Closed escape0707 closed 1 year ago
Redirects are there:
table inet miniupnpd {
chain forward {
type filter hook forward priority -25; policy accept;
iif "pppoe-wan" th dport 49965 @nh,128,32 0xc0a8010b @nh,72,8 0x11 accept
iif "pppoe-wan" th dport 9564 @nh,128,32 0xc0a8010b @nh,72,8 0x6 accept
iif "pppoe-wan" th dport 9564 @nh,128,32 0xc0a8010b @nh,72,8 0x11 accept
}
}
table ip miniupnpd {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
iif "pppoe-wan" udp dport 49965 dnat to 192.168.1.11:49965
iif "pppoe-wan" tcp dport 9564 dnat to 192.168.1.11:9564
iif "pppoe-wan" udp dport 9564 dnat to 192.168.1.11:9564
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
}
}
table ip6 miniupnpd {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
}
}
Please report a LuCI issue instead.
Thanks for your quick reply.
Redirects are there
That's what confused me, too. As application's like qbittorrent and windows teredo all say that they can't be connected from outside.
If I manually forward all ports to my testing machine, without the assist of UPnP, then they both report cone
or public connectable.
Also, I tested this with canyouseeme.org
and the listening port of qbittorrent. UPnP get connection refused
, manually forwarding ports works as intended. This is tested on both Windows 10 LTSC 2021 and latest ArchLinux.
@stintel Could you suggest me some more accurate ways to test which part is malfunctioning? Thanks!
That's what confused me, too. As application's like qbittorrent and windows teredo all says they can't be connected from outside.
Don't trust the application, trust tcpdump. I actually verified miniupnpd-nftables like that recently, because somewhere in some horrible 1500+ message thread in the forum where different issues are discussed, making it impossible to follow anything, and reminding me why I used to stay away from forums, someone complained that it didn't work.
On a remote host:
$ echo foo | nc -u 87.227.x.x 3074
On my OpenWrt router running miniupnpd-nftables:
# tcpdump -ni switch.54 port 3074
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on switch.54, link-type EN10MB (Ethernet), capture size 262144 bytes
16:40:37.990057 IP 94.225.x.x.38515 > 192.168.54.35.3074: UDP, length 4
trust tcpdump
I'll go and learn about this tool now! Thanks for the information!
If in fact that confirms the port forward doesn't work, please change the title of this issue to reflect just that. The fact that LuCI doesn't show the redirects should be fixed in LuCI so is not relevant for this issue (tracker).
The fact that LuCI doesn't show the redirects should be fixed in LuCI so is not relevant for this issue (tracker).
Duly noted, I'll file another issue later on.
I used my phone's standalone cell data and in it's terminal run:
$ echo foo | nc -u 111.226.<my public ipv4> 9564
Then on my router, run:
# tcpdump -ni pppoe-wan port 9564
......
15:03:51.885771 IP 106.119.<my phone cell data ipv4>.41998 > 111.226.<my public ipv4>.9564: UDP, length 4
......
At the meanwhile:
# tcpdump -ni br-lan port 9564
doesn't show my phone's ipv4 address, albeit other IP addresses that are currently transferring torrents with my qbittorrent client got captured. And those packets are sent from / to my laptop's LAN ipv4 192.168.1.11
My gut feeling says it's related to using ppp. @dangowrt reported a similar problem here.
My gut feeling says it's related to using ppp.
Do you think if I "use another router to do the PPPoE dial up, connect my Redmi OpenWRT router to the first one's LAN port and use DHCP to connect to the Internet, then manually forward all ports from the first router to OpenWRT" will help diagnose this problem?
I'll have to try that tomorrow, parents are about to sleep. Thank you for helping me trouble shooting, nice sir!
