V2EX = way to explore
V2EX 是一个关于分享和探索的地方
已注册用户请  登录
V2EX 提问指南
V2EX  ›  问与答

LEDE 固件的 UPnP(miniupnpd) 不能使用请问有朋友知道怎么解决吗?

  •   zhangchioulin · 2018-06-23 15:02:34 +08:00 · 11348 次点击
    这是一个创建于 2314 天前的主题,其中的信息可能已经有所发展或是发生改变。


    • 表现为 Xbox one 显示“ UPnP not successful in your network settings ”

    • shell 中upnpc -s输出

    upnpc : miniupnpc library test client, version 2.1.
     (c) 2005-2018 Thomas Bernard.
    Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
    for more information.
    No IGD UPnP Device found on the network !
    • 最开始系统日志里面报could not open lease file: /var/run/miniupnpd.leases (尝试 /etc/init.d/miniupnpd enable 后不显示)


    LEDE: Powered by LuCI Master (git-18.163.61042-b5a43cf) / OpenWrt R7.7.4 By Lean

    安装的 UPnP 插件:

    luci-app-upnp luci-i18n-upnp-zh-cn miniupnpd(2.1-2)


    K3 路由器使用 DHCP 连接到电信光猫。 我的 Xbox 和电脑等设备使用 DHCP 连接 K3

    ip 电信光猫 K3-LEDE

    Subnet Mask


    1. 删除所有自定义的 iptables 转发规则
    2. 尝试重启并启用服务
    # /etc/init.d/miniupnpd restart
    # /etc/init.d/miniupnpd enable


    Sat Jun 23 14:30:59 2018 daemon.notice miniupnpd[22474]: shutting down MiniUPnPd
    Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: system uptime is 45714 seconds
    Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: Reloading rules from lease file
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: parsing lease file line 'TCP:24874: 24874 tcp '
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: UPnP permission rule 0 matched : port mapping accepted
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: Check protocol tcp for port 24874 on ext_if eth0.2, 0301A8C0
    Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: redirecting port 24874 to protocol TCP for: NAT-PMP 24874 tcp
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: parsing lease file line 'UDP:24874: 24874 udp '
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: UPnP permission rule 0 matched : port mapping accepted
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: Check protocol udp for port 24874 on ext_if eth0.2, 0301A8C0
    Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: redirecting port 24874 to protocol UDP for: NAT-PMP 24874 udp
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: parsing lease file line 'TCP:40536: 40536 tcp '
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: UPnP permission rule 0 matched : port mapping accepted
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: Check protocol tcp for port 40536 on ext_if eth0.2, 0301A8C0
    Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: redirecting port 40536 to protocol TCP for: NAT-PMP 40536 tcp
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: parsing lease file line 'UDP:40536: 40536 udp '
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: UPnP permission rule 0 matched : port mapping accepted
    Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: Check protocol udp for port 40536 on ext_if eth0.2, 0301A8C0
    Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: redirecting port 40536 to protocol UDP for: NAT-PMP 40536 udp
    Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: version 2.1 starting NAT-PMP/PCP UPnP-IGD ext if eth0.2 BOOTID=1529735459
    Sat Jun 23 14:30:59 2018 daemon.notice miniupnpd[29432]: HTTP listening on port 5000
    Sat Jun 23 14:30:59 2018 daemon.notice miniupnpd[29432]: HTTP IPv6 address given to control points : [fd18:7515:c672::1]
    Sat Jun 23 14:30:59 2018 daemon.notice miniupnpd[29432]: Listening for NAT-PMP/PCP traffic on port 5351
    Sat Jun 23 14:31:01 2018 user.info mwan3track[14623]: Check (ping) failed for target "" on interface wan (eth0.2)

    miniupnpd 配置


    allow 1024-65535 1024-65535 #Allow high ports
    deny 0-65535 0-65535 #Default deny

