic established from either endpoint, and again you wouldn't need UPnP.
Re: Trouble allowing UPNP through to hotspot users
Originally, The Frontend with Ip 10.5.50.245 uses 10.5.50.1 (hotspot) as a gateway and uses UPnp to play videos on the backend. The backend (10.2.2.101), uses a different gateway with IP 10.2.2.1.
For a test I moved the wireless AP to the 10.2 network, renewed my lease to pull a 10.2 address, and the Frontend was able to communicate with the Mythtv box and play videos via Upnp.
For the second test I changed my Nat rules to only nat traffic going out of ether1, moved the AP back to the hotspot box, and pulled a 10.5 address. Once this was done, I could not ping between the myth box and the front end, so I changed the gateway of the mythbox to use the IP (10.2.2.100) on ether2 of the 450g as its gateway. Once this was done I could ping 10.2. and 10.5 addresses from the backend and frontend, but Upnp does not work.
For a test I moved the wireless AP to the 10.2 network, renewed my lease to pull a 10.2 address, and the Frontend was able to communicate with the Mythtv box and play videos via Upnp.
For the second test I changed my Nat rules to only nat traffic going out of ether1, moved the AP back to the hotspot box, and pulled a 10.5 address. Once this was done, I could not ping between the myth box and the front end, so I changed the gateway of the mythbox to use the IP (10.2.2.100) on ether2 of the 450g as its gateway. Once this was done I could ping 10.2. and 10.5 addresses from the backend and frontend, but Upnp does not work.
Re: Trouble allowing UPNP through to hotspot users
Still missing something in my config. To make things simple, I shutdown my original firewall and set up my 450G box to do everything.
Port 1 = Public IP
Port 2 = 10.2.2.1 (gateway for 10.2 network)
Port 3 = 10.5.50.1 (hot spot)
Mythtv box Ip is 10.2.2.101
Mythtv Front end is 10.5.50.245
I can access ports 22 and 80 on the mythtv box, but UPnp still is not working. If I change the frontend to a 10.2 address, everything works fine.
I must need some sort of firewall rule, or config change, but not sure what to change.
Port 1 = Public IP
Port 2 = 10.2.2.1 (gateway for 10.2 network)
Port 3 = 10.5.50.1 (hot spot)
Mythtv box Ip is 10.2.2.101
Mythtv Front end is 10.5.50.245
I can access ports 22 and 80 on the mythtv box, but UPnp still is not working. If I change the frontend to a 10.2 address, everything works fine.
I must need some sort of firewall rule, or config change, but not sure what to change.