MiniUPNPD

[fotring]

Hi,
miniupnpd seems to be broken in 26.1:

miniupnpd 37136 - [meta sequenceId="85"] pfctl_get_rules_info: Invalid argument

Its spamming the routing log.

//Daniel

[franco]

First time I hear this. Kernel ABI and upstream software didn't change from 25.7.x so not sure what we're looking at here.



Cheers,
Franco

[fotring]

Fun, a puzzle :D
Had it working in 25.7 for a couple of playstations, and i had trouble getting it going OOTB but that's a couple of years ago so i can't remember what i did. But in sure it wasn't this error.

//Daniel

[fotring]

when trying to map a port from my macbook:

miniupnpd 34776 - [meta sequenceId="77"] ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: Invalid argument

[franco]

True, it's more likely the errors were always there or at least for a while.


Cheers,
Franco

[nero355]

Had it working in 25.7 for a couple of playstations

Why not just give them 1:1 Port Mapping and leave it at Moderate NAT level instead of fully Open NAT ?!

/EDIT :

Other console people who are on Strict NAT (more than you'd think) can only talk to Open NAT.
With how prevalent the P2P matchmaking model is, Moderate NAT just won't do if you want the best chance at finding more people to play with.

UPnP, on the other hand, provides the perfect middle ground while cleaning up after itself so allowed devices can cycle between ports. I'd say these days consoles is one of the primary reasons why UPnP is in use.

Fair enough :)

I am PC gamer who needs it only for some games that use that P2P crap too sadly and really hate the fact that they do (PC gaming folks like Dedicated Servers !!! LOL!)  so I don't mind missing out on those Strict NAT players if that means I can keep my LAN side less exposed than it needs to be !!! ^_^

[d0shie]

Why not just give them 1:1 Port Mapping and leave it at Moderate NAT level instead of fully Open NAT ?!

Because Moderate NAT can only talk to Moderate and Open NAT. Other console people who are on Strict NAT (more than you'd think) can only talk to Open NAT. With how prevalent the P2P matchmaking model is, Moderate NAT just won't do if you want the best chance at finding more people to play with. There's also the need to factor in the effort to manually configure mappings for every game service. The better equivalence would be putting that console behind a DMZ, but it'd also mean the ports have to remain open 24/7, and only for that console.
UPnP, on the other hand, provides the perfect middle ground while cleaning up after itself so allowed devices can cycle between ports. I'd say these days consoles is one of the primary reasons why UPnP is in use.

[franco]

I'm still missing the point a bit: it was said it's broken because it's spamming. The question is: is it still working after upgrading from 25.7.11 (where it worked) to 26.1-RCx (in which the code really doesn't differ)?


Cheers,
Franco

[Kewin]

Just to chime in since I guess not that many are using miniupnpd.. I'm still running 25.7.11_2 and I use UPnP for consoles and kids' gaming, and I'm not seeing those errors in my log..

(A lot of other errors, but I'm guessing it's because the clients didn't clear their active mappings before shutting off)..

Code Select Expand

2026-01-27T09:23:31    Error    miniupnpd    upnpevents_processfds: 0x1239f410080, remove subscriber uuid:4a4dccd4-fb59-11f0-af55-00d0b4023658 after an ERROR cb: http://10.0.10.134:2869/upnp/eventing/dkgqwukrhw
2026-01-27T09:23:31    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:31    Error    miniupnpd    upnpevents_processfds: 0x1239f410100, remove subscriber uuid:4a487762-fb59-11f0-af55-00d0b4023658 after an ERROR cb: http://10.0.10.134:2869/upnp/eventing/bejxzoycej
2026-01-27T09:23:31    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:31    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:15    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:15    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:15    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:21:25    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.1.153:2869): Operation timed out
2026-01-27T09:07:13    Error    miniupnpd    upnpevents_processfds: 0x1239f410000, remove subscriber uuid:0319bd80-fb57-11f0-af55-00d0b4023658 after an ERROR cb: http://10.0.10.127:2869/upnp/eventing/ujhzqdwdtn
2026-01-27T09:07:13    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.127:2869): Operation timed out
2026-01-27T09:07:13    Error    miniupnpd    upnpevents_processfds: 0x1239f410280, remove subscriber uuid:0314bbca-fb57-11f0-af55-00d0b4023658 after an ERROR cb: http://10.0.10.127:2869/upnp/eventing/ocsmvlvmza

/Kewin

[fotring]

Just to chime in since I guess not that many are using miniupnpd.. I'm still running 25.7.11_2 and I use UPnP for consoles and kids' gaming, and I'm not seeing those errors in my log..

(A lot of other errors, but I'm guessing it's because the clients didn't clear their active mappings before shutting off)..

Code Select Expand

2026-01-27T09:23:31    Error    miniupnpd    upnpevents_processfds: 0x1239f410080, remove subscriber uuid:4a4dccd4-fb59-11f0-af55-00d0b4023658 after an ERROR cb: http://10.0.10.134:2869/upnp/eventing/dkgqwukrhw
2026-01-27T09:23:31    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:31    Error    miniupnpd    upnpevents_processfds: 0x1239f410100, remove subscriber uuid:4a487762-fb59-11f0-af55-00d0b4023658 after an ERROR cb: http://10.0.10.134:2869/upnp/eventing/bejxzoycej
2026-01-27T09:23:31    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:31    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:15    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:15    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:23:15    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.134:2869): Operation timed out
2026-01-27T09:21:25    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.1.153:2869): Operation timed out
2026-01-27T09:07:13    Error    miniupnpd    upnpevents_processfds: 0x1239f410000, remove subscriber uuid:0319bd80-fb57-11f0-af55-00d0b4023658 after an ERROR cb: http://10.0.10.127:2869/upnp/eventing/ujhzqdwdtn
2026-01-27T09:07:13    Warning    miniupnpd    upnp_event_process_notify: connect(10.0.10.127:2869): Operation timed out
2026-01-27T09:07:13    Error    miniupnpd    upnpevents_processfds: 0x1239f410280, remove subscriber uuid:0314bbca-fb57-11f0-af55-00d0b4023658 after an ERROR cb: http://10.0.10.127:2869/upnp/eventing/ocsmvlvmza

/Kewin

Good note! Then it's not just my install. Can something have changed upstream in miniupnpd? Im on 2.3.9_2,1.

[Javier®]

Hi, static NAT ports for UDP are a godsend for real-time protocols. Anyone who has troubleshooted WebRTC knows this: they're worth their weight in gold. They cost nothing, except to acknowledge that port "randomization" in UDP is not a security feature.

pass out quick on igc0 inet proto udp from igc1:network nat-to (igc0) static-port
pass out on igc0 inet from igc1:network nat-to (igc0)