UPnP Configuration Habits

  • Hey Jimp one more question, do you have UPNP set to use an Access List for UPNP access, or do you just allow anything to use it? I'm curious what a person with real knowledge sets it to.

  • Rebel Alliance Developer Netgate

    [This wasn't relevant to the old thread so I split it off]

    On the segment where I have UPnP enabled, I just leave it wide open.

    I should probably setup some ACLs since there are very few things I need UPnP to do, but I am inherently lazy and prefer the few things that need it to Just Work™.

  • Haha I understand. I'm currently using ACL's to try to lock it down, but with mobile devices and poor network coding by app dev's I'm finding i have to add quite a few devices. I might just do what you did then and leave it wide open so I don't have to deal with it.

  • LAYER 8 Global Moderator

    What application are you running on a mobile device that would need UPnP??  That just seems stupid.. Most cell connections do not allow unsolicited inbound to the device.. If on some hot spot wifi they sure and the F are not going to have UPnP running to allow their devices to request inbound ports.

    So at a loss to what sort of moronic APP on some mobile device would require UPnP to function??

  • There are some financial apps that wont work correctly when behind the pfsense firewall, but work fine when connected to just the cellular ISP. I guess I don't know for sure that it needs UPNP, but when I allowed the devices to use it, they started working correctly.

  • LAYER 8 Global Moderator

    What app?  Are you talking about logging into your bank account or something?

    So your saying that these apps don't work at starbucks or hotel wifi, or any other hotspot wifi - which are not going to have UPnP enable that is for damn sure..  I would have to assume the financial app maker would get flooded with support calls since the vast majority of wifi out there does not have UPnP enabled..

    UPnP allows for unsolicited inbound connections, to be forwarded at the nat device to your devices IP.. How would that be required for some app to work?  My guess is whatever you were doing for testing - something else changed when you think you enabled UPnP and so you think that is what fixed it.  Look in your UPnP status when using your APP and its working.. What does it show it opened?  This status will show you what was requested, what was opened, etc.