Sadly, with this config, I get a lot of:
Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: rule with label 'qBittorrent Enhanced/4.4.0.10' is not a IGD pinhole
Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: rule with label 'qBittorrent Enhanced/4.4.0.10' is not a IGD pinhole
Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: rule with label 'qBittorrent Enhanced/4.4.0.10' is not a IGD pinhole
Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: rule with label 'qBittorrent Enhanced/4.4.0.10' is not a IGD pinhole
Wed Feb 16 02:45:44 2022 daemon.info miniupnpd[6819]: HTTP REQUEST from [::ffff:192.168.1.11]:33287 : POST /ctl/IPConn (HTTP/1.1)
Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: Host: 192.168.1.1:5000
Wed Feb 16 02:45:44 2022 daemon.info miniupnpd[6819]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:2#AddPortMapping
Wed Feb 16 02:45:44 2022 daemon.info miniupnpd[6819]: AddPortMapping: ext port 10659 to 192.168.1.11:10659 protocol TCP for: qBittorrent/4.5.0alpha1 leaseduration=604800 rhost=
Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: UPnP permission rule 0 matched : port mapping accepted
Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: Check protocol tcp for port 10659 on ext_if wan 192.168.2.116, 7402A8C0
Wed Feb 16 02:45:44 2022 daemon.info miniupnpd[6819]: redirecting port 10659 to 192.168.1.11:10659 protocol TCP for: qBittorrent/4.5.0alpha1
Wed Feb 16 02:45:44 2022 daemon.info miniupnpd[6819]: Returning UPnPError 501: ActionFailed
Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: rule with label 'qBittorrent Enhanced/4.4.0.10' is not a IGD pinhole
Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: rule with label 'qBittorrent Enhanced/4.4.0.10' is not a IGD pinhole
Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: rule with label 'qBittorrent Enhanced/4.4.0.10' is not a IGD pinhole
Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: rule with label 'qBittorrent Enhanced/4.4.0.10' is not a IGD pinhole
Wed Feb 16 02:45:44 2022 daemon.info miniupnpd[6819]: HTTP REQUEST from [::ffff:192.168.1.11]:33957 : POST /ctl/IPConn (HTTP/1.1)
Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: Host: 192.168.1.1:5000
The first level router is set to dial up through PPPoE, then set the OpenWrt router as DMZ. When I manually forward all ports also in OpenWrt, I can connect to my machine from the Internet. But when I switch to UPnP, UPnP just won't work, and applications reports so, too.
Sadly, with this config, I get a lot of:
Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: rule with label 'qBittorrent Enhanced/4.4.0.10' is not a IGD pinhole Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: rule with label 'qBittorrent Enhanced/4.4.0.10' is not a IGD pinhole Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: rule with label 'qBittorrent Enhanced/4.4.0.10' is not a IGD pinhole Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: rule with label 'qBittorrent Enhanced/4.4.0.10' is not a IGD pinhole Wed Feb 16 02:45:44 2022 daemon.info miniupnpd[6819]: HTTP REQUEST from [::ffff:192.168.1.11]:33287 : POST /ctl/IPConn (HTTP/1.1) Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: Host: 192.168.1.1:5000 Wed Feb 16 02:45:44 2022 daemon.info miniupnpd[6819]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:2#AddPortMapping Wed Feb 16 02:45:44 2022 daemon.info miniupnpd[6819]: AddPortMapping: ext port 10659 to 192.168.1.11:10659 protocol TCP for: qBittorrent/4.5.0alpha1 leaseduration=604800 rhost= Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: UPnP permission rule 0 matched : port mapping accepted Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: Check protocol tcp for port 10659 on ext_if wan 192.168.2.116, 7402A8C0 Wed Feb 16 02:45:44 2022 daemon.info miniupnpd[6819]: redirecting port 10659 to 192.168.1.11:10659 protocol TCP for: qBittorrent/4.5.0alpha1 Wed Feb 16 02:45:44 2022 daemon.info miniupnpd[6819]: Returning UPnPError 501: ActionFailed Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: rule with label 'qBittorrent Enhanced/4.4.0.10' is not a IGD pinhole Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: rule with label 'qBittorrent Enhanced/4.4.0.10' is not a IGD pinhole Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: rule with label 'qBittorrent Enhanced/4.4.0.10' is not a IGD pinhole Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: rule with label 'qBittorrent Enhanced/4.4.0.10' is not a IGD pinhole Wed Feb 16 02:45:44 2022 daemon.info miniupnpd[6819]: HTTP REQUEST from [::ffff:192.168.1.11]:33957 : POST /ctl/IPConn (HTTP/1.1) Wed Feb 16 02:45:44 2022 daemon.debug miniupnpd[6819]: Host: 192.168.1.1:5000
The first level router is set to dial up through PPPoE, then set the OpenWrt router as DMZ. When I manually forward all ports also in OpenWrt, I can connect to my machine from the Internet. But when I switch to UPnP, UPnP just won't work, and applications reports so, too.
me too!openwrt pppoe
@snakwu I think you are facing a completely different problem. You should open an independent issue addressing it.
Actually, I don't know what's the meaning of this table:
table inet miniupnpd {
chain forward {
type filter hook forward priority -25; policy accept;
iif "pppoe-wan" th dport 49965 @nh,128,32 0xc0a8010b @nh,72,8 0x11 accept
iif "pppoe-wan" th dport 9564 @nh,128,32 0xc0a8010b @nh,72,8 0x6 accept
iif "pppoe-wan" th dport 9564 @nh,128,32 0xc0a8010b @nh,72,8 0x11 accept
}
}
The default policy in its base chain is ACCEPT
, while all rules in it says ACCEPT
, too. What does the @nh
filters verifies? This table currently does nothing because so far there isn't anything malicious that needed to be rejected, yet?
I manually specified my external_ip
in /etc/config/upnpd
and UPnP set up the firewall rules successfully now. But I'm still getting the similar behavior that tcpdump shows incoming testing packets only on wan
not br-lan
. Manually forwarding still works.
I think I know where the problem is. If I add any port forward rule manually and UPnP seems to work. But I still need to do more tests.
When at least one port forward is defined, certain additional rules are enabled by firewall4, like the rule that automatically accepts all inbound traffic that is related to a DNAT'ed connection
Yes, I diffed those nft rulesets and saw several ct status dnat accept
. That is the reason why only enabling miniupnpd is not working.
After set up UPnP and add any firewall rules through LuCI, everything works just fine, for both DHCP and PPPoE.
The display issue of luci-app-upnp
is already reported here https://github.com/openwrt/luci/issues/5678
What do you mean specifically with "add any firewall rules through LuCI"? I am looking at miniupnpd atm and try to figure out how to improve it
@jow-
I mean, when I only installed luci-app-upnp
and enabled UPnP, then launch an app (qbittorrent) to make UPnP port forward request, I will get a nftables rule set like this: nftables_without_manually_port_forwarding.txt
At this time, the port forward rules made by miniupnpd won't work. I can now add a non-related port's forward rule manually from LuCI, and this time I get the following nftables rule set: nftables_with_manually_port_forwarding.txt
A diff between those two shows that two
ct status dnat accept
rules were inserted just before
jump reject_from_wan
and
jump reject_to_wan
which I believe are what make the port forwarded by miniupnpd works again.
@stintel I'm not using PPPoE, got IPoE FTTH with the ISP-provided router operating in bridge-mode and OpenWrt device connected to it receiving a public IPv4 via DHCP. Yet rules added by miniupnpd didn't have any effect.
Same here, but my issue is with PCP and ipv6. I see miniupnpd responding to the port open request, and I see the rules in nftables yet they do nothing.
Also, the lease file stays empty (I believe this is another separate issue)
@jow already explained the reason here I have static port forwards so I have that rule and that's why things work for me.
I'm sorry, I'm confused, do we need to add something then?
I also saw that miniupnpd v2.3.0 fixes some issues with nftables and might be related to this, no?
@tiagogaspar8 https://github.com/openwrt/packages/issues/17871#issuecomment-1042615077
I think those rules added by luci firewall setting is the key point.
Yes, but what I mean is that I bleive the new release of miniupnpd fixes this issue because it corrects the location and the jumps that are currently broken.
Also, the port forwarding rules don't explain the reason why ipv6 PCP doesn't work.
Oh, I don't have IPv6 currently. And i guess i should update my OpenWrt and miniupnpd to test it again.
@escape0707 Yeah, I wanted to update my miniupnpd version too to see if this issue is fixed magically (hoping)
If you'd like you can try ipv6 with a he.net free tunnel 😁
So, I updated upnpd to the latest version and it built without issue. Yet, now it is giving me errors:
Fri Feb 18 12:53:16 2022 daemon.notice miniupnpd[9995]: Listening for NAT-PMP/PCP traffic on port 5351
Fri Feb 18 12:53:18 2022 daemon.err miniupnpd[9995]: Failed to remove PCP mapping internal port 31425, protocol TCP
Fri Feb 18 12:53:18 2022 daemon.err miniupnpd[9995]: Failed to remove PCP mapping internal port 31425, protocol TCP
Fri Feb 18 12:53:18 2022 daemon.err miniupnpd[9995]: Failed to remove PCP mapping internal port 31425, protocol UDP
Fri Feb 18 12:53:18 2022 daemon.err miniupnpd[9995]: Failed to remove PCP mapping internal port 31425, protocol UDP
Fri Feb 18 12:53:18 2022 daemon.err miniupnpd[9995]: Failed to remove PCP mapping internal port 31425, protocol TCP
Fri Feb 18 12:53:18 2022 daemon.err miniupnpd[9995]: Failed to remove PCP mapping internal port 31425, protocol UDP
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: send_batch: mnl_cb_run returned -1
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: nft_send_rule(0xb6f59c60, 6, 0) send_batch failed -4
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: PCP MAP: failed to add mapping TCP 31425->IPV6_address 'PCP MAP ec0ac7716fc4d8826bae8213'
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: send_batch: mnl_cb_run returned -1
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: nft_send_rule(0xb6f59c50, 6, 0) send_batch failed -4
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: PCP MAP: failed to add mapping TCP 31425->IPV6_address 'PCP MAP 9cc757b08ef14bd005bbfe9f'
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: send_batch: mnl_cb_run returned -1
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: nft_send_rule(0xb6f59c60, 6, 0) send_batch failed -4
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: PCP MAP: failed to add mapping TCP 31425->IPV6_address 'PCP MAP 3e9a7f85248a0d9649c4c34d'
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: send_batch: mnl_cb_run returned -1
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: nft_send_rule(0xb6f59c50, 6, 0) send_batch failed -4
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: PCP MAP: failed to add mapping UDP 31425->IPV6_address 'PCP MAP e5cb295fb65fe8c9a5534f47'
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: send_batch: mnl_cb_run returned -1
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: nft_send_rule(0xb6f59c60, 6, 0) send_batch failed -4
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: PCP MAP: failed to add mapping UDP 31425->IPV6_address 'PCP MAP fb06d932a8c33d937f52b9f1'
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: send_batch: mnl_cb_run returned -1
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: nft_send_rule(0xb6f59c50, 6, 0) send_batch failed -4
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: PCP MAP: failed to add mapping UDP 31425->IPV6_address 'PCP MAP d305d6a5b481f8b4769d21ac'
Just to clarify, these errors are new:
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: send_batch: mnl_cb_run returned -1
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: nft_send_rule(0xb6f59c50, 6, 0) send_batch failed -4
Fri Feb 18 12:53:26 2022 daemon.err miniupnpd[9995]: PCP MAP: failed to add mapping UDP 31425->IPV6_address 'PCP MAP d305d6a5b481f8b4769d21ac'
And these were present in the previous version:
Fri Feb 18 12:53:18 2022 daemon.err miniupnpd[9995]: Failed to remove PCP mapping internal port 31425, protocol TCP
Another update, managed to get miniupnp to work with the 2.3 version, I had to add the following lines to the configuration file:
upnp_table_name=fw4
upnp_nat_table_name=fw4
upnp_forward_chain=forward_wan
That fixed the forwarding and the "new" issues with the miniupnpd adding the rules, yet it didn't fix the failed to remove error. Now, we can't just add these lines like they are to the config file, because the "forwarding" section must be obtained dynamically from the firewall config. Also, I'm not sure if there should be a table just for miniupnpd or if it should just hook itself onto the default forwarding tables.
Adding valid manual portforward via "http://router/cgi-bin/luci/admin/network/firewall/forwards" make upnpd-nftables start to actually forward traffic. I learned this by accident now confirmed in this thread . Without it it only shows entries in nft but not accuall traffic is forwarded.
table ip miniupnpd {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
iif 265 udp dport 9308 dnat to 192.168.1.98:9308
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
}
}
table inet miniupnpd {
chain forward {
type filter hook forward priority -25; policy accept;
iif 265 th dport 9308 @nh,128,32 0xc0a80162 @nh,72,8 0x11 accept
}
}
OpenWrt SNAPSHOT, r18809-5a0975f7ef @mt7621
Does anyone have any progress?
@tiagogaspar8
Another update, managed to get miniupnp to work with the 2.3 version, I had to add the following lines to the configuration file:
upnp_table_name=fw4 upnp_nat_table_name=fw4 upnp_forward_chain=forward_wan
I assume the configuration file that you were referring is ../files/miniupnpd.init?
upnp_table_name=fw4 upnp_nat_table_name=fw4 upnp_forward_chain=forward_wan
This is a bad idea, as restarting fw4 will result in all rules added by miniupnpd being removed. One of the advantages that nftables brings is that you do not need to use the same table.
My WAN is a PPPOE client, when miniupnpd-nftables bring up somehow my ext_ifname inside /var/etc/miniupnpd.conf is "br-lan", after quick search, found out the following to fixes my ext_ifname & ext_ifname6 (/etc/init.d/miniupnpd) (Revised) :
else
local tmpconf="/var/etc/miniupnpd.conf"
conf="$tmpconf"
mkdir -p /var/etc
{
ifname=$(ubus call network.interface.wan status | grep \"l3_device\" | grep -oE '[^:]+$' | grep -o '"[^"]\+"' | sed 's/"//g' 2>/dev/null | head -1)
echo "ext_ifname=$ifname"
echo "ext_ifname6=$ifname6"
The workaround above is doesn't work when router goes up after a reboot, somehow a race condition? between miniupnpd init script and PPPOE client in OpenWRT?.
Another workaround, is to restart miniupnpd services after OpenWRT reboot.
