FreshTomato Wiki

User Tools

Site Tools

Trace:
forward-upnp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
forward-upnp [2022/01/05 12:50] – created rs232forward-upnp [2024/11/27 01:54] (current) – [Settings] -Condense, formatting hogwild
Line 1: Line 1:
 ===== UPnP/NAT-PMP ===== ===== UPnP/NAT-PMP =====
  
-UPnP (Universal Plug and Play) is a controversial protocol which allows fully dynamic (automatic) port mapping from LAN IPs onto the Internet. UPnP has been heavily criticized for its poor security. With this protocol, each application program that uses the network maps its own ports automatically. In the screenshot below, you can see that the WhatsApp application has mapped certain ports on FreshTomato's WAN IP/Interface.+=== UPnP ===
  
-UPnP is the original implementation of this dynamic port-mapping protocol. NAT-PMP (NAT Port Mapping Protocol) is a newer, enhanced version of UPnPdesigned for better compatbility with Network Address Translation routing. NAT-PMP is part of Apple's Bonjour protocol, and is often used for streaming iTunes and other media.+Universal Plug and Play is a controversial protocol that allows fully dynamic (automatic) port mapping from LAN IP addresses onto the Internet. It has been criticized for its poor security. 
 + 
 +With UPnP, each network program maps its own ports automatically. In the screenshot below, WhatsApp has mapped certain ports on the WAN IP/Interface. UPnP is the original implementation of this protocol. 
 + 
 + \\ 
 + 
 + \\ \\  {{::port_forwarding-upnp-settings-2023.2.jpg?758}}  \\ 
 + 
 +=== NAT-PMP === 
 + 
 +NAT-PMP (Port Mapping Protocol) is a newer, enhanced version of UPnP. It was designed for better compatibility with NAT routing. NAT-PMP is part of Apple's Bonjour protocol, and is often used for streaming iTunes and other media.
  
 If you use dynamic port forwarding, you'll probably want to enable both protocols to maintain backward compatibility. If you use dynamic port forwarding, you'll probably want to enable both protocols to maintain backward compatibility.
  
-**Enable UPnP:** Enable and Disable UPnP. 
  
-**Enable NAT-PMP:** Enable/Disable NAT-PMP.+===== Settings ===== 
 + 
 +**Enable UPnP:**  Checking this enables UPnP. 
 + 
 + \\ 
 + 
 +**Enable NAT-PMP:**  Checking this enables NAT-PMP
 + 
 + \\ 
 + 
 +**Inactive Rule Cleaning:**  Sets the timeout period to remove rules counted from the last time traffic flowed. 
 + 
 + \\ 
 + 
 +{{::port_forwarding-upnp-settings-2023.2.jpg?816}} 
 + 
 + \\ 
 + 
 +**Cleaning Threshold:** here, set the maximum number of rules to be removed by an Interval. 
 + 
 + \\ 
 + 
 +**Secure Mode**: eabling this lets only the "owner LAN IP address" trigger its own mapping/unmapping. 
 + 
 +In other words, the client is only allowed to map an incoming port to its own IP address, not to another address.
  
-**Inactive Rule Cleaning:** The timeout period to remove rules counted from the last time traffic was seen flowing.+ \\
  
-**Cleaning Interval: **This specifies how often the cleaning sub-process is executed.+**Enable on:** this allows you to enable UPnp/NATPMP only on certain VLANs.
  
-**Cleaning Threshold:** The maximum number of rules to be removed by an Interval.+ \\
  
-**Secure Mode**: Allows only the "owner LAN IP" to trigger its own mapping/unmapping. In other words, the client could only map an incoming port to its own IP address, not to another IP address.+**Show in My Network Places:** if enabled, makes FreshTomato appear as a gateway in Windows' browsable LAN network (WORKGROUP or HOMEGROUP).
  
-**Enable on**: allows you to eanble UPnp/NATPMP only on certain VLANs, if needed.+ \\
  
-**Show in My Network Places**: If enabledmakes FreshTomato appear as a gateway in Windows' browsable LAN network (WORKGROUP or HOMEGROUP).+**Miniupnpd custom config:** hereenter custom configuration options unavailable in the web interface.
  
-**Miniupnpd custom config:** allows you to specify custom configuration options not available in the web interface. In the image below, UPnP requests/mappings are denied for a specific IP address only.\\  \\  \\  [[https://wiki.freshtomato.org/lib/exe/detail.php?id=upnp_nat-pmp&media=41c60df0025cd4247062abe372736c19.png|{{:41c60df0025cd4247062abe372736c19.png}}]]+In the image aboveall UPnP requests/mappings are denied for address 10.10.10.4, the only host on that subnet.\\ \\  \\   \\   \\   \\
  
  
forward-upnp.1641387030.txt.gz · Last modified: 2022/01/05 12:50 by rs232

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki