Setup UPnP->few quick questions? (solved)

42

Hi,

I am using the latest CE.

I've installed/enabled the mini-upnp package.
I am using only the UPnP IGD Port Mapping.

There is zero issues that I can see as it started up just fine.

My questions are:

Are there any firewall rules I need to create to allow UPnP to do it's job?
----Or will PFSense auto-create those rules as necessary?

For example: DO I need an outbound rule for this to work?
Like I had in OPNSense?
Do I need to allow multicast traffic? (1900,5351,2189)
----Or will PFSense take care of all this?

Tyvm for any responses.

Cheers everyone.

John

SteveITS

@yodabug if you still have the default LAN to any rule it’s OK.

https://docs.netgate.com/pfsense/en/latest/services/upnp.html#upnp-igd-pcp-service-ports

42

@SteveITS -tyvm for your response.

I search the documentation - lol.
My search sucks i guess :-)

I'll read that and tyvm once more.

42

After a quick read I see that if I am to bridge anything I should have the manually added rules.

I have future plans and four more ports on my FW so I am wondering, as I don't know much about UPnP except for it was used a ways back to do a bunch of ddos attacks, is there still these kinds of security issues to deal with?

I won't add anything now, don't need them, but when I end up bridging something, maybe and AP or security camera or some such thing I can add them at that time.

Either way, ty very, very much for finding what my old man brain did not :-)

Cheers,

42

I tried to edit my original post to append (solved) to the subject..but I guess that's not allowed after 3600 seconds?

How do we mark the thread resolved please?

Thanks a bunch.

SteveITS

@42 I don’t think you can mark it solved.

I try to avoid bridging. I’d think it’s the same thing though…make a rule on that interface.

johnpoz

@42 said in Setup UPnP->few quick questions?:

How do we mark the thread resolved please?

I did it for you - not sure if there is some timeout to edit first post in the thread. I agree you should be able to at least add tags. I took the liberty of doing it for you.

You might need 5 rep points would be my guess

edit: I gave you some thumbs up, you now have 5 - try editing your first post now.

42

@SteveITS -OK thank you.

I agree about bridging and any other network complicity I am not experienced with.
Which is most of them - giggle.

I might be able to do it all with firewall rules only but eventually, I want to have a fairly smart home (lights, door bell, other electronics control by remote controller over WIFI, and I want all smart-things/IoT (are they the same thing?) to run over one AP, while 2 -4 APs will cover the rest of the house/property and my internet/LAN will be handled by the SFP's.

So, there are a few things I'd like to segregate as much as possible form the rest of the network and as I understand it bridging/firewall rules is one way to do it.

I am unsure if FW rules alone can do this?

42

@johnpoz -Yep-that worked just fine Jonpoz. TYVM.