LEDE 固件的 UPnP(miniupnpd) 不能使用请问有朋友知道怎么解决吗？

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

现在注册

已注册用户请登录

这是一个创建于 2336 天前的主题，其中的信息可能已经有所发展或是发生改变。

问题

表现为 Xbox one 显示“ UPnP not successful in your network settings ”
shell 中upnpc -s输出

upnpc : miniupnpc library test client, version 2.1.
 (c) 2005-2018 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
No IGD UPnP Device found on the network !

最开始系统日志里面报could not open lease file: /var/run/miniupnpd.leases （尝试 /etc/init.d/miniupnpd enable 后不显示）

软件信息

LEDE: Powered by LuCI Master (git-18.163.61042-b5a43cf) / OpenWrt R7.7.4 By Lean

安装的 UPnP 插件：

luci-app-upnp luci-i18n-upnp-zh-cn miniupnpd(2.1-2)

网络信息

K3 路由器使用 DHCP 连接到电信光猫。我的 Xbox 和电脑等设备使用 DHCP 连接 K3

ip 192.168.1.1 电信光猫 192.168.2.1 K3-LEDE

Subnet Mask 255.255.255.0

我做的尝试

删除所有自定义的 iptables 转发规则
尝试重启并启用服务

# /etc/init.d/miniupnpd restart
# /etc/init.d/miniupnpd enable

系统日志输出：

Sat Jun 23 14:30:59 2018 daemon.notice miniupnpd[22474]: shutting down MiniUPnPd
Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: system uptime is 45714 seconds
Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: Reloading rules from lease file
Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: parsing lease file line 'TCP:24874:192.168.2.196:24874:1529735590:NAT-PMP 24874 tcp '
Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: UPnP permission rule 0 matched : port mapping accepted
Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: Check protocol tcp for port 24874 on ext_if eth0.2 192.168.1.3, 0301A8C0
Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: redirecting port 24874 to 192.168.2.196:24874 protocol TCP for: NAT-PMP 24874 tcp
Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: parsing lease file line 'UDP:24874:192.168.2.196:24874:1529735590:NAT-PMP 24874 udp '
Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: UPnP permission rule 0 matched : port mapping accepted
Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: Check protocol udp for port 24874 on ext_if eth0.2 192.168.1.3, 0301A8C0
Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: redirecting port 24874 to 192.168.2.196:24874 protocol UDP for: NAT-PMP 24874 udp
Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: parsing lease file line 'TCP:40536:192.168.2.196:40536:1529735670:NAT-PMP 40536 tcp '
Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: UPnP permission rule 0 matched : port mapping accepted
Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: Check protocol tcp for port 40536 on ext_if eth0.2 192.168.1.3, 0301A8C0
Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: redirecting port 40536 to 192.168.2.196:40536 protocol TCP for: NAT-PMP 40536 tcp
Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: parsing lease file line 'UDP:40536:192.168.2.196:40536:1529735670:NAT-PMP 40536 udp '
Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: UPnP permission rule 0 matched : port mapping accepted
Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: Check protocol udp for port 40536 on ext_if eth0.2 192.168.1.3, 0301A8C0
Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: redirecting port 40536 to 192.168.2.196:40536 protocol UDP for: NAT-PMP 40536 udp
Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: version 2.1 starting NAT-PMP/PCP UPnP-IGD ext if eth0.2 BOOTID=1529735459
Sat Jun 23 14:30:59 2018 daemon.notice miniupnpd[29432]: HTTP listening on port 5000
Sat Jun 23 14:30:59 2018 daemon.notice miniupnpd[29432]: HTTP IPv6 address given to control points : [fd18:7515:c672::1]
Sat Jun 23 14:30:59 2018 daemon.notice miniupnpd[29432]: Listening for NAT-PMP/PCP traffic on port 5351
Sat Jun 23 14:31:01 2018 user.info mwan3track[14623]: Check (ping) failed for target "8.8.4.4" on interface wan (eth0.2)

miniupnpd 配置

文件地址:/tmp/etc/miniupnpd.conf

ext_ifname=eth0.2
listening_ip=br-lan
port=5000
enable_natpmp=yes
enable_upnp=yes
secure_mode=yes
pcp_allow_thirdparty=no
system_uptime=yes
force_igd_desc_v1=no
lease_file=/var/run/miniupnpd.leases
bitrate_down=8388608
bitrate_up=4194304
uuid=e6a5a45e-6309-4a49-8205-5bb0c8d379af
allow 1024-65535 0.0.0.0/0 1024-65535 #Allow high ports
deny 0-65535 0.0.0.0/0 0-65535 #Default deny

iptables 规则

root@tsk3:/tmp/run# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             policy match dir in pol ipsec proto esp
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
input_rule  all  --  anywhere             anywhere             /* !fw3: Custom input rule chain */
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED /* !fw3 */
syn_flood  tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
zone_lan_input  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_input  all  --  anywhere             anywhere             /* !fw3 */

