Fix the UPnP issue in double NAT environment

  • A+
Categories:Life

After several days research, I fixed the UPnP issue in my own network environment.

Let me introduce my network environment first so you will know why I have to fix this issue.

I share the same house with my landlords and they provide a WIFI connection to me, while for physical reason it is placed far away from my bedroom and I always get poor WIFI performance, and more worse, the connection is not stable. It will be dropped one or more times per day.

At the beginning I thought the Netgear R8500 would meet my requirements:

1. Enhance the WIFI signal

2. Let me assign fixed IP addresses to my own devices

It has two 5G channels, so I can use one of them to extend the WIFI range, and another one for my own network settings. While when I got it and set the bridge mode I found none of them could be satisfied.

In bridge mode, all the connected devices will get the IP addresses from the source router so I could not assign fixed devices to them, and only wired devices could be used!

More tough issue is that my NAS system (HP Microserver Gen8) only have wired NIC interfaces and it is located in my bedroom and the mentioned R8500 is in the sitting room.

Finally I bought one EX6200 extender and two R8500 routers to connect all of my devices and assign fixed IP addresses to them.

The EX6200 extender and one primary R8500 router are placed in my sitting room to get best WIFI signal of the source modem router, and to run as DHCP server so I can manage the fixed IP addresses.

Another (Secondary) R8500 router is in my sitting room to attach the NAS system and other laptop with cables. This one is bridged to the primary R8500 router with second 5G channel, and the connected speed is about 1G.

So I got the full control of all of my devices and routers, while one sad news was that when I downloaded some files using Transmission or uTorrent, I always failed the port test and other peers could not connect to my seeds if they also failed such test.

If I accessed to the source modem router directly, then the port test was successful, so the UPnP function is enabled on the source modem router. And I also make sure the UPnP feature works well on my own primary R8500 router, so the issue is the primary R8500 router will not redirect my UPnP requests to the source modem router.

DD-WRT firmware maybe already has such function, while I always prefer to use the factory firmware to get better performance and stability.

I could not fix such issue and had to endure such situation for several months, and resolved it just before last day!

If you want to know the solutions more clearly, then better know something about the UPnP principle:

Exploring UPnP with Python

And the steps are as the following (a sample on Windows mixed Linux platform):

1. Download the MiniUPnPc program, just the client.

2. Connect to the source modem router and list the UPnP information

E:\Downloads\upnpc-exe-win32-20150918>upnpc-static.exe  -l
upnpc : miniupnpc library test client, version 1.9.
 (c) 2005-2014 Thomas Bernard.
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://192.168.1.254:37215/upnpdev.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

 desc: http://192.168.1.250:5000/Public_UPNP_gatedesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://192.168.1.254:37215/ctrlu/WANPPPConnection_1
Local LAN ip address : 192.168.1.71
Connection Type : IP_Routed
Status : Connected, uptime=844241s, LastConnectionError : ERROR_NONE
  Time started : Thu Feb 15 21:18:09 2018
MaxBitRateDown : 100000000 bps (100.0 Mbps)   MaxBitRateUp 100000000 bps (100.0 Mbps)
ExternalIPAddress = XXX.XXX.XXX.XXX
 i protocol exPort->inAddr:inPort description remoteHost leaseTime
 0 UDP 31926->192.168.1.64:31926 'wechat voip' '' 0
 1 TCP 13777->192.168.1.65:10800 '' '' 0
 2 TCP 27489->192.168.1.65:10000 '' '' 0
 3 UDP 13777->192.168.1.65:3027  '' '' 0
 4 UDP 38531->192.168.1.70:38531 'wechat voip' '' 0
 5 TCP 13779->192.168.1.67:10800 '' '' 0
 6 TCP 27491->192.168.1.67:10000 '' '' 0
 7 UDP 13779->192.168.1.67:3027  '' '' 0
 8 TCP 13780->192.168.1.68:10800 '' '' 0
 9 TCP 27492->192.168.1.68:10000 '' '' 0
10 UDP 13780->192.168.1.68:3027  '' '' 0
11 UDP 42562->192.168.1.70:42562 'wechat voip' '' 0
12 TCP 51166->192.168.1.71:51166 'uTorrent (TCP)' '' 0
13 UDP 51166->192.168.1.71:51166 'uTorrent (UDP)' '' 0
14 TCP 40959->192.168.1.68:40959 'uTorrent (TCP)' '' 0
15 UDP 40959->192.168.1.68:40959 'uTorrent (UDP)' '' 0
GetGenericPortMappingEntry() returned 402 (Invalid Args)

3. The ip address has the valid IGD is what we want to know, so we can learn the URL of the UPnP device on the source modem router is: "http://192.168.1.254:37215/upnpdev.xml"

4. Connect to the normal network and also list the UPnP information:

E:\Downloads\upnpc-exe-win32-20150918>upnpc-static.exe  -l
upnpc : miniupnpc library test client, version 1.9.
 (c) 2005-2014 Thomas Bernard.
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://192.168.13.250:5000/Public_UPNP_gatedesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://192.168.13.250:5000/Public_UPNP_C3
Local LAN ip address : 192.168.13.21
Connection Type : IP_Routed
Status : Connected, uptime=1284666s, LastConnectionError : ERROR_NONE
  Time started : Sat Feb 10 19:08:14 2018
MaxBitRateDown : 100000000 bps (100.0 Mbps)   MaxBitRateUp 100000000 bps (100.0 Mbps)
ExternalIPAddress = 192.168.1.128
 i protocol exPort->inAddr:inPort description remoteHost leaseTime
 0 UDP 51331->192.168.13.21:51331 'Teredo 192.168.13.21:51331->51331 UDP' '' 0
 1 TCP 52255->192.168.13.252:52255 'Transmission at 52255' '' 0
 2 UDP 52255->192.168.13.252:52255 'Transmission at 52255' '' 0
GetGenericPortMappingEntry() returned 713 (SpecifiedArrayIndexInvalid)