Environments :
OpenWrt SNAPSHOT, r19053-921392e216 on x86-64, NFTABLES
Also does anyone working on fully supports miniupnpd with nftables?, luci-upnp seems needs a fixes, somehow "Active UPnP Redirects" doesn't showing up on my Status->Overview
Another issue found :
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: send_batch: mnl_cb_run returned -1
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: nft_send_rule(0x5573f734e0a0, 6, 2) send_batch failed -4
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: PCP MAP: failed to add mapping TCP 15555->10.10.8.142:15555'PCP MAP 7656cbfa2ca35ea9624ec1ef'
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: send_batch: mnl_cb_run returned -1
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: nft_send_rule(0x5573f734e640, 6, 2) send_batch failed -4
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: PCP MAP: failed to add mapping UDP 15555->10.10.8.142:15555'PCP MAP fae45c180e87e4e90525794c'
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: send_batch: mnl_cb_run returned -1
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: nft_send_rule(0x5573f734e640, 6, 2) send_batch failed -4
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: send_batch: mnl_cb_run returned -1
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: nft_send_rule(0x5573f734f4c0, 6, 2) send_batch failed -4
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: send_batch: mnl_cb_run returned -1
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: nft_send_rule(0x5573f734f840, 6, 2) send_batch failed -4
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: send_batch: mnl_cb_run returned -1
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: nft_send_rule(0x5573f734f840, 6, 2) send_batch failed -4
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: send_batch: mnl_cb_run returned -1
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: nft_send_rule(0x5573f734f840, 6, 2) send_batch failed -4
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: send_batch: mnl_cb_run returned -1
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: nft_send_rule(0x5573f734f840, 6, 2) send_batch failed -4
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: send_batch: mnl_cb_run returned -1
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: nft_send_rule(0x5573f734f840, 6, 2) send_batch failed -4
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: send_batch: mnl_cb_run returned -1
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: nft_send_rule(0x5573f734f840, 6, 2) send_batch failed -4
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: send_batch: mnl_cb_run returned -1
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: nft_send_rule(0x5573f734f840, 6, 2) send_batch failed -4
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: send_batch: mnl_cb_run returned -1
Wed Mar 9 01:39:01 2022 daemon.err miniupnpd[9446]: nft_send_rule(0x5573f734f840, 6, 2) send_batch failed -4
Going back into 21.02 SNAPSHOT until miniupnpd-nftables becoming stable.
to follow this thread
to follow this thread
Just click subscribe button, no need to add a comment here that everyone will get an email notification of.
I assume the configuration file that you were referring is ../files/miniupnpd.init?
Nop, I actually meant I created another config file manually and started miniupnpd manually.
This is a bad idea, as restarting fw4 will result in all rules added by miniupnpd being removed. One of the advantages that nftables brings is that you do not need to use the same table.
True, that's an issue I thought of, but I currently don't see a way of adding a jump to the miniupnpd section before all of the rules that fw4 usually creates. Or is there a way I don't know about?
Another issue found
I have mentioned this before, I also have no idea of what it is and I'm honestly scared to ask upstream 😅
Sorry for the delay btw guys.
Hello Everyone. I've just modify the miniupnp-nftables package to use nft while create firewall rules. And uploaded it to this repo: https://github.com/msylgj/miniupnpd.git Seems to be worked.😅 However, would you like to have a test?
@msylgj It will be better for you to fork from the miniupnpd project and then commit your patches, rather than download a snapshot to you local drive then start a git repo afresh.
@msylgj It will be better for you to fork from the miniupnpd project and then commit your patches, rather than download a snapshot to you local drive then start a git repo afresh.
Thank you. I know that and the repo is just for test before a PR
@msylgj I gotta say you're close to the solution! Indeed port forwardings work! Yet when qbittorrent tries to remove them this happens:
Mon Mar 21 21:46:10 2022 daemon.err miniupnpd[6032]: Failed to remove PCP mapping internal port 31425, protocol TCP
Mon Mar 21 21:46:10 2022 daemon.err miniupnpd[6032]: Failed to remove PCP mapping internal port 31425, protocol UDP
Mon Mar 21 21:46:10 2022 daemon.err miniupnpd[6032]: Failed to remove PCP mapping internal port 31425, protocol TCP
Mon Mar 21 21:46:10 2022 daemon.err miniupnpd[6032]: Failed to remove PCP mapping internal port 31425, protocol UDP
Mon Mar 21 21:46:10 2022 daemon.err miniupnpd[6032]: Failed to remove PCP mapping internal port 31425, protocol TCP
Mon Mar 21 21:46:10 2022 daemon.err miniupnpd[6032]: Failed to remove PCP mapping internal port 31425, protocol UDP
And no rules are removed. Also, when a reboot is performed on the firewall tis happens:
root@router1:~# /etc/init.d/firewall restart
Section @rule[9] (Support-UDP-Traceroute) is disabled, ignoring section
Section @rule[10] (31425) is disabled, ignoring section
Hardware flow offloading unavailable, falling back to software offloading
/proc/self/fd/0:51:45-55: Error: Could not process rule: Not supported
/proc/self/fd/0:150:45-57: Error: Could not process rule: Not supported
/proc/self/fd/0:156:46-58: Error: Could not process rule: Not supported
And firewall4 doesn't start...