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             policy match dir out pol ipsec proto esp
ACCEPT     all  --  anywhere             anywhere             policy match dir in pol ipsec proto esp
FLOWOFFLOAD  all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED FLOWOFFLOAD
forwarding_rule  all  --  anywhere             anywhere             /* !fw3: Custom forwarding rule chain */
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED /* !fw3 */
zone_lan_forward  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_forward  all  --  anywhere             anywhere             /* !fw3 */
reject     all  --  anywhere             anywhere             /* !fw3 */

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             policy match dir out pol ipsec proto esp
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
output_rule  all  --  anywhere             anywhere             /* !fw3: Custom output rule chain */
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED /* !fw3 */
zone_lan_output  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_output  all  --  anywhere             anywhere             /* !fw3 */

Chain MINIUPNPD (1 references)
target     prot opt source               destination

Chain forwarding_lan_rule (1 references)
target     prot opt source               destination

Chain forwarding_rule (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain forwarding_wan_rule (1 references)
target     prot opt source               destination

Chain input_lan_rule (1 references)
target     prot opt source               destination

Chain input_rule (1 references)
target     prot opt source               destination

Chain input_wan_rule (1 references)
target     prot opt source               destination

Chain output_lan_rule (1 references)
target     prot opt source               destination

Chain output_rule (1 references)
target     prot opt source               destination

Chain output_wan_rule (1 references)
target     prot opt source               destination

Chain reject (3 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere             /* !fw3 */ reject-with tcp-reset
REJECT     all  --  anywhere             anywhere             /* !fw3 */ reject-with icmp-port-unreachable

Chain syn_flood (1 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */
DROP       all  --  anywhere             anywhere             /* !fw3 */

Chain zone_lan_dest_ACCEPT (4 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */

Chain zone_lan_forward (1 references)
target     prot opt source               destination
forwarding_lan_rule  all  --  anywhere             anywhere             /* !fw3: Custom lan forwarding rule chain */
zone_wan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3: Zone lan to wan forwarding policy */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port forwards */
zone_lan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_lan_input (1 references)
target     prot opt source               destination
input_lan_rule  all  --  anywhere             anywhere             /* !fw3: Custom lan input rule chain */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port redirections */
zone_lan_src_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_lan_output (1 references)
target     prot opt source               destination
output_lan_rule  all  --  anywhere             anywhere             /* !fw3: Custom lan output rule chain */
zone_lan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_lan_src_ACCEPT (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate NEW,UNTRACKED /* !fw3 */

Chain zone_wan_dest_ACCEPT (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere             ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */

Chain zone_wan_dest_REJECT (1 references)
target     prot opt source               destination
reject     all  --  anywhere             anywhere             /* !fw3 */

Chain zone_wan_forward (1 references)
target     prot opt source               destination
forwarding_wan_rule  all  --  anywhere             anywhere             /* !fw3: Custom wan forwarding rule chain */
zone_lan_dest_ACCEPT  esp  --  anywhere             anywhere             /* !fw3: Allow-IPSec-ESP */
zone_lan_dest_ACCEPT  udp  --  anywhere             anywhere             udp dpt:isakmp /* !fw3: Allow-ISAKMP */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port forwards */
MINIUPNPD  all  --  anywhere             anywhere
zone_wan_dest_REJECT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_wan_input (1 references)
target     prot opt source               destination
input_wan_rule  all  --  anywhere             anywhere             /* !fw3: Custom wan input rule chain */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request /* !fw3: Allow-Ping */
ACCEPT     igmp --  anywhere             anywhere             /* !fw3: Allow-IGMP */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:1688 /* !fw3: kms */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port redirections */
zone_wan_src_REJECT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_wan_output (1 references)
target     prot opt source               destination
output_wan_rule  all  --  anywhere             anywhere             /* !fw3: Custom wan output rule chain */
zone_wan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_wan_src_REJECT (1 references)
target     prot opt source               destination
reject     all  --  anywhere             anywhere             /* !fw3 */

完整日志

日志里面有很多类似 DNS 转发失败的信息，如果可以也请告诉我如何处理。

备注

在 GitHub 的 issue 上也提了地址在这里 issue

感谢您花时间看我的问题，谢谢。

anywhere

fw3

miniupnpd

3 条回复 • 2018-06-24 05:45:42 +08:00

datocp

2018-06-23 17:53:59 +08:00

这个东西没什么研究。当时好像是通过比对不同的固件，才注意到防火墙差别。

#iptables -N MINIUPNPD
#iptables -I FORWARD -j MINIUPNPD
#iptables -t nat -N MINIUPNPD
#iptables -t nat -I PREROUTING -i pppoe-wan -j MINIUPNPD

ysc3839

2018-06-23 18:04:29 +08:00 via Android

试一下别的 UPnP 客户端是否正常。比如说 Windows 自带的 UPnP。

LazyZhu

2018-06-24 05:45:42 +08:00

试过 OpenWrt 18.06.0-rc1 的 UPnP, 无任何问题.