5. So we know the assigned external ip address is 192.168.1.128.

6. Add the UPnP rule manually (I run both Transmission and uTorrent on different systems, so have to add four rules):

root@debian:/home/neilzh/miniupnpc-2.0# upnpc -u "http://192.168.1.254:37215/upnpdev.xml" -a 192.168.1.128 52255 52255 TCP
upnpc : miniupnpc library test client, version 2.0.
 (c) 2005-2016 Thomas Bernard.
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
Found valid IGD : http://192.168.1.254:37215/ctrlu/WANPPPConnection_1
Local LAN ip address : 192.168.13.40
ExternalIPAddress = XXX.XXX.XXX.XXX
InternalIP:Port = 192.168.1.128:52255
external XXX.XXX.XXX.XXX:52255 TCP is redirected to internal 192.168.1.128:52255 (duration=0)
root@debian:/home/neilzh/miniupnpc-2.0# upnpc -u "http://192.168.1.254:37215/upnpdev.xml" -a 192.168.1.128 52255 52255 UDP
upnpc : miniupnpc library test client, version 2.0.
 (c) 2005-2016 Thomas Bernard.
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
Found valid IGD : http://192.168.1.254:37215/ctrlu/WANPPPConnection_1
Local LAN ip address : 192.168.13.40
ExternalIPAddress = XXX.XXX.XXX.XXX
InternalIP:Port = 192.168.1.128:52255
external XXX.XXX.XXX.XXX:52255 UDP is redirected to internal 192.168.1.128:52255 (duration=0)
root@debian:/home/neilzh/miniupnpc-2.0# upnpc -u "http://192.168.1.254:37215/upnpdev.xml" -a 192.168.1.128 51155 51155 UDP
upnpc : miniupnpc library test client, version 2.0.
 (c) 2005-2016 Thomas Bernard.
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
Found valid IGD : http://192.168.1.254:37215/ctrlu/WANPPPConnection_1
Local LAN ip address : 192.168.13.40
ExternalIPAddress = XXX.XXX.XXX.XXX
InternalIP:Port = 192.168.1.128:51155
external XXX.XXX.XXX.XXX:51155 UDP is redirected to internal 192.168.1.128:51155 (duration=0)
root@debian:/home/neilzh/miniupnpc-2.0# upnpc -u "http://192.168.1.254:37215/upnpdev.xml" -a 192.168.1.128 51155 51155 TCP
upnpc : miniupnpc library test client, version 2.0.
 (c) 2005-2016 Thomas Bernard.
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
Found valid IGD : http://192.168.1.254:37215/ctrlu/WANPPPConnection_1
Local LAN ip address : 192.168.13.40
ExternalIPAddress = XXX.XXX.XXX.XXX
InternalIP:Port = 192.168.1.128:51155
external XXX.XXX.XXX.XXX:51155 TCP is redirected to internal 192.168.1.128:51155 (duration=0)
root@debian:/home/neilzh/miniupnpc-2.0# upnpc -u "http://192.168.1.254:37215/upnpdev.xml" -l
upnpc : miniupnpc library test client, version 2.0.
 (c) 2005-2016 Thomas Bernard.
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
Found valid IGD : http://192.168.1.254:37215/ctrlu/WANPPPConnection_1
Local LAN ip address : 192.168.13.40
Connection Type : IP_Routed
Status : Connected, uptime=869397s, LastConnectionError : ERROR_NONE
  Time started : Thu Feb 15 21:18:04 2018
MaxBitRateDown : 100000000 bps (100.0 Mbps)   MaxBitRateUp 100000000 bps (100.0 Mbps)
ExternalIPAddress = XXX.XXX.XXX.XXX
 i protocol exPort->inAddr:inPort description remoteHost leaseTime
 0 UDP 31926->192.168.1.64:31926 'wechat voip' '' 0
 1 TCP 13777->192.168.1.65:10800 '' '' 0
 2 TCP 27489->192.168.1.65:10000 '' '' 0
 3 UDP 13777->192.168.1.65:3027  '' '' 0
 4 UDP 38531->192.168.1.70:38531 'wechat voip' '' 0
 5 TCP 13779->192.168.1.67:10800 '' '' 0
 6 TCP 27491->192.168.1.67:10000 '' '' 0
 7 UDP 13779->192.168.1.67:3027  '' '' 0
 8 TCP 13780->192.168.1.68:10800 '' '' 0
 9 TCP 27492->192.168.1.68:10000 '' '' 0
10 UDP 13780->192.168.1.68:3027  '' '' 0
11 UDP 42562->192.168.1.70:42562 'wechat voip' '' 0
12 TCP 52255->192.168.1.128:52255 'libminiupnpc' '' 0
13 UDP 52255->192.168.1.128:52255 'libminiupnpc' '' 0
14 UDP 51155->192.168.1.128:51155 'libminiupnpc' '' 0
15 TCP 51155->192.168.1.128:51155 'libminiupnpc' '' 0
GetGenericPortMappingEntry() returned 402 (Invalid Args)

7. Check the port again, and it works!Fix the UPnP issue in double NAT environment

Comment

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: