| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| docs:guide-user:firewall:upnp:upnp_setup [2024/09/03 21:54] – [Setting up UPnP in backfire] removed old notes, natpmp config moved to miniupnpd page stokito | docs:guide-user:firewall:upnp:upnp_setup [2024/11/29 14:48] – [Universal Plug'n'Play and NAT-PMP on OpenWrt] Grammar memicinn19 |
|---|
| Thus, it is recommended to set up port forwarding manually whenever possible, and leave UPnP disabled. However, in some cases dynamic port forwarding is required and manual port forwarding becomes impractical, leaving the user with no other option than to enable UPnP. | Thus, it is recommended to set up port forwarding manually whenever possible, and leave UPnP disabled. However, in some cases dynamic port forwarding is required and manual port forwarding becomes impractical, leaving the user with no other option than to enable UPnP. |
| |
| [[wp>NAT-PMP|NAT-PMP]] and its newer version [[wp>Port_Control_Protocol|PCP]] is a simpler binary protocol similar to UPnP, that is currently an IETF standard, and a number of Windows and Linux applications support it. It was originally developed by Apple for their routers but didn't received wide adoption. | [[wp>NAT-PMP|NAT-PMP]] and its newer version [[wp>Port_Control_Protocol|PCP]] is a simpler binary protocol similar to UPnP, that is currently an IETF standard, and a number of Windows and Linux applications support it. It was originally developed by Apple for their routers but didn't receive wide adoption. |
| |
| ===== Security Concerns ===== | ===== Security Concerns ===== |
| ===== Setting up UPnP in OpenWrt ===== | ===== Setting up UPnP in OpenWrt ===== |
| |
| The repositories for OpenWrt Backfire contain minidlna and miniupnpd to provide UPnP support. They are configured in ''[[docs:guide-user:services:media_server:minidlna|/etc/config/minidlna]]'' or ''[[docs:guide-user:firewall:upnp:miniupnpd|/etc/config/miniupnpd]]'' respectively. Note that the the ''minidlna'' package is quite large, and may not fit on routers with a fresh install on OpenWrt. If you are only looking for UPnP functionality, the ''miniupnpd'' is all you need. | The repository for OpenWrt contains ''minidlna'' and ''miniupnpd'' to provide UPnP support. They are configured in ''[[docs:guide-user:services:media_server:minidlna|/etc/config/minidlna]]'' or ''[[docs:guide-user:firewall:upnp:miniupnpd|/etc/config/miniupnpd]]'' respectively. Note that the the ''minidlna'' package is quite large, and may not fit on routers with a fresh install on OpenWrt. If you are only looking for UPnP functionality, the ''miniupnpd'' is all you need. |
| |
| Once the ''miniupnpd'' is installed, it may be necessary to take an addition step to enable it. | Once the ''miniupnpd'' is installed, it may be necessary to take an addition step to enable it. |
| <code> | <code> |
| uci set upnpd.config.enabled=1 | uci set upnpd.config.enabled=1 |
| | uci commit |
| /etc/init.d/miniupnpd restart | /etc/init.d/miniupnpd restart |
| <code> | </code> |
| | |
| | ==== Troubleshooting ==== |
| | |
| | Read logs with ''logread -e miniupnpd''. |
| | |
| | You can enable verbose logs: |
| | <code> |
| | uci set upnpd.config.log_output=1 |
| | uci commit |
| | /etc/init.d/miniupnpd restart |
| | </code> |
| | |
| | Use [[https://manpages.debian.org/unstable/miniupnpc/upnpc.1.html|miniupnpc]] to open a port with UPnP. |
| | Or use [[https://manpages.debian.org/bookworm/natpmpc/natpmpc.1.html|natpmpc]] for NAT-PMP/PCP. |
| | |
| | The GUI tool [[https://gitlab.gnome.org/DnaX/upnp-router-control|UPnP Router Control]] allows to see network usage and currently open ports. |
| | |
| | Some apps like Transmission allows to open a port with both UPnP and NAT-PMP/PCP. Internally it uses ''libminiupnpc'' and ''libnatpmp'' libraries from the ''miniupnpd'' author. |
| |
| ==== Checking if UPnP is working ==== | === Checking if UPnP is working === |
| |
| Click on ''Status'' > ''Firewall''. If UPnP has been properly enabled, the chains ''zone_wan_forward'' and ''zone_wan_prerouting'' will both contain an entry named ''miniupnpd''. Additionally if you have any UPnP application working, you will be able to find their port mappings. Please note if you have just enabled UPnP, your application may need to be restarted, in order to reconfigure the firewall. | Click on ''Status'' > ''Firewall''. If UPnP has been properly enabled, the chains ''zone_wan_forward'' and ''zone_wan_prerouting'' will both contain an entry named ''miniupnpd''. Additionally if you have any UPnP application working, you will be able to find their port mappings. Please note if you have just enabled UPnP, your application may need to be restarted, in order to reconfigure the firewall. |
| |
| ==== Checking if NAT-PMP is working ==== | === Checking if NAT-PMP is working === |
| |
| From a shell, issue the command: | From a shell, issue the command: |