miniupnpd
MiniUPnPd is a lightweight implementation of a UPnP IGD daemon. More info at http://miniupnp.free.fr
See also minidlna and upnp_setup
Default
config upnpd config option enable_natpmp 1 option secure_mode 1 option log_output 0 option download 1024 option upload 512 option external_iface wan option internal_iface lan config perm_rule option action deny option ext_ports 0-65535 option int_addr 0.0.0.0/0 option int_ports 0:65535
config upnpd 'config'
Name | Type | Required | Default | Description |
---|---|---|---|---|
clean_ruleset_threshold | integer | no | (none) | Minimum number of redirections before clearing rules table of old (active) redirections. Code default is 20. |
clean_ruleset_interval | integer | no | (none) | Number of seconds before cleaning redirections. Code default is 600 which is sane. |
config_file | string | no | (none) | Use the specified configuration file if present. If specified the uci options are not used, except that external_iface determines the iptables table used. |
download | integer | no | (none) | Bandwidth available for traffic coming in from the external interface in kilobytes per second. Note that this only information given to clients, it doesn't control the speed. |
upload | integer | no | (none) | Bandwidth available for traffic out the external interface in kilobytes per second. Note that this only information given to clients, it doesn't control the speed. |
enable_natpmp | boolean | no | 1 | Enable NAT-PMP and PCP. |
enable_upnp | boolean | no | 1 | Enable UPnP. |
external_iface | string | no | (auto) | External interface. The default is to autodetect the first interface with a default route, which usually is wan . |
external_iface6 | string | no | (auto) | External ipv6 interface. The default is to autodetect the first interface with a default route, which usually is wan6 . |
external_ip | ipv4addr | no | (none) | Manually specified external IP - if not specified the default ipv4 address of the external interface is used. Conflicts with use_stun option. |
internal_iface | string | no | lan | Space separated list of internal interfaces (lans) |
log_output | boolean | no | 0 | Log messages normally sent to stderr/out to syslog. |
model_number | string | no | (none) | Specify model number for XML Root Desc. |
notify_interval | integer | no | (none) | |
port | integer (or string 'auto') | no | 5000 | Port to listen for HTTP requests. If set to 'auto' a random port is used. |
presentation_url | string | no | (none) | Presentation url for the Root Desc. If not specified the first IP in the first internal interface is used. |
secure_mode | boolean | no | 1 | Secure mode; client can only redirect an incoming port to the client itself (same IP as the request comes from). |
serial_number | string | no | (none) | Specify serial number for XML Root Desc. |
use_stun | boolean | no | 0 | Use the STUN server to resolve an external IP. Conflicts with external_ip option. |
stun_host | string | no | (none) | The STUN server to use e.g. stun.cloudflare.com or stun2.l.google.com . |
stun_port | integer | no | 3478 | The STUN server port. |
upnp_lease_file | string | no | (none) | Store active UPnP redirects in a lease file (specified), like DHCP leases. |
system_uptime | boolean | no | 1 | Use system uptime as UPnP uptime instead of miniupnpd daemon uptime. |
uuid | string | no | UUID autogenerated on first launch of miniupnpd | UUID for UPnP IGD. If none specified one will be autogenerated and added to the config file. 'nocli' means a non-unique UUID from the code will be used (previous default behaviour). |
config 'perm_rule'
These rules define what holes may be opened by UPnP or NAT-PMP clients on the internal interfaces. Note that if secure_mode is set above, then a client may only open a hole to itself (the same IP as it makes the UPnP request from). Rules are applied in the order they appear in the configuration file (so the above deny rule before anything else will block all UPnP actions).
Name | Type | Required | Default | Description |
---|---|---|---|---|
action | string | no | deny | One of allow or deny . Allow or deny the redirection(s) described by this rule. |
ext_ports | portrange | no | 0-65535 | Range of ports on the external side (incoming) for this rule. Can be x, x-y, or x:y. |
int_addr | cidr | no | 0.0.0.0/0 | CIDR of address or addresses to which the redirection may be directed. Must be of the form n.n.n.n/n even for single IPs. Note that doesn't allow redirections that aren't allowed because of secure_mode. |
int_ports | portrange | no | 0-65535 | Range of ports on the internal side (destination) for this rule. Can be x, x-y, or x:y. |
comment | string | no | | Comment to show in luci-app-upnp |
NAT-PMP/PCP
To enable NAT-PMP and disable the UPnP edit the /etc/config/upnpd
file:
option 'enable_natpmp' '1' option 'enable_upnp' '0'
Or you can do this with following command:
uci set upnpd.config.enable_natpmp=1 uci set upnpd.config.enable_upnp=0 /etc/init.d/miniupnpd restart
Notes
After installing and enabling, do not forget to restart the firewall.
Security
CAUTION: mixing up WAN and LAN interfaces may introduce security risks! See also Incorrect implementation of NAT-PMP in multiple devices.