All,
Another new guy issue here, I need some help getting UPnP working correctly. I have a gaming PC that I need the UPnP to work for some games with some friends. I followed this link on how someone set up an xbox to work but it seems to not work completely for me. https://forum.opnsense.org/index.php?topic=8812.0
    I set a static IP on my computer 192.168.X.XX
    Installed the UPnP service on Opnsense
        Enabled UPnP Port mapping
        Allow NAT-PMP Port mapping
        User specified permissions "allow 51XX 192.168.X.XX/32 51XX"
    Firewall hybrid oubound Nat Rule Generation checked
        Create a rule with the following set: "Source Address - Single Host or network - 192.168.X.XX/32" & "Static Port - Checked"
I'm not sure if these rules/settings are correct since I'm still new to Opnsense (only a couple of weeks now). It seems that if i turn off Suricata(monitor intrusion) I can get the UPnP option in the game to show on and I can connect to my friends in the game. If the rules are fine then, I guess it could be Suricata blocking? Thanks for the help. I did some further checking and have turned of Suricata and still cannot get UPnP to consistently work on this game.
			
			
			
				I use this: https://forum.opnsense.org/index.php?topic=8783.0
			
			
			
				In your User Specified Permissions, try:
allow 1024-65535 192.168.X.XX/32 1024-65535
			
			
			
				Wont the below open up all my ports?  I was able to specify what port in the game it should use for the UPnP and made sure it was the same in my rules.
			
			
			
				The game will only open the port it needs. Allowing the range suggested won't open all of the ports listed in the range, it will allow those ports to be opened by the IP address in the source field if/when needed. You can view the currently opened connections in the status page of the UPnP plugin.
			
			
			
				So updated the user specified permissions to: allow 1024-65535 192.168.2.10 1024-65535.  Still no luck, I went in and disabled IPS on Suricata and still no luck.  So let me bulletize my setup as of now:
Under UPnP I have it enabled
   Allow UPnP port mapping checked
   Allow NAT-PMP Port Mapping checked
   External Interface set to WAN
   Interface set to LAN
   Log NAT-PMP checked
   Use system time checked
   User specified permissions "allow 1024-65535 192.168.2.10/32 1024-65535"
Firewall: NAT: Outbound mode set to Hybrid
   WAN Rule Source Single Hose 192.168.2.10  32 from the drown down menu
   Static-port checked
192.168.2.10 is the static IP I assigned to the PC.  
			
			
			
				What game is it that you can't get to work?
Is it just one machine connecting or multiple machines from your network? 
			
			
			
				Are the OPNsense box & your gaming pc on the same network switch?  If it's "dumb" (no igmp snooping/igmp querier) it should "just work"
If it's smart & you have igmp snooping/querier setup, I've found the upnp with opnsense doesn't send a multicast join to 239.255.255.250 like it should.  I had to do a static join on my switch before it would work.
			
			
			
				The game is Elite Dangerous and I am just trying to connect my one machine to a friend's.  I have a unifi switch 8 that both the OPNsense and my gaming pc are hooked up to. I do not have IGMP on. 
			
			
			
				Quote from: Maxpower on June 30, 2020, 01:55:41 AM
Firewall: NAT: Outbound mode set to Hybrid
   WAN Rule Source Single Hose 192.168.2.10  32 from the drown down menu
   Static-port checked
In that NAT Rule, is the NAT Address (Translation/Target) set as the WAN Address?
			
 
			
			
				No the translation/target is set to interface address.
			
			
			
				Make it WAN Address 
			
			
			
				I did that and UPnP is still hit or miss, sometimes it shows enabled in the game and some times it does not.  So no change.
			
			
			
				Looking through the opnsense log I can see it start up the upnp service, but I thought it was strange to see promiscuous mode toggling every few minutes even though I do not have it checked on Suricata.  Also suricata is set to just alert and not block.
			
			
			
				It seems if I launch the game and UPnP is not recognized as being on I exit the game and login into my Opnsense box and refresh UPnP service and then start the game back up and it works.