FreshTomato Wiki

User Tools

Site Tools

Trace:
forward-upnp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
forward-upnp [2023/06/24 17:06] – [Settings] -clarity, formatting, update screenshot to Settings only hogwildforward-upnp [2024/11/27 01:54] (current) – [Settings] -Condense, formatting hogwild
Line 1: Line 1:
 ===== UPnP/NAT-PMP ===== ===== UPnP/NAT-PMP =====
  
-UPnP (Universal Plug and Play) is a controversial protocol that allows fully dynamic (automatic) port mapping from LAN IP addresses onto the Internet. UPnP has been criticized for its poor security. With this protocol, each program that uses the network maps its own ports automatically. In the screenshot below, the WhatsApp application has mapped certain ports on FreshTomato's WAN IP/Interface.+=== UPnP ===
  
-UPnP is the original implementation of this dynamic port-mapping protocol. NAT-PMP (NAT Port Mapping Protocol) is a newer, enhanced version of UPnPdesigned for better compatibility with NAT routing. NAT-PMP is part of Apple's Bonjour protocol, and is often used for streaming iTunes and other media.+Universal Plug and Play is a controversial protocol that allows fully dynamic (automatic) port mapping from LAN IP addresses onto the Internet. It has been criticized for its poor security. 
 + 
 +With UPnP, each network program maps its own ports automatically. In the screenshot below, WhatsApp has mapped certain ports on the WAN IP/Interface. UPnP is the original implementation of this protocol. 
 + 
 + \\ 
 + 
 + \\ \\  {{::port_forwarding-upnp-settings-2023.2.jpg?758}}  \\ 
 + 
 +=== NAT-PMP === 
 + 
 +NAT-PMP (Port Mapping Protocol) is a newer, enhanced version of UPnP. It was designed for better compatibility with NAT routing. NAT-PMP is part of Apple's Bonjour protocol, and is often used for streaming iTunes and other media.
  
 If you use dynamic port forwarding, you'll probably want to enable both protocols to maintain backward compatibility. If you use dynamic port forwarding, you'll probably want to enable both protocols to maintain backward compatibility.
  
-===== Forwarded Ports ===== 
  
-This section contains a table displaying ports that are currently forwarded (with their external and internal port numbers).+===== Settings =====
  
-The **Internal Address** column displays the internal IP address of the network device that has triggered its own port mapping.+**Enable UPnP:**  Checking this enables UPnP.
  
-The **Protocol** column displays which protocol (TCP or UDP) is in use for the mapping in question.+ \\ 
 + 
 +**Enable NAT-PMP:**  Checking this enables NAT-PMP.
  
  \\  \\
  
-{{::port_forwarding-upnp-forwarded_ports-2023.2.jpg?819x153}}+**Inactive Rule Cleaning:**  Sets the timeout period to remove rules counted from the last time traffic flowed.
  
  \\  \\
  
-The **Description** column lists the name of the application program which performed the port-mapping.+{{::port_forwarding-upnp-settings-2023.2.jpg?816}}
  
 + \\
  
-===== Settings =====+**Cleaning Threshold:** here, set the maximum number of rules to be removed by an Interval.
  
-**Enable UPnP:**  Checking this enable UPnP.+ \\
  
-**Enable NAT-PMP:**  Checking this enables NAT-PMP.+**Secure Mode**: eabling this lets only the "owner LAN IP address" trigger its own mapping/unmapping.
  
-**Inactive Rule Cleaning:**  Enabling this sets the timeout period to remove rules counted from the last time traffic was flowing.+In other words, the client is only allowed to map an incoming port to its own IP address, not to another address.
  
  \\  \\
  
-{{::port_forwarding-upnp-settings-2023.2.jpg?816}}+**Enable on:** this allows you to enable UPnp/NATPMP only on certain VLANs.
  
  \\  \\
  
-**Cleaning Threshold:** Hereyou set the maximum number of rules to be removed by an Interval.+**Show in My Network Places:** if enabledmakes FreshTomato appear as a gateway in Windows' browsable LAN network (WORKGROUP or HOMEGROUP).
  
-**Secure Mode**:  Enabling this allows only the "owner LAN IP address" to trigger its own mapping/unmapping. In other words, the client is only allowed to map an incoming port to its own IP address, not to another address. + \\
- +
-**Enable on:**  This allows you to enable UPnp/NATPMP only on certain VLANs.+
  
-**Show in My Network Places:**  If enabledthis makes FreshTomato appear as a gateway in Windows' browsable LAN network (WORKGROUP or HOMEGROUP).+**Miniupnpd custom config:** hereenter custom configuration options unavailable in the web interface.
  
-**Miniupnpd custom config:**  In this field, you can enter custom configuration options not available in the web interface. In the image above, all UPnP requests/mappings are denied for address 10.10.10.4, the only host on that subnet.\\ \\  \\+In the image above, all UPnP requests/mappings are denied for address 10.10.10.4, the only host on that subnet.\\ \\  \\   \\   \\   \\
  
  
forward-upnp.1687622786.txt.gz · Last modified: 2023/06/24 17:06 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki