Asus RT-AC68U merlin 386.5 can't start miniupnpd when enabled dual wan in balance mode

tenwx

New Around Here
I'm using Asus RT-AC68U for many years. Recently I upgraded the merlin firmware from 380.68 to 386.5. Everything seems perfect except the upnp problem which is confusing me.
I turned on dual wan with balanced mode as before, also I turned on the upnp service in the wan config page. But I found that the miniupnpd process was not actually started, and the corresponding /etc/upnp/config file was not generated.
It seems that the dual wan function conflicts with the upnp function, but this is normal in the 380.x version.
Any suggestions?
 

ColinTaylor

Part of the Furniture
380.68 to 386.5 is a huge jump in versions. Did you do a factory reset and manual setup after installing 386.5? If not I suggest you do that now.
 

tenwx

New Around Here
380.68 to 386.5 is a huge jump in versions. Did you do a factory reset and manual setup after installing 386.5? If not I suggest you do that now.
Yes, I did a factory reset after upgrading the firmware, I reconfigured everything.
 

ColinTaylor

Part of the Furniture
Are there any clues in the syslog? e.g. does it appear to start but fails?

How about trying to restart it from the SSH command line:
Code:
service restart_upnp
 

tenwx

New Around Here
Are there any clues in the syslog? e.g. does it appear to start but fails?

How about trying to restart it from the SSH command line:
Code:
service restart_upnp
I didn't find any keywords about upnp in syslog. I also tried turning off the dual wan function, and miniupnpd works fine.

When I use the "service restart_upnp" command, I finally found that the miniupnpd process is up. It looks like the router will automatically skip upnp startup when it booted.
 

FernandoF

Occasional Visitor
@tenwx, just as a check, can you confirm you have "Enable UPnP" set to Yes for both "WAN Index" tabs, under WAN - Internet Connection?
 

ColinTaylor

Part of the Furniture
What is your secondary WAN connection type, USB or Ethernet?

There was a recent patch to the dual WAN code that added a 5 second delay to the UPnP startup to try and alleviate a timing issue. Perhaps this is the same problem and the added delay didn't help.

As it works if you restart it manually maybe you need to increase the startup delay. Try creating a /jffs/scripts/upnp.postconf script like this:
Code:
#!/bin/sh

logger -t "$(basename $0)" "$1"

sleep 5
Remember to chmod 755 /jffs/scripts/upnp.postconf and enable custom scripts in the GUI.

At least it might give you a few messages in the syslog.
 

tenwx

New Around Here
What is your secondary WAN connection type, USB or Ethernet?

There was a recent patch to the dual WAN code that added a 5 second delay to the UPnP startup to try and alleviate a timing issue. Perhaps this is the same problem and the added delay didn't help.

As it works if you restart it manually maybe you need to increase the startup delay. Try creating a /jffs/scripts/upnp.postconf script like this:
Code:
#!/bin/sh

logger -t "$(basename $0)" "$1"

sleep 5
Remember to chmod 755 /jffs/scripts/upnp.postconf and enable custom scripts in the GUI.

At least it might give you a few messages in the syslog.
My secondary WAN connection is Ethernet. I used the script you provided, but after restarting, there are still no relevant logs in syslog.
 

tenwx

New Around Here
At present, my bypass method is to manually add the "service start_upnp" command to the /jffs/scripts/nat-start script.
 

gorstj

Occasional Visitor
I am seeing the same issue with upnp not working when a AX86U running Merlin (386.5_2) and dual WAN (PPOE and DHCP).

Executing "service start_upnp" on the command line makes it work perfectly.

I will try adding this to /jffs/scripts/nat-start as per texwx

This seems to be a bug with dual WAN?

Edit: I can confirm that creating the script /jffs/scripts/nat-start as above solves the issue
 
Last edited:

iMoc

Occasional Visitor
386.7_2
still.
balance(mode port WAN+LAN).
Seems weird because firmware is actually aware of dual wan UPnP:

-A POSTROUTING -o ppp0 -j PUPNP
-A POSTROUTING -o ppp1 -j PUPNP

auto generated.

that "deny 0-65535 0.0.0.0/0 0-65535" in miniupnpd config. like iptables -j DROP in order?
 

ColinTaylor

Part of the Furniture
386.7_2
still.
balance(mode port WAN+LAN).
Seems weird because firmware is actually aware of dual wan UPnP:

-A POSTROUTING -o ppp0 -j PUPNP
-A POSTROUTING -o ppp1 -j PUPNP

auto generated.

that "deny 0-65535 0.0.0.0/0 0-65535" in miniupnpd config. like iptables -j DROP in order?
Can you use complete sentences please. I can't understand what you're saying.
 

iMoc

Occasional Visitor
LOL. I mean I use WAN+LAN load balance dual WAN with 386.7_2 and UPnP must be started manually, but that's weird because firmware is actually aware of dual WAN UPnP by adding the correct two iptables rules.

And another question is about how miniupnpd config works.
 

ColinTaylor

Part of the Furniture
And another question is about how miniupnpd config works.

Rich (BB code):
miniupnpd supports some kind of security check for allowing or disallowing
redirection to be made. The UPnP permission rules are read from the
miniupnpd.conf configuration file.

When a new redirection is requested, permission rules are evaluated in
top-down order and the first permission rule matched gives the response :
redirection allowed or denied. If no rule is matching, the redirection is
allowed, so it is a good practice to have a "catch all" deny permission
rule at the end of your permission ruleset.

Sample permission ruleset :
allow 4662-4672 192.168.1.34/32 4662-4672
deny 0-65535 192.168.1.34/32 0-65535
allow 1024-65535 192.168.1.0/24 1024-65535
deny 0-65535 0.0.0.0/0 0-65535

With this ruleset, redirections are allowed only for host on the subnet
192.168.1.0/255.255.255.0 for the ports 1024 or above. There is an exception
for the host 192.168.1.34 for which only redirections from/to port 4662 to
4672 are allowed.
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top