Work in Progress!
This page is a continuous work in progress. You can edit this page to contribute information.

miniupnpd

MiniUPnPd is a lightweight implementation of a UPnP IGD daemon. More info at http://miniupnp.free.fr

See also minidlna and upnp_setup

config upnpd config
        option enable_natpmp  1
        option secure_mode    1
        option log_output     0
        option download       1024
        option upload         512
        option external_iface wan
        option internal_iface lan
  
config perm_rule
        option action    deny
        option ext_ports 0-65535
        option int_addr  0.0.0.0/0
        option int_ports 0:65535
Name Type Required Default Description
clean_ruleset_threshold integer no (none) Minimum number of redirections before clearing rules table of old (active) redirections. Code default is 20.
clean_ruleset_interval integer no (none) Number of seconds before cleaning redirections. Code default is 600 which is sane.
config_file string no (none) Use the specified configuration file if present. If specified the uci options are not used, except that external_iface determines the iptables table used.
download integer no (none) Bandwidth available for traffic coming in from the external interface in kilobytes per second. Note that this only information given to clients, it doesn't control the speed.
upload integer no (none) Bandwidth available for traffic out the external interface in kilobytes per second. Note that this only information given to clients, it doesn't control the speed.
enable_natpmp boolean no 1 Enable NAT-PMP and PCP.
enable_upnp boolean no 1 Enable UPnP.
external_iface string no (auto) External interface. The default is to autodetect the first interface with a default route, which usually is wan.
external_iface6 string no (auto) External ipv6 interface. The default is to autodetect the first interface with a default route, which usually is wan6.
external_ip ipv4addr no (none) Manually specified external IP - if not specified the default ipv4 address of the external interface is used. Conflicts with use_stun option.
internal_iface string no lan Space separated list of internal interfaces (lans)
log_output boolean no 0 Log messages normally sent to stderr/out to syslog.
model_number string no (none) Specify model number for XML Root Desc.
notify_interval integer no (none)
port integer (or string 'auto') no 5000 Port to listen for HTTP requests. If set to 'auto' a random port is used.
presentation_url string no (none) Presentation url for the Root Desc. If not specified the first IP in the first internal interface is used.
secure_mode boolean no 1 Secure mode; client can only redirect an incoming port to the client itself (same IP as the request comes from).
serial_number string no (none) Specify serial number for XML Root Desc.
use_stun boolean no 0 Use the STUN server to resolve an external IP. Conflicts with external_ip option.
stun_host string no (none) The STUN server to use e.g. stun.cloudflare.com or stun2.l.google.com.
stun_port integer no 3478 The STUN server port.
upnp_lease_file string no (none) Store active UPnP redirects in a lease file (specified), like DHCP leases.
system_uptime boolean no 1 Use system uptime as UPnP uptime instead of miniupnpd daemon uptime.
uuid string no UUID autogenerated on first launch of miniupnpd UUID for UPnP IGD. If none specified one will be autogenerated and added to the config file. 'nocli' means a non-unique UUID from the code will be used (previous default behaviour).

These rules define what holes may be opened by UPnP or NAT-PMP clients on the internal interfaces. Note that if secure_mode is set above, then a client may only open a hole to itself (the same IP as it makes the UPnP request from). Rules are applied in the order they appear in the configuration file (so the above deny rule before anything else will block all UPnP actions).

Name Type Required Default Description
action string no deny One of allow or deny. Allow or deny the redirection(s) described by this rule.
ext_ports portrange no 0-65535 Range of ports on the external side (incoming) for this rule. Can be x, x-y, or x:y.
int_addr cidr no 0.0.0.0/0 CIDR of address or addresses to which the redirection may be directed. Must be of the form n.n.n.n/n even for single IPs. Note that doesn't allow redirections that aren't allowed because of secure_mode.
int_ports portrange no 0-65535 Range of ports on the internal side (destination) for this rule. Can be x, x-y, or x:y.
comment string no Comment to show in luci-app-upnp

To enable NAT-PMP and disable the UPnP edit the /etc/config/upnpd file:

option 'enable_natpmp' '1'
option 'enable_upnp' '0'

Or you can do this with following command:

uci set upnpd.config.enable_natpmp=1
uci set upnpd.config.enable_upnp=0
/etc/init.d/miniupnpd restart

After installing and enabling, do not forget to restart the firewall.

CAUTION: mixing up WAN and LAN interfaces may introduce security risks! See also Incorrect implementation of NAT-PMP in multiple devices.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2024/09/04 14:32
  • by stokito