Community discussions

MikroTik App
 
fragtion
newbie
Topic Author
Posts: 35
Joined: Fri Nov 13, 2009 10:08 pm

UPnP: "all-ppp" support?

Tue Jan 07, 2014 12:46 pm

Good day Mikrotik devs and users

I use RouterOS at the core of my network as it seems to be the most intuitive and effective router platform I've found, allowing me better control for my limited knowledge, especially in my case where I have a dual-wan PPPoE setup (route splitting, not bonding) and must do connection and packet marking in order to serve traffic in and out of the local network properly. So first a word of thanks for creating such a great product :)

One great improvement that I've noticed since 6.x of RouterOS, is that in many places we can now select "all-ppp" in cases where we want to apply some rule to all ppp interfaces without duplicating the rules for each interface. This is extremely helpful for me especially when creating firewall NAT rules, and seems completely safe if you know what you are doing

A significant drawback that I've recently come across however, is the lack of such support when it comes to RouterOS's UPnP implementation (in fact this seems to be a general UPnP limitation which nobody has ever bothered to resolve). The problem is that UPnP only seems to work for one WAN/external interface, even though it is 'deceptively' POSSIBLE to add multiple external interfaces to the UPnP instance via ip->upnp in winbox/terminal. One can even specify 0.0.0.0 as the external IP, and the rule will be created as such... however it does not bind properly to all the PPP interfaces and simply does not work as expected. In fact it seems completely useless that multiple external interfaces can be added to the UPnP instance if adding them seems to have literally no effect. If multi-wan support is not going to happen, then perhaps we should be presented with an error alert instead of it being possible to assign them. There may be a glimmer of hope regarding this, with pfSense, but this is obviously not going to solve the problem for Mtik users. Perhaps Mikrotik can now become a clear exception and be on the forefront of this as well?

With p2p on the rise, and modern day applications such as Skype showing up more and more on mobile devices like phones and tablets, it is becoming very pain-staking and impractical to manually maintain port forwards for these sorts of applications, as devices mac addresses change frequently and on semi-public networks, new devices may come in all the time and then maintaining manual rules becomes an impossibility! UPnP was created as an ideal solution for this, but has never evolved and is now extremely handicapped by the fact that it still only supports a single WAN.

Since all UPnP really seems to do is inform the network of its presence and listen for application's request for an open port, and then set up a temporary rule for that. So one would expect that it should be relatively easy to modify the type of rule that it creates to some greater degree than right now. At the moment it creates a dst-nat rule, by dst-address IP and does not bind to an interface, and there appears to be no way of changing that behaviour

Furthermore, there is no control over where these dynamic dst-nat rules will appear in the firewall table... In my case, they fall underneath a DMZ rule, and thus go ignored unless I disable the DMZ rule. Is there any way to make the UPnP rules take preference over the DMZ rule? I would like a DMZ rule only as a last-resort after other port-forwards are considered, and I can't seem to find a way to do this in RouterOS?

In searching, I've come across a few similar posts on these forums where users ask for help with multi-wan upnp, and nobody has found a solution. With all the PPP changes being pushed for v6.8/6.9 right now, wouldn't this be a perfect time to give UPnP a bit of a face-lift into the 21st century too which will make it far more appealing and useful for dynamic port forwarding applications which seem to be on the rise now more than ever?
 
User avatar
NetworkPro
Forum Guru
Forum Guru
Posts: 1370
Joined: Mon Jan 05, 2009 6:23 pm
Location: Worldwide
Contact:

Re: UPnP: "all-ppp" support?

Sat May 17, 2014 12:49 pm

No, the prefect time to give UPnP a face lift would have been about 7 to 10+ years ago.

I am pissed at the Latvian guys about this as well but I guess experienced developers don't grow on trees and they certainly don't prioritize work on stupid features like UPnP :(

Scripting can be used to "dynamically" add things to the configuration as needed.
wiki.mikrotik.com/wiki/NetworkPro_on_Quality_of_Service
 
fragtion
newbie
Topic Author
Posts: 35
Joined: Fri Nov 13, 2009 10:08 pm

Re: UPnP: "all-ppp" support?

Wed Aug 27, 2014 2:46 pm

Thanks for your response. It's reassuring to see that there are others experiencing this exact same problem -- less reassuring that we haven't received an official acknowledgement from the devs about the issue or any intent to fix it, though. I just noticed your wiki entry in your signature, though, and it seems like a perfect workaround to use in the meanwhile! I will give it a try and report back any feedback I may have. Thanks for the work that you've put into this!

Who is online

Users browsing this forum: Google [Bot], sindy, ysha and 101 guests