Forward-upnp: Difference between revisions

From Tomato64
(Created page with "<span id="upnpnat-pmp"></span> == UPnP/NAT-PMP == UPnP (Universal Plug and Play) is a controversial protocol that allows fully dynamic (automatic) port mapping from LAN IP addresses onto the Internet. It has been criticized for its poor security. With UPnP, each network program maps its own ports automatically. In the screenshot below, WhatsApp has mapped certain ports on FreshTomato's WAN IP/Interface. UPnP is the original implementation of this protocol. NAT-PMP (Por...")
 
m (Text replacement - "FreshTomato" to "Tomato64")
Line 2: Line 2:
== UPnP/NAT-PMP ==
== UPnP/NAT-PMP ==


UPnP (Universal Plug and Play) is a controversial protocol that allows fully dynamic (automatic) port mapping from LAN IP addresses onto the Internet. It has been criticized for its poor security. With UPnP, each network program maps its own ports automatically. In the screenshot below, WhatsApp has mapped certain ports on FreshTomato's WAN IP/Interface.
UPnP (Universal Plug and Play) is a controversial protocol that allows fully dynamic (automatic) port mapping from LAN IP addresses onto the Internet. It has been criticized for its poor security. With UPnP, each network program maps its own ports automatically. In the screenshot below, WhatsApp has mapped certain ports on Tomato64's WAN IP/Interface.


UPnP is the original implementation of this protocol. NAT-PMP (Port Mapping Protocol) is a newer, enhanced version of UPnP, designed for better compatibility with NAT routing. NAT-PMP is part of Apple's Bonjour protocol, and is often used for streaming iTunes and other media.
UPnP is the original implementation of this protocol. NAT-PMP (Port Mapping Protocol) is a newer, enhanced version of UPnP, designed for better compatibility with NAT routing. NAT-PMP is part of Apple's Bonjour protocol, and is often used for streaming iTunes and other media.
Line 27: Line 27:
'''Enable on:''' This allows you to enable UPnp/NATPMP only on certain VLANs.
'''Enable on:''' This allows you to enable UPnp/NATPMP only on certain VLANs.


'''Show in My Network Places:''' If enabled, this makes FreshTomato appear as a gateway in Windows' browsable LAN network (WORKGROUP or HOMEGROUP).
'''Show in My Network Places:''' If enabled, this makes Tomato64 appear as a gateway in Windows' browsable LAN network (WORKGROUP or HOMEGROUP).


'''Miniupnpd custom config:''' In this field, you can enter custom configuration options not available in the web interface. In the image above, all UPnP requests/mappings are denied for address 10.10.10.4, the only host on that subnet.<br />
'''Miniupnpd custom config:''' In this field, you can enter custom configuration options not available in the web interface. In the image above, all UPnP requests/mappings are denied for address 10.10.10.4, the only host on that subnet.<br />

Revision as of 17:43, 26 September 2023

UPnP/NAT-PMP

UPnP (Universal Plug and Play) is a controversial protocol that allows fully dynamic (automatic) port mapping from LAN IP addresses onto the Internet. It has been criticized for its poor security. With UPnP, each network program maps its own ports automatically. In the screenshot below, WhatsApp has mapped certain ports on Tomato64's WAN IP/Interface.

UPnP is the original implementation of this protocol. NAT-PMP (Port Mapping Protocol) is a newer, enhanced version of UPnP, designed for better compatibility with NAT routing. NAT-PMP is part of Apple's Bonjour protocol, and is often used for streaming iTunes and other media.

If you use dynamic port forwarding, you'll probably want to enable both protocols to maintain backward compatibility.

Settings

Enable UPnP: Checking this enable UPnP.

Enable NAT-PMP: Checking this enables NAT-PMP.

Inactive Rule Cleaning: Enabling this sets the timeout period to remove rules counted from the last time traffic was flowing.


port_forwarding-upnp-settings-2023.2.jpg


Cleaning Threshold: Here, you set the maximum number of rules to be removed by an Interval.

Secure Mode: Enabling this allows only the "owner LAN IP address" to trigger its own mapping/unmapping. In other words, the client is only allowed to map an incoming port to its own IP address, not to another address.

Enable on: This allows you to enable UPnp/NATPMP only on certain VLANs.

Show in My Network Places: If enabled, this makes Tomato64 appear as a gateway in Windows' browsable LAN network (WORKGROUP or HOMEGROUP).

Miniupnpd custom config: In this field, you can enter custom configuration options not available in the web interface. In the image above, all UPnP requests/mappings are denied for address 10.10.10.4, the only host on that subnet.