4. UPnP (miniupnpd)

UPnP (miniupnpd)

  • J

    Would using miniupnpd with an ACL to allow only one host (PS4) on an isolated VLAN be considered security malpractice?

    0
  • Rebel Alliance Developer Netgate

    That should be fine. The primary concern is allowing any host anywhere to open ports via UPnP, which can be dangerous. Since you are limiting the exposure of UPnP to a single host (PS4) and isolating it from the rest of your network, then you have greatly minimized your potential risk.

    0
    J
     1 Reply
  • J

    @jimp Thank you.

    I see this in the routing log:

    Jun 29 11:52:13 miniupnpd 65764 SSDP packet sender 192.168.20.50:46958 (if_index=10) not from a LAN, ignoring

    I think it's doing exactly what it should be doing, ignoring hosts not on a configured (in UPnP settings) network. That ip is a Sonos speaker. It's a lot of log spam, every 30 seconds or so and not the most descriptive message. The PS4 is on the "Media" VLAN and the Sonos Speakers are currently on the "Home" VLAN. UPnP is 'listening' only on Media.

    Thanks again!

    0
  • J

    Had a moment to look in the logs more closely. I see this:

    miniupnpd 34231 setsockopt(udp, IPV6_RECVPKTINFO): Invalid argument

    It works, but... This happens on restart of miniupnpd after any config change.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy