Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revisionBoth sides next revision
docs:guide-user:firewall:upnp:miniupnpd [2024/09/03 21:09] – [config upnpd 'config'] stokitodocs:guide-user:firewall:upnp:miniupnpd [2024/09/03 21:51] – [NAT-PMP/PCP] copied from upnp_setup page stokito
Line 62: Line 62:
 | ''int_ports'' | portrange | no | ''0-65535'' | Range of ports on the internal side (destination) for this rule.  Can be x, x-y, or x:y. | | ''int_ports'' | portrange | no | ''0-65535'' | Range of ports on the internal side (destination) for this rule.  Can be x, x-y, or x:y. |
  
 +
 +===== NAT-PMP/PCP =====
 +
 +To enable NAT-PMP and disable the UPnP edit the ''/etc/config/upnpd'' file:
 +
 +<code>
 +        option 'enable_natpmp' '1'
 +        option 'enable_upnp' '0'
 +</code>
 +
 +
 +Or you can do this with following command:
 +
 +<code>
 +uci set upnpd.config.enable_natpmp=1
 +uci set upnpd.config.enable_upnp=0
 +/etc/init.d/miniupnpd restart
 +</code>
  
 ===== Notes ===== ===== Notes =====
 After installing and enabling, do not forget to restart the firewall. After installing and enabling, do not forget to restart the firewall.
 +
  
 ===== Security ===== ===== Security =====
 CAUTION: mixing up WAN and LAN interfaces may introduce [[https://community.rapid7.com/community/metasploit/blog/2014/10/21/r7-2014-17-nat-pmp-implementation-and-configuration-vulnerabilities|security risks]]! See also [[https://www.kb.cert.org/vuls/id/184540|Incorrect implementation of NAT-PMP in multiple devices]]. CAUTION: mixing up WAN and LAN interfaces may introduce [[https://community.rapid7.com/community/metasploit/blog/2014/10/21/r7-2014-17-nat-pmp-implementation-and-configuration-vulnerabilities|security risks]]! See also [[https://www.kb.cert.org/vuls/id/184540|Incorrect implementation of NAT-PMP in multiple devices]].
  
  • Last modified: 2024/09/04 14:32
  • by stokito