This tutorial is intented for people who use a linux box as their router and need UPnP for Games or any other services. I had a problem playing Destiny with two Playstation 4 consoles in same house, getting error when tried to join a fireteam: Unable to join target player. Please try again
I assume PPP0 is your PPPoE Interface and eth0 is your external WAN interface (used by PPPoE) and eth1 your LAN interface
– Install package
apt-get update
apt-get install libupnp6 libupnp6-dev linux-igd
– Configure
/etc/upnpd.conf
# To change the interfaces used edit:
# /etc/default/linux-igd
iptables_location = “/sbin/iptables”
debug_mode = 2
create_forward_rules = yes
forward_rules_append = no
forward_chain_name = UPNP_FORWARD
prerouting_chain_name = UPNP_PREROUTING
#upstream_bitrate = 512000
#downstream_bitrate = 512000
duration = 86400
description_document_name = gatedesc.xml
xml_document_path = /etc/linuxigd
listenport = 0
paranoid = 0
/etc/default/linux-igd
EXTIFACE=ppp0
INTIFACE=eth1
ALLOW_MULTICAST=yes
#UPNPD_USER=$NAME:$NAME
#UPNPD_GROUP=$NAME
#CHROOT_DIR=/var/chroot/$NAME
forward_chain_name=UPNP_FORWARD
prerouting_chain_name=UPNP_PREROUTING
– IPTABLES
# UPNP (before INPUT)
iptables -t filter -N UPNP_FORWARD
iptables -t filter -A FORWARD -j UPNP_FORWARD
iptables -t nat -N UPNP_PREROUTING
iptables -t nat -A PREROUTING -j UPNP_PREROUTING
# INPUT
iptables -t filter -A INPUT -i eth1 -d 239.0.0.0/8 -j ACCEPT
iptables -t filter -A INPUT -i eth1 -p tcp –dport 49152 -j ACCEPT
iptables -t filter -A INPUT -i eth1 -p udp –dport 1900 -j ACCEPT
– ROUTE
route add -net 239.0.0.0 netmask 255.0.0.0 eth1
– Enable linux-igd (systemctl)
systemctl enable linux-igd.service
systemctl start linux-igd.service
– Check if everything is working
iptables -L
Example:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all — anywhere anywhere
ACCEPT all — anywhere anywhere
ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp — anywhere anywhere icmp echo-request
ACCEPT tcp — anywhere anywhere tcp dpt:http
ACCEPT tcp — anywhere anywhere tcp dpt:https
Chain FORWARD (policy DROP)
target prot opt source destination
UPNP_FORWARD all — anywhere anywhere
TCPMSS tcp — anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all — 192.168.1.0/24 anywhere
ACCEPT all — anywhere 192.168.1.0/24 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain UPNP_FORWARD (1 references)
target prot opt source destination
ACCEPT udp — anywhere 192.168.1.104 udp dpt:9308
iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N UPNP_FORWARD
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp –icmp-type 8 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp –dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp –dport 443 -j ACCEPT
-A FORWARD -j UPNP_FORWARD
-A FORWARD -p tcp -m tcp –tcp-flags SYN,RST SYN -j TCPMSS –clamp-mss-to-pmtu
-A FORWARD -s 192.168.1.0/24 -o ppp0 -j ACCEPT
-A FORWARD -d 192.168.1.0/24 -i ppp0 -m state –state RELATED,ESTABLISHED -j ACCEPT
-A UPNP_FORWARD -d 192.168.1.104/32 -p udp -m udp –dport 9308 -j ACCEPT
You can use this application to test if your linux box (router gateway) is accepting/discoverable UPnP requests.
Application (Windows): http://noeld.com/dl.asp?filename=upnptest.zip
Website of author: http://noeld.com/programs.asp?cat=dstools