Work in Progress!
This page is a continuous work in progress. You can edit this page to contribute information.

miniupnpd

MiniUPnPd is a lightweight implementation of a UPnP IGD daemon. More info at http://miniupnp.free.fr

See also minidlna and upnp

Default

config upnpd config
        option enable_natpmp  1
        option secure_mode    1
        option log_output     0
        option download       1024
        option upload         512
        option external_iface wan
        option internal_iface lan
  
config perm_rule
        option action    deny
        option ext_ports 0-65535
        option int_addr  0.0.0.0/0
        option int_ports 0:65535

config upnpd 'config'

Name Type Required Default Description
clean_ruleset_threshold integer no (none) Minimum number of redirections before clearing rules table of old (active) redirections. Code default is 20.
clean_ruleset_interval integer no (none) Number of seconds before cleaning redirections. Code default is 600 which is sane.
config_file string no (none) Use the specified configuration file if present. If specified the uci options are not used, except that external_iface determines the iptables table used.
download integer no (none) Bandwidth available for traffic coming in from the external interface in kilobytes per second. Note that this only information given to clients, it doesn't control the speed.
enable_natpmp boolean no 1 Enable NAT-PMP and PCP.
enable_upnp boolean no 1 Enable UPnP.
external_iface string no (auto) External interface. The default is to autodetect the first interface with a default route, which usually is wan.
external_iface6 string no (auto) External ipv6 interface. The default is to autodetect the first interface with a default route, which usually is wan6.
external_ip ipv4addr no (none) Manually specified external IP - if not specified the default ipv4 address of the external interface is used.
internal_iface string no lan Space separated list of internal interfaces (lans)
log_output boolean no 0 Log messages normally sent to stderr/out to syslog.
model_number string no (none) Specify model number for XML Root Desc.
notify_interval integer no (none)
port integer (or string 'auto') no 5000 Port to listen for HTTP requests. If set to 'auto' a random port is used.
presentation_url string no (none) Presentation url for the Root Desc. If not specified the first IP in the first internal interface is used.
secure_mode boolean no 1 Secure mode; client can only redirect an incoming port to the client itself (same IP as the request comes from).
serial_number string no (none) Specify serial number for XML Root Desc.
upload integer no (none) Bandwidth available for traffic out the external interface in kilobytes per second. Note that this only information given to clients, it doesn't control the speed.
upnp_lease_file string no (none) Store active UPnP redirects in a lease file (specified), like DHCP leases.
system_uptime boolean no 1 Use system uptime as UPnP uptime instead of miniupnpd daemon uptime.
uuid string no UUID autogenerated on first launch of miniupnpd UUID for UPnP IGD. If none specified one will be autogenerated and added to the config file. 'nocli' means a non-unique UUID from the code will be used (previous default behaviour).

config 'perm_rule'

These rules define what holes may be opened by UPnP or NAT-PMP clients on the internal interfaces. Note that if secure_mode is set above, then a client may only open a hole to itself (the same IP as it makes the UPnP request from). Rules are applied in the order they appear in the configuration file (so the above deny rule before anything else will block all UPnP actions).

Name Type Required Default Description
action string no deny One of allow or deny . Allow or deny the redirection(s) described by this rule.
ext_ports portrange no 0-65535 Range of ports on the external side (incoming) for this rule. Can be x, x-y, or x:y.
int_addr cidr no 0.0.0.0/0 CIDR of address or addresses to which the redirection may be directed. Must be of the form n.n.n.n/n even for single IPs. Note that doesn't allow redirections that aren't allowed because of secure_mode.
int_ports portrange no 0-65535 Range of ports on the internal side (destination) for this rule. Can be x, x-y, or x:y.

Notes

After installing and enabling, do not forget to restart the firewall.

Security

CAUTION: mixing up WAN and LAN interfaces may introduce security risks! See also Incorrect implementation of NAT-PMP in multiple devices.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2022/06/04 09:32
  • by ansuel