LEDE 固件的 UPnP(miniupnpd) 不能使用请问有朋友知道怎么解决吗？

问题

• 表现为 Xbox one 显示“ UPnP not successful in your network settings ”

• shell 中upnpc -s输出

upnpc : miniupnpc library test client, version 2.1. (c) 2005-2018 Thomas Bernard. Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/ for more information. No IGD UPnP Device found on the network ! 

• 最开始系统日志里面报could not open lease file: /var/run/miniupnpd.leases （尝试 /etc/init.d/miniupnpd enable 后不显示）

软件信息

LEDE: Powered by LuCI Master (git-18.163.61042-b5a43cf) / OpenWrt R7.7.4 By Lean

安装的 UPnP 插件：

luci-app-upnp luci-i18n-upnp-zh-cn miniupnpd(2.1-2)

网络信息

K3 路由器使用 DHCP 连接到电信光猫。 我的 Xbox 和电脑等设备使用 DHCP 连接 K3

ip 192.168.1.1 电信光猫 192.168.2.1 K3-LEDE

Subnet Mask 255.255.255.0

我做的尝试

1. 删除所有自定义的 iptables 转发规则
2. 尝试重启并启用服务

# /etc/init.d/miniupnpd restart # /etc/init.d/miniupnpd enable 

系统日志输出：

Sat Jun 23 14:30:59 2018 daemon.notice miniupnpd[22474]: shutting down MiniUPnPd Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: system uptime is 45714 seconds Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: Reloading rules from lease file Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: parsing lease file line 'TCP:24874:192.168.2.196:24874:1529735590:NAT-PMP 24874 tcp ' Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: UPnP permission rule 0 matched : port mapping accepted Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: Check protocol tcp for port 24874 on ext_if eth0.2 192.168.1.3, 0301A8C0 Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: redirecting port 24874 to 192.168.2.196:24874 protocol TCP for: NAT-PMP 24874 tcp Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: parsing lease file line 'UDP:24874:192.168.2.196:24874:1529735590:NAT-PMP 24874 udp ' Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: UPnP permission rule 0 matched : port mapping accepted Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: Check protocol udp for port 24874 on ext_if eth0.2 192.168.1.3, 0301A8C0 Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: redirecting port 24874 to 192.168.2.196:24874 protocol UDP for: NAT-PMP 24874 udp Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: parsing lease file line 'TCP:40536:192.168.2.196:40536:1529735670:NAT-PMP 40536 tcp ' Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: UPnP permission rule 0 matched : port mapping accepted Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: Check protocol tcp for port 40536 on ext_if eth0.2 192.168.1.3, 0301A8C0 Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: redirecting port 40536 to 192.168.2.196:40536 protocol TCP for: NAT-PMP 40536 tcp Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: parsing lease file line 'UDP:40536:192.168.2.196:40536:1529735670:NAT-PMP 40536 udp ' Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: UPnP permission rule 0 matched : port mapping accepted Sat Jun 23 14:30:59 2018 daemon.debug miniupnpd[29432]: Check protocol udp for port 40536 on ext_if eth0.2 192.168.1.3, 0301A8C0 Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: redirecting port 40536 to 192.168.2.196:40536 protocol UDP for: NAT-PMP 40536 udp Sat Jun 23 14:30:59 2018 daemon.info miniupnpd[29432]: version 2.1 starting NAT-PMP/PCP UPnP-IGD ext if eth0.2 BOOTID=1529735459 Sat Jun 23 14:30:59 2018 daemon.notice miniupnpd[29432]: HTTP listening on port 5000 Sat Jun 23 14:30:59 2018 daemon.notice miniupnpd[29432]: HTTP IPv6 address given to control points : [fd18:7515:c672::1] Sat Jun 23 14:30:59 2018 daemon.notice miniupnpd[29432]: Listening for NAT-PMP/PCP traffic on port 5351 Sat Jun 23 14:31:01 2018 user.info mwan3track[14623]: Check (ping) failed for target "8.8.4.4" on interface wan (eth0.2) 

miniupnpd 配置

文件地址:/tmp/etc/miniupnpd.conf

ext_ifname=eth0.2 listening_ip=br-lan port=5000 enable_natpmp=yes enable_upnp=yes secure_mode=yes pcp_allow_thirdparty=no system_uptime=yes force_igd_desc_v1=no lease_file=/var/run/miniupnpd.leases bitrate_down=8388608 bitrate_up=4194304 uuid=e6a5a45e-6309-4a49-8205-5bb0c8d379af allow 1024-65535 0.0.0.0/0 1024-65535 #Allow high ports deny 0-65535 0.0.0.0/0 0-65535 #Default deny 

iptables 规则

root@tsk3:/tmp/run# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere policy match dir in pol ipsec proto esp ACCEPT all -- anywhere anywhere /* !fw3 */ input_rule all -- anywhere anywhere /* !fw3: Custom input rule chain */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */ syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */ zone_lan_input all -- anywhere anywhere /* !fw3 */ zone_wan_input all -- anywhere anywhere /* !fw3 */ Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere policy match dir out pol ipsec proto esp ACCEPT all -- anywhere anywhere policy match dir in pol ipsec proto esp FLOWOFFLOAD all -- anywhere anywhere ctstate RELATED,ESTABLISHED FLOWOFFLOAD forwarding_rule all -- anywhere anywhere /* !fw3: Custom forwarding rule chain */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */ zone_lan_forward all -- anywhere anywhere /* !fw3 */ zone_wan_forward all -- anywhere anywhere /* !fw3 */ reject all -- anywhere anywhere /* !fw3 */ Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere policy match dir out pol ipsec proto esp ACCEPT all -- anywhere anywhere /* !fw3 */ output_rule all -- anywhere anywhere /* !fw3: Custom output rule chain */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */ zone_lan_output all -- anywhere anywhere /* !fw3 */ zone_wan_output all -- anywhere anywhere /* !fw3 */ Chain MINIUPNPD (1 references) target prot opt source destination Chain forwarding_lan_rule (1 references) target prot opt source destination Chain forwarding_rule (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain forwarding_wan_rule (1 references) target prot opt source destination Chain input_lan_rule (1 references) target prot opt source destination Chain input_rule (1 references) target prot opt source destination Chain input_wan_rule (1 references) target prot opt source destination Chain output_lan_rule (1 references) target prot opt source destination Chain output_rule (1 references) target prot opt source destination Chain output_wan_rule (1 references) target prot opt source destination Chain reject (3 references) target prot opt source destination REJECT tcp -- anywhere anywhere /* !fw3 */ reject-with tcp-reset REJECT all -- anywhere anywhere /* !fw3 */ reject-with icmp-port-unreachable Chain syn_flood (1 references) target prot opt source destination RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */ DROP all -- anywhere anywhere /* !fw3 */ Chain zone_lan_dest_ACCEPT (4 references) target prot opt source destination ACCEPT all -- anywhere anywhere /* !fw3 */ Chain zone_lan_forward (1 references) target prot opt source destination forwarding_lan_rule all -- anywhere anywhere /* !fw3: Custom lan forwarding rule chain */ zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3: Zone lan to wan forwarding policy */ ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */ zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */ Chain zone_lan_input (1 references) target prot opt source destination input_lan_rule all -- anywhere anywhere /* !fw3: Custom lan input rule chain */ ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */ zone_lan_src_ACCEPT all -- anywhere anywhere /* !fw3 */ Chain zone_lan_output (1 references) target prot opt source destination output_lan_rule all -- anywhere anywhere /* !fw3: Custom lan output rule chain */ zone_lan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */ Chain zone_lan_src_ACCEPT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */ Chain zone_wan_dest_ACCEPT (2 references) target prot opt source destination DROP all -- anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */ ACCEPT all -- anywhere anywhere /* !fw3 */ Chain zone_wan_dest_REJECT (1 references) target prot opt source destination reject all -- anywhere anywhere /* !fw3 */ Chain zone_wan_forward (1 references) target prot opt source destination forwarding_wan_rule all -- anywhere anywhere /* !fw3: Custom wan forwarding rule chain */ zone_lan_dest_ACCEPT esp -- anywhere anywhere /* !fw3: Allow-IPSec-ESP */ zone_lan_dest_ACCEPT udp -- anywhere anywhere udp dpt:isakmp /* !fw3: Allow-ISAKMP */ ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */ MINIUPNPD all -- anywhere anywhere zone_wan_dest_REJECT all -- anywhere anywhere /* !fw3 */ Chain zone_wan_input (1 references) target prot opt source destination input_wan_rule all -- anywhere anywhere /* !fw3: Custom wan input rule chain */ ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */ ACCEPT icmp -- anywhere anywhere icmp echo-request /* !fw3: Allow-Ping */ ACCEPT igmp -- anywhere anywhere /* !fw3: Allow-IGMP */ ACCEPT tcp -- anywhere anywhere tcp dpt:1688 /* !fw3: kms */ ACCEPT all -- anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */ zone_wan_src_REJECT all -- anywhere anywhere /* !fw3 */ Chain zone_wan_output (1 references) target prot opt source destination output_wan_rule all -- anywhere anywhere /* !fw3: Custom wan output rule chain */ zone_wan_dest_ACCEPT all -- anywhere anywhere /* !fw3 */ Chain zone_wan_src_REJECT (1 references) target prot opt source destination reject all -- anywhere anywhere /* !fw3 */ 

完整日志

日志里面有很多类似 DNS 转发失败的信息，如果可以也请告诉我如何处理。

备注

在 GitHub 的 issue 上也提了地址在这里 issue

感谢您花时间看我的问题，谢谢。