V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
zhangchioulin
V2EX  ›  问与答

LEDE 固件的 UPnP(miniupnpd) 不能使用请问有朋友知道怎么解决吗?

  •  
  •   zhangchioulin · 2018-06-23 15:02:34 +08:00 · 11425 次点击
    这是一个创建于 2375 天前的主题,其中的信息可能已经有所发展或是发生改变。

    问题

    • 表现为 Xbox one 显示“ UPnP not successful in your network settings ”

    • shell 中upnpc -s输出

    upnpc : miniupnpc library test client, version 2.1.
     (c) 2005-2018 Thomas Bernard.
    Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
    for more information.
    No IGD UPnP Device found on the network !
    
    • 最开始系统日志里面报could not open lease file: /var/run/miniupnpd.leases (尝试 /etc/init.d/miniupnpd enable 后不显示)

    软件信息

    LEDE: Powered by LuCI Master (git-18.163.61042-b5a43cf) / OpenWrt R7.7.4 By Lean

    安装的 UPnP 插件:

    luci-app-upnp luci-i18n-upnp-zh-cn miniupnpd(2.1-2)

    网络信息

    K3 路由器使用 DHCP 连接到电信光猫。 我的 Xbox 和电脑等设备使用 DHCP 连接 K3

    ip 192.168.1.1 电信光猫 192.168.2.1 K3-LEDE

    Subnet Mask 255.255.255.0

    我做的尝试

    1. 删除所有自定义的 iptables 转发规则
    2. 尝试重启并启用服务
    # /etc/init.d/miniupnpd restart
    # /etc/init.d/miniupnpd enable
    

    系统日志输出:

    Sat Jun 23 14:30:59 2018 daemon.notice miniupnpd[22474]: shutting down MiniUPnPd
    Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: system uptime is 45714 seconds
    Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: Reloading rules from lease file
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: parsing lease file line 'TCP:24874:192.168.2.196:24874:1529735590:NAT-PMP 24874 tcp '
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: UPnP permission rule 0 matched : port mapping accepted
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: Check protocol tcp for port 24874 on ext_if eth0.2 192.168.1.3, 0301A8C0
    Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: redirecting port 24874 to 192.168.2.196:24874 protocol TCP for: NAT-PMP 24874 tcp
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: parsing lease file line 'UDP:24874:192.168.2.196:24874:1529735590:NAT-PMP 24874 udp '
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: UPnP permission rule 0 matched : port mapping accepted
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: Check protocol udp for port 24874 on ext_if eth0.2 192.168.1.3, 0301A8C0
    Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: redirecting port 24874 to 192.168.2.196:24874 protocol UDP for: NAT-PMP 24874 udp
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: parsing lease file line 'TCP:40536:192.168.2.196:40536:1529735670:NAT-PMP 40536 tcp '
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: UPnP permission rule 0 matched : port mapping accepted
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: Check protocol tcp for port 40536 on ext_if eth0.2 192.168.1.3, 0301A8C0
    Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: redirecting port 40536 to 192.168.2.196:40536 protocol TCP for: NAT-PMP 40536 tcp
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: parsing lease file line 'UDP:40536:192.168.2.196:40536:1529735670:NAT-PMP 40536 udp '
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: UPnP permission rule 0 matched : port mapping accepted
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: Check protocol udp for port 40536 on ext_if eth0.2 192.168.1.3, 0301A8C0
    Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: redirecting port 40536 to 192.168.2.196:40536 protocol UDP for: NAT-PMP 40536 udp
    Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: version 2.1 starting NAT-PMP/PCP UPnP-IGD ext if eth0.2 BOOTID=1529735459
    Sat Jun 23 14:30:59 2018 daemon.notice miniupnpd[29432]: HTTP listening on port 5000
    Sat Jun 23 14:30:59 2018 daemon.notice miniupnpd[29432]: HTTP IPv6 address given to control points : [fd18:7515:c672::1]
    Sat Jun 23 14:30:59 2018 daemon.notice miniupnpd[29432]: Listening for NAT-PMP/PCP traffic on port 5351
    Sat Jun 23 14:31:01 2018 user.info mwan3track[14623]: Check (ping) failed for target "8.8.4.4" on interface wan (eth0.2)
    
    

    miniupnpd 配置

    文件地址:/tmp/etc/miniupnpd.conf

    ext_ifname=eth0.2
    listening_ip=br-lan
    port=5000
    enable_natpmp=yes
    enable_upnp=yes
    secure_mode=yes
    pcp_allow_thirdparty=no
    system_uptime=yes
    force_igd_desc_v1=no
    lease_file=/var/run/miniupnpd.leases
    bitrate_down=8388608
    bitrate_up=4194304
    uuid=e6a5a45e-6309-4a49-8205-5bb0c8d379af
    allow 1024-65535 0.0.0.0/0 1024-65535 #Allow high ports
    deny 0-65535 0.0.0.0/0 0-65535 #Default deny
    

    iptables 规则

    root@tsk3:/tmp/run# iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere             policy match dir in pol ipsec proto esp
    ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
    input_rule  all  --  anywhere             anywhere             /* !fw3: Custom input rule chain */
    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED /* !fw3 */
    syn_flood  tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
    zone_lan_input  all  --  anywhere             anywhere             /* !fw3 */
    zone_wan_input  all  --  anywhere             anywhere             /* !fw3 */
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere             policy match dir out pol ipsec proto esp
    ACCEPT     all  --  anywhere             anywhere             policy match dir in pol ipsec proto esp
    FLOWOFFLOAD  all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED FLOWOFFLOAD
    forwarding_rule  all  --  anywhere             anywhere             /* !fw3: Custom forwarding rule chain */
    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED /* !fw3 */
    zone_lan_forward  all  --  anywhere             anywhere             /* !fw3 */
    zone_wan_forward  all  --  anywhere             anywhere             /* !fw3 */
    reject     all  --  anywhere             anywhere             /* !fw3 */
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere             policy match dir out pol ipsec proto esp
    ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
    output_rule  all  --  anywhere             anywhere             /* !fw3: Custom output rule chain */
    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED /* !fw3 */
    zone_lan_output  all  --  anywhere             anywhere             /* !fw3 */
    zone_wan_output  all  --  anywhere             anywhere             /* !fw3 */
    
    Chain MINIUPNPD (1 references)
    target     prot opt source               destination
    
    Chain forwarding_lan_rule (1 references)
    target     prot opt source               destination
    
    Chain forwarding_rule (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    
    Chain forwarding_wan_rule (1 references)
    target     prot opt source               destination
    
    Chain input_lan_rule (1 references)
    target     prot opt source               destination
    
    Chain input_rule (1 references)
    target     prot opt source               destination
    
    Chain input_wan_rule (1 references)
    target     prot opt source               destination
    
    Chain output_lan_rule (1 references)
    target     prot opt source               destination
    
    Chain output_rule (1 references)
    target     prot opt source               destination
    
    Chain output_wan_rule (1 references)
    target     prot opt source               destination
    
    Chain reject (3 references)
    target     prot opt source               destination
    REJECT     tcp  --  anywhere             anywhere             /* !fw3 */ reject-with tcp-reset
    REJECT     all  --  anywhere             anywhere             /* !fw3 */ reject-with icmp-port-unreachable
    
    Chain syn_flood (1 references)
    target     prot opt source               destination
    RETURN     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */
    DROP       all  --  anywhere             anywhere             /* !fw3 */
    
    Chain zone_lan_dest_ACCEPT (4 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
    
    Chain zone_lan_forward (1 references)
    target     prot opt source               destination
    forwarding_lan_rule  all  --  anywhere             anywhere             /* !fw3: Custom lan forwarding rule chain */
    zone_wan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3: Zone lan to wan forwarding policy */
    ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port forwards */
    zone_lan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */
    
    Chain zone_lan_input (1 references)
    target     prot opt source               destination
    input_lan_rule  all  --  anywhere             anywhere             /* !fw3: Custom lan input rule chain */
    ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port redirections */
    zone_lan_src_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */
    
    Chain zone_lan_output (1 references)
    target     prot opt source               destination
    output_lan_rule  all  --  anywhere             anywhere             /* !fw3: Custom lan output rule chain */
    zone_lan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */
    
    Chain zone_lan_src_ACCEPT (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere             ctstate NEW,UNTRACKED /* !fw3 */
    
    Chain zone_wan_dest_ACCEPT (2 references)
    target     prot opt source               destination
    DROP       all  --  anywhere             anywhere             ctstate INVALID /* !fw3: Prevent NAT leakage */
    ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
    
    Chain zone_wan_dest_REJECT (1 references)
    target     prot opt source               destination
    reject     all  --  anywhere             anywhere             /* !fw3 */
    
    Chain zone_wan_forward (1 references)
    target     prot opt source               destination
    forwarding_wan_rule  all  --  anywhere             anywhere             /* !fw3: Custom wan forwarding rule chain */
    zone_lan_dest_ACCEPT  esp  --  anywhere             anywhere             /* !fw3: Allow-IPSec-ESP */
    zone_lan_dest_ACCEPT  udp  --  anywhere             anywhere             udp dpt:isakmp /* !fw3: Allow-ISAKMP */
    ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port forwards */
    MINIUPNPD  all  --  anywhere             anywhere
    zone_wan_dest_REJECT  all  --  anywhere             anywhere             /* !fw3 */
    
    Chain zone_wan_input (1 references)
    target     prot opt source               destination
    input_wan_rule  all  --  anywhere             anywhere             /* !fw3: Custom wan input rule chain */
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
    ACCEPT     icmp --  anywhere             anywhere             icmp echo-request /* !fw3: Allow-Ping */
    ACCEPT     igmp --  anywhere             anywhere             /* !fw3: Allow-IGMP */
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:1688 /* !fw3: kms */
    ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port redirections */
    zone_wan_src_REJECT  all  --  anywhere             anywhere             /* !fw3 */
    
    Chain zone_wan_output (1 references)
    target     prot opt source               destination
    output_wan_rule  all  --  anywhere             anywhere             /* !fw3: Custom wan output rule chain */
    zone_wan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */
    
    Chain zone_wan_src_REJECT (1 references)
    target     prot opt source               destination
    reject     all  --  anywhere             anywhere             /* !fw3 */
    

    完整日志

    日志里面有很多类似 DNS 转发失败的信息,如果可以也请告诉我如何处理。

    备注

    在 GitHub 的 issue 上也提了地址在这里 issue

    感谢您花时间看我的问题,谢谢。

    3 条回复    2018-06-24 05:45:42 +08:00
    datocp
        1
    datocp  
       2018-06-23 17:53:59 +08:00   ❤️ 1
    这个东西没什么研究。当时好像是通过比对不同的固件,才注意到防火墙差别。

    #iptables -N MINIUPNPD
    #iptables -I FORWARD -j MINIUPNPD
    #iptables -t nat -N MINIUPNPD
    #iptables -t nat -I PREROUTING -i pppoe-wan -j MINIUPNPD
    ysc3839
        2
    ysc3839  
       2018-06-23 18:04:29 +08:00 via Android   ❤️ 1
    试一下别的 UPnP 客户端是否正常。比如说 Windows 自带的 UPnP。
    LazyZhu
        3
    LazyZhu  
       2018-06-24 05:45:42 +08:00
    试过 OpenWrt 18.06.0-rc1 的 UPnP, 无任何问题.
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3337 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 22ms · UTC 11:30 · PVG 19:30 · LAX 03:30 · JFK 06:30
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.