1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

uPnP on but WHS still complains about port forwarding

Discussion in 'Tomato Firmware' started by Heinrich, Jan 9, 2011.

  1. Heinrich

    Heinrich Networkin' Nut Member

    HP MediaSmart WHS. "verifying port forwarding on your router failed." in uPnP everything is enabled except secure mode.

    This is the only entry in the table:

    4125 4125 192.168.1.7 TCP WHS_4125


    Back with DD-WRT, I had 3 entries. Should I manually create what I need?
     
  2. mstombs

    mstombs Network Guru Member

    What version of Tomato? Tomatousb blocks low port nos from upnp by default, but this can be changed by nvram vars I recall.
     
  3. Heinrich

    Heinrich Networkin' Nut Member

    Tomato Firmware v1.28.9054 MIPSR2-beta E3000 USB vpn3.6

    USB support integration and GUI,
    Linux kernel 2.6.22.19 and Broadcom Wireless Driver 5.10.147.0 updates,
    support for additional router models and Wireless-N mode.
    Copyright (C) 2008-2010 Fedor Kozhevnikov and Ray Van Tassle
    http://www.tomatousb.org


    VPN integration and GUI Copyright (C) 2010 Keith Moyer, tomatovpn@keithmoyer.com


    Based on Tomato Firmware v1.28
    Copyright (C) 2006-2010 Jonathan Zarate
    http://www.polarcloud.com/tomato/

    Built on Tue, 30 Nov 2010 16:13:46 -0500
     
  4. Azuse

    Azuse LI Guru Member

    Is there a specific reason the server what's open ports for incoming connections? What would be needing to connect to it from outside?
     
  5. ladysman

    ladysman LI Guru Member

    This is for the remote login capability. You can also give people access from outside to view pictures for example (what i do).

    Heinrich,
    I have the following manual entries in port forwarding and it works perfect for me. (Attached)

    Let me know if you need anything else.
     

    Attached Files:

  6. mstombs

    mstombs Network Guru Member

    OK tomatousb has the port limits for upnp (security paranoia), defaulting to 1024 which blocks 80 and 443. The relevant bit of code in rc/services.c which creates the upnp config file is is

    Code:
                    int ports[4];
                    if ((ports[0] = nvram_get_int("upnp_min_port_int")) > 0 &&
                        (ports[1] = nvram_get_int("upnp_max_port_int")) > 0 &&
                        (ports[2] = nvram_get_int("upnp_min_port_ext")) > 0 &&
                        (ports[3] = nvram_get_int("upnp_max_port_ext")) > 0) {
                        fprintf(f,
                            "allow %d-%d %s/%s %d-%d\n",
                            ports[0], ports[1],
                            lanip, lanmask,
                            ports[2], ports[3]
                        );
                    }
                    else {
                        // by default allow only redirection of ports above 1024
                        fprintf(f, "allow 1024-65535 %s/%s 1024-65535\n", lanip, lanmask);
                    }
     
                    fappend(f, "/etc/upnp/config.custom");
                    fprintf(f, "\ndeny 0-65535 0.0.0.0/0 0-65535\n");
                    fclose(f);
    These vars are not in the web gui so you need to manually assing the nvram vars "upnp_min_port_int" etc with

    Code:
    nvram set upnp_min_port_int=80
    nvram set upnp_max_port_int=65535
    nvram set upnp_min_port_ext=80
    nvram set upnp_max_port_ext=65535
    nvram commit
    to get upnp to be able to use these ports - or setup fixed port forwards...

    From the author:-
    http://tomatousb.org/forum/t-286557/
     
  7. Heinrich

    Heinrich Networkin' Nut Member

    Great help and explanation! I stuck to manually assigning IP address and doing the port forwards manually and it worked. To break into the code would be something new, and I don't want to accidentally send my router on to a DOS attack on my neighbors or something crazy like that :eek:
     
  8. Jason404

    Jason404 Addicted to LI Member

    Where are these commands to be used? I tried entering them through an SSH connection, but they did not work. I just got the help for nvram instead.
     
  9. Jason404

    Jason404 Addicted to LI Member

    Is it not possible to override this anymore?

    I looked in the contents of the NVRAM and only found these values which had 'upnp' in them:

    upnp_clean=1
    upnp_clean_interval=600
    upnp_clean_threshold=20
    upnp_enable=3
    upnp_lan1=0
    upnp_lan2=0
    upnp_lan3=0
    upnp_lan=1
    upnp_max_age=180
    upnp_mnp=0
    upnp_port=0
    upnp_secure=1
    upnp_ssdp_interval=60
     
  10. Toastman

    Toastman Super Moderator Staff Member Member

    The = sign seems to have been missed from the above.

    Try:

    nvram set upnp_min_port_int=80
    nvram set upnp_max_port_int=65535
    nvram set upnp_min_port_ext=80
    nvram set upnp_max_port_ext=65535
    nvram commit
     
  11. mstombs

    mstombs Network Guru Member

    oops thanks Toastman - the code snippet above makes it clear these nvram vars do not normally exist, but if they ALL do they are used to override the paranoid defaults in tomatousb mods.
     
  12. ModXMV

    ModXMV Networkin' Nut Member

    For the errant googler that stumbles upon this page. Toastman's fix with the = signs works. Just reboot it once you do it.
     
  13. Morac

    Morac Network Guru Member

    Glad I found this thread since my WD My Book Live was also complaining that UPNP wasn't enabled, when I had it enabled. I think it tries to use ports 80 and 443.

    It would be nice if the firmware (using latest Toastman), would log UPNP errors in the log. I tried turning up logging to 8, but that didn't make a difference.
     
  14. zeus163

    zeus163 Networkin' Nut Member

    I appear to be running into this problem with my new router an Asus RT-N16 running Tomato Firmware 1.28.0000 MIPSR2-092 K26 USB AIO. I followed the port forwarding picture attached above and that didn't work for me. WHS still complains that port-forwarding is not set up correctly. I enabled uPnP and that didn't work. I tried to enable NAT-PMP, but that didn't work either. Now WHS tells me my router is not working so I can't remotely access my server at all right now. It seems that I need to try the NVRAM thingy, but I'm not sure how to add the lines and where I would add them too. I had a version of Toastman on my older Netgear WNR3500L model and even could access my server. So, my thinking is that I'm doing something wrong. Any help would be appreciated. I sure hope I'm not double-natted and if I am I have no idea how to solve that.
     
  15. RonV

    RonV Network Guru Member

    I just discovered this thread today...thanks for hints on enabling lower port numbers with uPnP via NVRAM settings. I added a link up script that kills and restarts uPnP and seems to work great.
     
  16. zeus163

    zeus163 Networkin' Nut Member

    Would I post this:

    nvram set upnp_min_port_int=80
    nvram set upnp_max_port_int=65535
    nvram set upnp_min_port_ext=80
    nvram set upnp_max_port_ext=65535
    nvram commit

    in the scripts section and reboot the router? Or something different?
     
  17. Toastman

    Toastman Super Moderator Staff Member Member

    enter into the tools/system box and execute. Once committed to nvram, it's set, and doesn't need to be done again.
     
  18. zeus163

    zeus163 Networkin' Nut Member

    Thanks Toastman! I just committed the command to nvram. We'll see if that helps me out.
     

Share This Page