Yet, you're closer than ever, do you have any idea of what this can be?
Thanks for your feedback.@tiagogaspar8 I also see those 'Failed to remove PCP mapping' errors, and duplicate rules will be add. For the second, if use 'fw4 reload' replace of '/etc/init.d/firewall restart'(after restart miniupnpd), everything is ok. However, I push a new commit to my test repo, no hook on fw4, so the second error will be gone. But it still far away from really work, Because there has been a big problem like below, all the time. I'm trying to read the source code of miniupnpd, and find the reason.
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: level=0 type=8
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: ifindex = 5 192.168.2.1
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: ST: upnp:rootdevice (ver=0)
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: SSDP M-SEARCH from 192.168.2.3:1900 ST: upnp:rootdevice
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: Single search found
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: SendSSDPResponse(): 0 bytes to 192.168.2.3:1900 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: upnp:rootdevice
USN: uuid:9b1e2954-07c8-4697-ac7f-8b24e082f39a::upnp:rootdevice
EXT:
SERVER: OpenWrt/5.15.30 UPnP/1.1 MiniUPnPd/2.3.0
LOCATION: http://192.168.2.1:5000/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1647922782
BOOTID.UPNP.ORG: 1647922782
CONFIGID.UPNP.ORG: 1337
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: PCP request received from 192.168.2.3:36261 60bytes
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: UPnP permission rule 0 matched : port mapping accepted
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Check protocol tcp for port 6881 on ext_if pppoe-wan <My Public WAN IP>, 0B701424
Tue Mar 22 12:22:03 2022 daemon.err miniupnpd[24500]: PCP MAP: failed to add mapping TCP 6881->192.168.2.3:6881 'PCP MAP c1217244571b6e5699a108ef'
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: PCP request received from 192.168.2.3:36261 60bytes
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: UPnP permission rule 0 matched : port mapping accepted
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Check protocol udp for port 6881 on ext_if pppoe-wan <My Public WAN IP>, 0B701424
Tue Mar 22 12:22:03 2022 daemon.err miniupnpd[24500]: PCP MAP: failed to add mapping UDP 6881->192.168.2.3:6881 'PCP MAP d92ad01048919d21eded711c'
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: PCP request received from 192.168.2.3:36261 60bytes
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: UPnP permission rule 0 matched : port mapping accepted
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Check protocol tcp for port 8083 on ext_if pppoe-wan <My Public WAN IP>, 0B701424
Tue Mar 22 12:22:03 2022 daemon.err miniupnpd[24500]: PCP MAP: failed to add mapping TCP 8083->192.168.2.3:8083 'PCP MAP a4b5478e687e11137efe4662'
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: HTTP REQUEST from 192.168.2.3:34810 : GET /rootDesc.xml (HTTP/1.1)
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Host: 192.168.2.1:5000
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: HTTP REQUEST from 192.168.2.3:34812 : POST /ctl/IPConn (HTTP/1.1)
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Host: 192.168.2.1:5000
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: HTTP REQUEST from 192.168.2.3:35302 : POST /ctl/IPConn (HTTP/1.1)
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Host: 192.168.2.1:5000
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: AddPortMapping: ext port 6881 to 192.168.2.3:6881 protocol TCP for: qBittorrent Enhanced/4.3.9.10 leaseduration=604800 rhost=
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: UPnP permission rule 0 matched : port mapping accepted
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Check protocol tcp for port 6881 on ext_if pppoe-wan <My Public WAN IP>, 0B701424
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: redirecting port 6881 to 192.168.2.3:6881 protocol TCP for: qBittorrent Enhanced/4.3.9.10
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: Returning UPnPError 501: ActionFailed
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: HTTP REQUEST from 192.168.2.3:55095 : POST /ctl/IPConn (HTTP/1.1)
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Host: 192.168.2.1:5000
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: AddPortMapping: ext port 45368 to 192.168.2.3:6881 protocol TCP for: qBittorrent Enhanced/4.3.9.10 leaseduration=604800 rhost=
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: UPnP permission rule 0 matched : port mapping accepted
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Check protocol tcp for port 45368 on ext_if pppoe-wan <My Public WAN IP>, 0B701424
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: redirecting port 45368 to 192.168.2.3:6881 protocol TCP for: qBittorrent Enhanced/4.3.9.10
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: Returning UPnPError 501: ActionFailed
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: HTTP REQUEST from 192.168.2.3:54567 : POST /ctl/IPConn (HTTP/1.1)
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Host: 192.168.2.1:5000
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: AddPortMapping: ext port 41009 to 192.168.2.3:6881 protocol TCP for: qBittorrent Enhanced/4.3.9.10 leaseduration=604800 rhost=
