Messages

Well due to the DMZ I don't need to do any port forwarding on the Xfinity side. All unroutable packets get sent to the DMZ which then get routed to the local network through opnsense. Definitely less complexity though. Will try tonight.

I'm thinking about trying this. I have an Xfinity router, but untill tonight I didn't realize I could put it into bridged mode. I have my opnsense machine plugged into it, and the IP is static and set to be the in the DMZ it worked fine when I used clearOS but that box had only a single nic and the USB dongle for the second one was truncating my bandwidth so when I got a new machine with a double nic I decided to try opnsense. I had no problem before this so I don't know but I expect miniupnp implements it slightly differently. Once I remove the second NAT I kind of expect I'll have the same problem but I won't know until I try.

Well it looks like this. But through some more testing I believe this is actually working. Regardless of what the software is telling me.

Xbox complains that NAT is strict, and I have a double NAT. Well true. But my firewall is in the DMZ of the comcast router. Port-Forwarding on OPNsense works to my internal network.

Now I thought that little refresh looking icon at the top, was just that, a refresh, but maybe it is clearing? Which led me to believe it was disappearing. Whenever I click that, the rules get cleared... anyways

I got on an external server and 'nc -u host 3074' and starting throwing packets at it.
Using wireshark I can see packets coming through the 3074 port Xbox opens up to talk to XBL and test the NAT settings. They are only allowed through once the test starts and the rule is added in the list.

Code Select Expand


ssh root@opnsense 'tcpdump -i em1 -w - port 3074' | /drives/c/Program\ Files/Wireshark/Wireshark.exe -k -i -


So even though warframe complains, and Xbox is telling me the NAT is strict. I think it is actually working..... maybe? At least I can see the packets that I send through. However, I never see any other packets make it through. So I could be wrong. It really is not adding up.

I can't tell outside of what Warframe and Xbox tell me. From all other tests, and looking in the logs. I don't really see a problem. Except for the 500 error that Warframe gets while talking to UPnP daemon. I see one for the Xbox too except the error is different and inconsistent.

To me it appears that the port actually opens, why Xbox and Warframe complain is confusing though.

I am new to opnsense and I'm trying to get UPnP working.

I've installed the plugin and configured it in services. Specifically I'm trying to get warframe working, it complains on startup that UPnP is malfunctioning. Not missing, as it did before I installed the plugin.

What I observe is that briefly the ports appear in the status page, but quickly disappear.

I'm not sure if there is more logging somewhere, but I see the following in /var/log/routing.log

Code Select Expand


May  3 18:26:55 OPNsense miniupnpd[60795]: HTTP listening on port 2189
May  3 18:26:55 OPNsense miniupnpd[60795]: no HTTP IPv6 address, disabling IPv6
May  3 18:26:55 OPNsense miniupnpd[60795]: Listening for NAT-PMP/PCP traffic on port 5351
May  3 18:26:57 OPNsense miniupnpd[60795]: upnp_event_recv: recv(): Connection reset by peer


Now the connection reset didn't happen at the same time as the attempt to connect so I'm not sure if it's related.

Here's a wireshark capture of the handshake between warframe and the upnp server. There is a HTTP 500 in there, I'm assuming this is related to the problem.
https://www.dropbox.com/s/qjn6idqk8i48o3d/warframe_handshake.pcap?dl=0

UPnP Error code 713: SpecifiedArrayIndexInvalid

I've seen suggestions to re-install the plugin, though that seems related to updates to the kernel. I have attempted to re-install and reboots, but I'm not getting anywhere. More help debugging would be greatly appreciated.