pfsense:upnp_universal_plug_and_play
This is an old revision of the document!
Table of Contents
PFSense - UPNP (Universal Plug and Play)
UPnP and NAT-PMP both allow devices and programs that support them to automatically add dynamic port forwards and firewall entries.
ALERT: Risks!!!
Any service that allows a client device to dynamically open ports on a firewall can pose a risk to the network.
A mischievous application could pose as a UPnP client and open up the system to hackers.
It is safer to rather open ports on a case by case basis.
Configure UPNP
Services > UPnP & NAT-PMP
Configure the following options:
- Enable: Enabled UPnP & NAT-PMP ticked.
- UPnP Port Mapping: Allow UPnP Port Mapping Ticked.
- NAT-PMP Port Mapping: Allow NAT-PMP Port Mapping ticked.
- External Interface: Select your external interface, usually WAN,
- Interfaces: Select the interfaces where UPnP/NAT-PMP clients exist.
Advanced UPnP & NAT-PMP Configuration
- Enable: Enabled UPnP & NAT-PMP ticked.
- UPnP Port Mapping: Allow UPnP Port Mapping Ticked.
- NAT-PMP Port Mapping: Allow NAT-PMP Port Mapping ticked.
- External Interface: Select your external interface, usually WAN,
- Interfaces: Select the interfaces where UPnP/NAT-PMP clients exist.
- Default Deny: Deny access to UPnP & NAT-PMP by default ticked.
The Default Deny will automatically deny any UPnP & NAT-PMP requests from clients unless an ACL (Access Control List) is set.
ACL (Access Control List)
Syntax:
[allow or deny] [external single port or range of ports] [single IP address or a single range] [internal single port or range]
Example:
allow 1024-65535 192.168.1.2 1024-65535 allow 12345 192.168.1.0/24 50000-65535
NOTE: Remember to click Save.
pfsense/upnp_universal_plug_and_play.1583575839.txt.gz · Last modified: 2020/07/15 09:30 (external edit)