1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trying to get www.mycloudnas.com to work

Discussion in 'Tomato Firmware' started by djeanprost, Feb 15, 2011.

  1. djeanprost

    djeanprost Addicted to LI Member

    Hello,

    I'm the happy owner of a QNAP NAS. The latest firmware of this device offers to publish services through www.mycloudnas.com.
    The nas has a upnp config option to setup port forwarding in my tomato router. The problem is the following:
    Although the port seems to be correctly setup using by upnp, I can't reach my nas using mycloudnas.com
    If I setup manually the port forwarding, using the same values, it works.

    Manually works
    On Proto Src Address Ext Ports Int Port Int Address Description
    On TCP 8080 8080 192.168.1.100
    On TCP 80 80 192.168.1.100

    Upnp doesn't work
    External Internal Internal Address Protocol Description
    8080 8080 192.168.1.100 TCP Web Admin
    80 80 192.168.1.100 TCP Web Server/Multimedia Station

    As I can't see any difference between the two configuration, I don't understand why it works manually and why it doesn't work with upnp.

    Can someone help me please ?
    Dom
     
  2. djeanprost

    djeanprost Addicted to LI Member

    To help to diagnose the problem, what should I look for in iptables ? Can someone help please ?
    dom
     
  3. djeanprost

    djeanprost Addicted to LI Member

    Funny to try to help myself :

    If I setup port forwarding manually, here is what I get with iptables :

    Code:
    # iptables -L -n
    Chain INPUT (policy DROP)
    target     prot opt source               destination
    DROP       0    --  0.0.0.0/0            88.167.156.143
    DROP       0    --  0.0.0.0/0            0.0.0.0/0           state INVALID
    ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     2    --  0.0.0.0/0            0.0.0.0/0
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0
    DROP       0    --  0.0.0.0/0            0.0.0.0/0           state INVALID
    TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 tcpmss match 1461:65535 TCPMSS set 1460
    L7in       0    --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    wanin      0    --  0.0.0.0/0            0.0.0.0/0
    wanout     0    --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0
    upnp       0    --  0.0.0.0/0            0.0.0.0/0
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain L7in (1 references)
    target     prot opt source               destination
    RETURN     0    --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto skypeout
    RETURN     0    --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto skypetoskype
    
    Chain upnp (1 references)
    target     prot opt source               destination
    
    Chain wanin (1 references)
    target     prot opt source               destination
    ACCEPT     udp  --  0.0.0.0/0            224.0.0.0/4         udp
    ACCEPT     tcp  --  0.0.0.0/0            192.168.1.100       tcp dpt:80
    
    Chain wanout (1 references)
    target     prot opt source               destination
    #
    When I use Upnp, here is what I get :
    Code:
    # iptables -L -n
    Chain INPUT (policy DROP)
    target     prot opt source               destination
    DROP       0    --  0.0.0.0/0            88.167.156.143
    DROP       0    --  0.0.0.0/0            0.0.0.0/0           state INVALID
    ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     2    --  0.0.0.0/0            0.0.0.0/0
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0
    DROP       0    --  0.0.0.0/0            0.0.0.0/0           state INVALID
    TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 tcpmss match 1461:65535 TCPMSS set 1460
    L7in       0    --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    wanin      0    --  0.0.0.0/0            0.0.0.0/0
    wanout     0    --  0.0.0.0/0            0.0.0.0/0
    ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0
    upnp       0    --  0.0.0.0/0            0.0.0.0/0
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain L7in (1 references)
    target     prot opt source               destination
    RETURN     0    --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto skypeout
    RETURN     0    --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto skypetoskype
    
    Chain upnp (1 references)
    target     prot opt source               destination
    ACCEPT     tcp  --  0.0.0.0/0            192.168.1.100       tcp dpt:80
    
    Chain wanin (1 references)
    target     prot opt source               destination
    ACCEPT     udp  --  0.0.0.0/0            224.0.0.0/4         udp
    
    Chain wanout (1 references)
    target     prot opt source               destination
    #

    In both case, I get the
    Code:
    ACCEPT     tcp  --  0.0.0.0/0            192.168.1.100       tcp dpt:80
    manually, this rule is in wanin; with upnp, this rule is in upnp.
    I can't see why the order can prevent my stuff to work correctly when using upnp.

    Can someone help me please ?
     
  4. djeanprost

    djeanprost Addicted to LI Member

    I tried to install dd-wrt, and with it, I don't get my problem.

    I've checked iptables with dd-wrt :
    - the chain upnp doesn't exist
    - the rule added through upnp is put higher in the FORWARD chain.

    So as it works with dd-wrt, should we consider it as a problem in tomato ? By the way, it's the first time I meet a problem with upnp and tomato (skype, bittorrent work).

    Can someone at least give me sign please ?
    dom
     
  5. djeanprost

    djeanprost Addicted to LI Member

Share This Page