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: UPnP permission rule 0 matched : port mapping accepted
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Check protocol tcp for port 41009 on ext_if pppoe-wan <My Public WAN IP>, 0B701424
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: redirecting port 41009 to 192.168.2.3:6881 protocol TCP for: qBittorrent Enhanced/4.3.9.10
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: Returning UPnPError 501: ActionFailed
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: HTTP REQUEST from 192.168.2.3:49545 : POST /ctl/IPConn (HTTP/1.1)
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Host: 192.168.2.1:5000
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: AddPortMapping: ext port 46199 to 192.168.2.3:6881 protocol TCP for: qBittorrent Enhanced/4.3.9.10 leaseduration=604800 rhost=
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: UPnP permission rule 0 matched : port mapping accepted
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Check protocol tcp for port 46199 on ext_if pppoe-wan <My Public WAN IP>, 0B701424
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: redirecting port 46199 to 192.168.2.3:6881 protocol TCP for: qBittorrent Enhanced/4.3.9.10
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: Returning UPnPError 501: ActionFailed
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: HTTP REQUEST from 192.168.2.3:51799 : POST /ctl/IPConn (HTTP/1.1)
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Host: 192.168.2.1:5000
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: AddPortMapping: ext port 48692 to 192.168.2.3:6881 protocol TCP for: qBittorrent Enhanced/4.3.9.10 leaseduration=604800 rhost=
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: UPnP permission rule 0 matched : port mapping accepted
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Check protocol tcp for port 48692 on ext_if pppoe-wan <My Public WAN IP>, 0B701424
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: redirecting port 48692 to 192.168.2.3:6881 protocol TCP for: qBittorrent Enhanced/4.3.9.10
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: Returning UPnPError 501: ActionFailed
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: HTTP REQUEST from 192.168.2.3:45397 : POST /ctl/IPConn (HTTP/1.1)
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Host: 192.168.2.1:5000
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: AddPortMapping: ext port 6881 to 192.168.2.3:6881 protocol UDP for: qBittorrent Enhanced/4.3.9.10 leaseduration=604800 rhost=
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: UPnP permission rule 0 matched : port mapping accepted
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Check protocol udp for port 6881 on ext_if pppoe-wan <My Public WAN IP>, 0B701424
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: redirecting port 6881 to 192.168.2.3:6881 protocol UDP for: qBittorrent Enhanced/4.3.9.10
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: Returning UPnPError 501: ActionFailed
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: HTTP REQUEST from 192.168.2.3:38029 : POST /ctl/IPConn (HTTP/1.1)
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Host: 192.168.2.1:5000
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: AddPortMapping: ext port 47128 to 192.168.2.3:6881 protocol UDP for: qBittorrent Enhanced/4.3.9.10 leaseduration=604800 rhost=
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: UPnP permission rule 0 matched : port mapping accepted
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Check protocol udp for port 47128 on ext_if pppoe-wan <My Public WAN IP>, 0B701424
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: redirecting port 47128 to 192.168.2.3:6881 protocol UDP for: qBittorrent Enhanced/4.3.9.10
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: Returning UPnPError 501: ActionFailed
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: HTTP REQUEST from 192.168.2.3:40342 : POST /ctl/IPConn (HTTP/1.1)
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Host: 192.168.2.1:5000
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: AddPortMapping: ext port 46971 to 192.168.2.3:6881 protocol UDP for: qBittorrent Enhanced/4.3.9.10 leaseduration=604800 rhost=
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: UPnP permission rule 0 matched : port mapping accepted
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Check protocol udp for port 46971 on ext_if pppoe-wan <My Public WAN IP>, 0B701424
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: redirecting port 46971 to 192.168.2.3:6881 protocol UDP for: qBittorrent Enhanced/4.3.9.10
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: Returning UPnPError 501: ActionFailed
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: HTTP REQUEST from 192.168.2.3:60035 : POST /ctl/IPConn (HTTP/1.1)
Tue Mar 22 12:22:03 2022 daemon.debug miniupnpd[24500]: Host: 192.168.2.1:5000
Tue Mar 22 12:22:03 2022 daemon.info miniupnpd[24500]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
@msylgj OK, if you find anything and need some testing tell me! BTW, I have disabled upnp, I only use PCP because I only have IPv6 with NAT64 in my network.
@tiagogaspar8 Good news. When I disable the 'use_STUN' config and remove-cflag-patch for Makefile.linux.nft, everything seems to be OK! Some remaining problems in my mind: The 'inet' family of nftables con't set nat rule both ipv4 and ipv6. But I con't use ip&ip6 table for rule sets.(miniupnpd doesn't support, throw errors.) So we can see only ipv4 redirect rules in the nat table.I've no more idea. Look like this:
table inet miniupnpd_filter {
chain forward {
type filter hook forward priority -25; policy accept;
jump miniupnpd
}
chain miniupnpd {
iif "pppoe-wan" th dport 6881 @nh,128,32 0x<ipv4 public ip> @nh,72,8 0x6 accept
iif "pppoe-wan" th dport 6881 @nh,192,128 0x<ipv6 public ip> @nh,48,8 0x6 accept
iif "pppoe-wan" th dport 6881 @nh,128,32 0x<ipv4 public ip> @nh,72,8 0x11 accept
iif "pppoe-wan" th dport 6881 @nh,192,128 0x<ipv6 public ip> @nh,48,8 0x11 accept
iif "pppoe-wan" th dport 8083 @nh,128,32 0x<ipv4 public ip> @nh,72,8 0x6 accept
iif "pppoe-wan" th dport 8083 @nh,192,128 0x<ipv6 public ip> @nh,48,8 0x6 accept
}
}
table inet miniupnpd_nat {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
jump prerouting_miniupnpd
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
jump postrouting_miniupnpd
}
chain prerouting_miniupnpd {
iif "pppoe-wan" @nh,72,8 0x6 th dport 6881 dnat ip to 192.168.2.3:6881
iif "pppoe-wan" @nh,72,8 0x11 th dport 6881 dnat ip to 192.168.2.3:6881
iif "pppoe-wan" @nh,72,8 0x6 th dport 8083 dnat ip to 192.168.2.3:8083
}
chain postrouting_miniupnpd {
}
}
For this bug, please try https://git.openwrt.org/38423fae4ba0 For the miniupnpd error, please report them upstream, or update https://github.com/miniupnp/miniupnp/issues/582 and optionally create a new issue here to track those. And I would prefer not to have to resort to using custom scripts at all for adding nftables rules. The less custom code we have to maintain, the better.
For this bug, please try https://git.openwrt.org/38423fae4ba0
@stintel I'm running the latest miniupnpd-nftables_2.3.0-1. Without your patch, my Xbox Series X reports that my NAT type is moderate (Your network is behind a UPnP port-restricted NAT).
With your patch, my Xbox reports that my NAT type is open (Your network is behind a cone NAT).
hi how apply the patch on belkin rt3200 please is complicate you think ? thanks
hi how apply the patch on belkin rt3200 please is complicate you think ? thanks
@neilsan1366 If you compile OpenWrt yourself, you can download the patch above at https://git.openwrt.org/?p=project/firewall4.git;a=patch;h=38423fae4ba0f116ae7b5853b1c459202fe2c9a4 and place it in package/network/config/firewall4/patches.
If you don't compile OpenWrt yourself, install a text editor on your router, like nano. Then, on your router, edit the file /usr/share/firewall4/templates/ruleset.uc and delete the 4 lines deleted by the patch. Reboot your router for the changes to take effect. You will lose these changes every time you flash a new version of OpenWrt on your router, so you'll have to modify the file each time.
Please note that they recently reverted the latest changes to miniupnpd and downgraded it to the previous version. I'm currently waiting for the build to finish to see if the results are the same.
Update: I get the same results with miniupnpd-nftables_2.2.3-1. Moderate NAT without the patch. Open NAT with the patch.
Maintainer
@stintel @ldir-EDB0 @neheb
Environment
Description
As the title says, miniupnpd can't map requested ports successfully for applications and shows "There are no active redirects." in the LuCI web interface.
I setup this environment by:
luci-app-upnp
throughopkg
.I don't know where to continue the troubleshooting. If any additional information is needed, please let me know. I do have a dynamic global IPv4 address on my router, and I disguised it. If that's needed, please also let me know.
Latest release version
21.02.1
withminiupnpd_2.2.1-3
doesn't have this problem but can't support Xbox / Windows teredo UPnP.More logs / configs
qbittorrent_log.txt logread.txt teredo_log.txt etc_config_upnpd.txt ip_addr_show.txt nftables.txt opkg_info_miniupnpd.txt