Results 1 to 10 of 10
  1. #1
    Untanglit
    Join Date
    Oct 2013
    Posts
    16

    Default UPnP seemingly blocked?

    Having some difficulty with making my LAN subnet (behind the internal side of my UT10 server operating in transparent bridge mode) able to communicate w/UPnP to my router, which is a pfSense router on the external side of UT.

    Any apps that I run with the UT10 server claim that UPnP is not detected and/or broken (PlayStation 3 Internet Connection test, and several UPnP apps on Windows to be specific).

    If I take the UT10 server out of the path, making NO OTHER CHANGES to the network, UPnP is detected and functional without an issue... I've seen nothing in my UT config that should be blocking it or impacting UPnP in any fashion.

    I've tried disabling every single app in the rack simultaneously, and I've even tried adding a bypass rule for destination address 239.0.0.0/8 under Networking > Bypass Rules, but it didn't seem to make a difference (I saw that was recommended to somebody in another thread, but their problem was exclusively on the internal side).

    Any other ideas?

    Quick rudimentary diagram:

    [cable modem] <----(WAN)-> [pfSense Server] <-(LAN)---(Ext)-> [UT10 Server] <-(Int)----> (LAN Switch)
    Last edited by JoeMc; 01-11-2014 at 03:19 PM.

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untanglit
    Join Date
    Oct 2013
    Posts
    16

    Default

    Tried that already, didn't fix it. At first I did not add the route (just the bypass rule), but now I've tried adding both... including the route as both a source and destination, but I still can't get it to work.

    Any other ideas?

  4. #4
    Untanglit
    Join Date
    Oct 2013
    Posts
    16

    Default

    /bump

  5. #5
    Untanglit
    Join Date
    Jan 2014
    Posts
    17

    Default

    Could you please tell us where did you add the bypass rule?

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,756

    Default

    On v10.x Config -> Network -> Bypass
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untanglit
    Join Date
    Jan 2014
    Posts
    17

    Default

    Sorry, I wanted to ask what - not where did the OP add to the bypass, because requests are sent to multicast, but returned SSDP responses are UDP source port 1900, but from unicast. So does that mean that source UDP 1900 is to be added to the bypass as well?

  8. #8
    Untanglit
    Join Date
    Oct 2013
    Posts
    16

    Default

    I just tried a few more things to no avail...

    First, I do have a route to 239.0.0.0/8 added to "Local on External" (which was the recommended fix in the other thread, but not the same problem)

    Then I tried all of the following Bypass Rules (all combinations):

    Destination Address = 239.255.255.250 (also tried 239.0.0.0/8)
    Source Address = 239.255.255.250 (also tried 239.0.0.0/8)

    Destination Port = 1900 + Protocol = UDP (no option for Source Port...)

    Destination Port = 1900 (without any other rules)

    Yes, the rules were checked as active. Yes the "bypass" option was selected in the drop down at the bottom. Yes, I clicked Apply and made sure the services restarted each time... my Internet connectivity was disrupted each time, so I assume that's what it was doing.

    Any other ideas??

    Again, the symptom is that devices on my LAN (internal side of UT v10 box) are not able to utilize my pfSense router's UPnP service which is sitting on the External side. UTM v10 is running in between in transparent bridge mode. It works right away if I remove the Untangle device from the path with no other changes. This happens even with every single app in the rack disabled as well.
    Last edited by JoeMc; 01-31-2014 at 01:26 AM.

  9. #9
    Untanglit
    Join Date
    Jan 2014
    Posts
    17

    Default

    Try creating a bandwidth rule for it, set to high priority, and then see if it catches that traffic in the traffic manager logs. If it does, then the bypass doesn't work (I possibly stand corrected on this one).
    Also, could you please do a tcpdump on the outside interface to see if the requests pass, but the responses don't.

  10. #10
    Untanglit
    Join Date
    Oct 2013
    Posts
    16

    Default

    Can you be more specific on the instructions? Bandwidth rule for what ports/IP ranges and where would I configure that?

    Also, can you give me some tips on tcpdump CLI or how I would go about doing that? thx

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2