Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    UPnP (miniupnpd)

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 719 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      Would using miniupnpd with an ACL to allow only one host (PS4) on an isolated VLAN be considered security malpractice?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That should be fine. The primary concern is allowing any host anywhere to open ports via UPnP, which can be dangerous. Since you are limiting the exposure of UPnP to a single host (PS4) and isolating it from the rest of your network, then you have greatly minimized your potential risk.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        ? 1 Reply Last reply Reply Quote 0
        • ?
          A Former User @jimp
          last edited by A Former User

          @jimp Thank you.

          I see this in the routing log:

          Jun 29 11:52:13 miniupnpd 65764 SSDP packet sender 192.168.20.50:46958 (if_index=10) not from a LAN, ignoring

          I think it's doing exactly what it should be doing, ignoring hosts not on a configured (in UPnP settings) network. That ip is a Sonos speaker. It's a lot of log spam, every 30 seconds or so and not the most descriptive message. The PS4 is on the "Media" VLAN and the Sonos Speakers are currently on the "Home" VLAN. UPnP is 'listening' only on Media.

          Thanks again!

          1 Reply Last reply Reply Quote 0
          • ?
            A Former User
            last edited by

            Had a moment to look in the logs more closely. I see this:

            miniupnpd 34231 setsockopt(udp, IPV6_RECVPKTINFO): Invalid argument

            It works, but... This happens on restart of miniupnpd after any config change.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.