    iptables 规则

    root@tsk3:/tmp/run# iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere             policy match dir in pol ipsec proto esp
    ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
    input_rule  all  --  anywhere             anywhere             /* !fw3: Custom input rule chain */
    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED /* !fw3 */
    syn_flood  tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
    zone_lan_input  all  --  anywhere             anywhere             /* !fw3 */
    zone_wan_input  all  --  anywhere             anywhere             /* !fw3 */
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere             policy match dir out pol ipsec proto esp
    ACCEPT     all  --  anywhere             anywhere             policy match dir in pol ipsec proto esp
    FLOWOFFLOAD  all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED FLOWOFFLOAD
    forwarding_rule  all  --  anywhere             anywhere             /* !fw3: Custom forwarding rule chain */
    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED /* !fw3 */
    zone_lan_forward  all  --  anywhere             anywhere             /* !fw3 */
    zone_wan_forward  all  --  anywhere             anywhere             /* !fw3 */
    reject     all  --  anywhere             anywhere             /* !fw3 */
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere             policy match dir out pol ipsec proto esp
    ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
    output_rule  all  --  anywhere             anywhere             /* !fw3: Custom output rule chain */
    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED /* !fw3 */
    zone_lan_output  all  --  anywhere             anywhere             /* !fw3 */
    zone_wan_output  all  --  anywhere             anywhere             /* !fw3 */
    Chain MINIUPNPD (1 references)
    target     prot opt source               destination
    Chain forwarding_lan_rule (1 references)
    target     prot opt source               destination
    Chain forwarding_rule (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    Chain forwarding_wan_rule (1 references)
    target     prot opt source               destination
    Chain input_lan_rule (1 references)
    target     prot opt source               destination
    Chain input_rule (1 references)
    target     prot opt source               destination
    Chain input_wan_rule (1 references)
    target     prot opt source               destination
    Chain output_lan_rule (1 references)
    target     prot opt source               destination
    Chain output_rule (1 references)
    target     prot opt source               destination
    Chain output_wan_rule (1 references)
    target     prot opt source               destination
    Chain reject (3 references)
    target     prot opt source               destination
    REJECT     tcp  --  anywhere             anywhere             /* !fw3 */ reject-with tcp-reset
    REJECT     all  --  anywhere             anywhere             /* !fw3 */ reject-with icmp-port-unreachable
    Chain syn_flood (1 references)
    target     prot opt source               destination
    RETURN     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */
    DROP       all  --  anywhere             anywhere             /* !fw3 */
    Chain zone_lan_dest_ACCEPT (4 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
    Chain zone_lan_forward (1 references)
    target     prot opt source               destination
    forwarding_lan_rule  all  --  anywhere             anywhere             /* !fw3: Custom lan forwarding rule chain */
    zone_wan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3: Zone lan to wan forwarding policy */
    ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port forwards */
    zone_lan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */
    Chain zone_lan_input (1 references)
    target     prot opt source               destination
    input_lan_rule  all  --  anywhere             anywhere             /* !fw3: Custom lan input rule chain */
    ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port redirections */
    zone_lan_src_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */
    Chain zone_lan_output (1 references)
    target     prot opt source               destination
    output_lan_rule  all  --  anywhere             anywhere             /* !fw3: Custom lan output rule chain */
    zone_lan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */
    Chain zone_lan_src_ACCEPT (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere             ctstate NEW,UNTRACKED /* !fw3 */
    Chain zone_wan_dest_ACCEPT (2 references)
    target     prot opt source               destination
    DROP       all  --  anywhere             anywhere             ctstate INVALID /* !fw3: Prevent NAT leakage */
    ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
    Chain zone_wan_dest_REJECT (1 references)
    target     prot opt source               destination
    reject     all  --  anywhere             anywhere             /* !fw3 */
    Chain zone_wan_forward (1 references)
    target     prot opt source               destination
    forwarding_wan_rule  all  --  anywhere             anywhere             /* !fw3: Custom wan forwarding rule chain */
    zone_lan_dest_ACCEPT  esp  --  anywhere             anywhere             /* !fw3: Allow-IPSec-ESP */
    zone_lan_dest_ACCEPT  udp  --  anywhere             anywhere             udp dpt:isakmp /* !fw3: Allow-ISAKMP */
    ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port forwards */
    MINIUPNPD  all  --  anywhere             anywhere
    zone_wan_dest_REJECT  all  --  anywhere             anywhere             /* !fw3 */
    Chain zone_wan_input (1 references)
    target     prot opt source               destination
    input_wan_rule  all  --  anywhere             anywhere             /* !fw3: Custom wan input rule chain */
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
    ACCEPT     icmp --  anywhere             anywhere             icmp echo-request /* !fw3: Allow-Ping */
    ACCEPT     igmp --  anywhere             anywhere             /* !fw3: Allow-IGMP */
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:1688 /* !fw3: kms */
    ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port redirections */
    zone_wan_src_REJECT  all  --  anywhere             anywhere             /* !fw3 */
    Chain zone_wan_output (1 references)
    target     prot opt source               destination
    output_wan_rule  all  --  anywhere             anywhere             /* !fw3: Custom wan output rule chain */
    zone_wan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */
    Chain zone_wan_src_REJECT (1 references)
    target     prot opt source               destination
    reject     all  --  anywhere             anywhere             /* !fw3 */


    日志里面有很多类似 DNS 转发失败的信息,如果可以也请告诉我如何处理。


    在 GitHub 的 issue 上也提了地址在这里 issue


    3 条回复    2018-06-24 05:45:42 +08:00
       2018-06-23 17:53:59 +08:00   ❤️ 1

    #iptables -N MINIUPNPD
    #iptables -I FORWARD -j MINIUPNPD
    #iptables -t nat -N MINIUPNPD
    #iptables -t nat -I PREROUTING -i pppoe-wan -j MINIUPNPD
       2018-06-23 18:04:29 +08:00 via Android   ❤️ 1
    试一下别的 UPnP 客户端是否正常。比如说 Windows 自带的 UPnP。
       2018-06-24 05:45:42 +08:00
    试过 OpenWrt 18.06.0-rc1 的 UPnP, 无任何问题.
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2561 人在线   最高记录 6679   ·     Select Language
    World is powered by solitude
    VERSION: · 31ms · UTC 15:30 · PVG 23:30 · LAX 08:30 · JFK 11:30
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.