pfSense Gold Subscription

Author Topic: UPnP Configuration Habits  (Read 882 times)

0 Members and 1 Guest are viewing this topic.

Offline behemyth

  • Jr. Member
  • **
  • Posts: 29
  • Karma: +2/-0
    • View Profile
UPnP Configuration Habits
« on: April 12, 2017, 03:03:47 pm »
Hey Jimp one more question, do you have UPNP set to use an Access List for UPNP access, or do you just allow anything to use it? I'm curious what a person with real knowledge sets it to.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21387
  • Karma: +1432/-26
    • View Profile
Re: UPnP Configuration Habits
« Reply #1 on: April 13, 2017, 08:22:21 am »
[This wasn't relevant to the old thread so I split it off]

On the segment where I have UPnP enabled, I just leave it wide open.

I should probably setup some ACLs since there are very few things I need UPnP to do, but I am inherently lazy and prefer the few things that need it to Just Work™.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline behemyth

  • Jr. Member
  • **
  • Posts: 29
  • Karma: +2/-0
    • View Profile
Re: UPnP Configuration Habits
« Reply #2 on: April 13, 2017, 09:11:23 am »
Haha I understand. I'm currently using ACL's to try to lock it down, but with mobile devices and poor network coding by app dev's I'm finding i have to add quite a few devices. I might just do what you did then and leave it wide open so I don't have to deal with it.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14431
  • Karma: +1336/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: UPnP Configuration Habits
« Reply #3 on: April 27, 2017, 06:51:22 am »
What application are you running on a mobile device that would need UPnP??  That just seems stupid.. Most cell connections do not allow unsolicited inbound to the device.. If on some hot spot wifi they sure and the F are not going to have UPnP running to allow their devices to request inbound ports.

So at a loss to what sort of moronic APP on some mobile device would require UPnP to function??
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE (home)

Offline behemyth

  • Jr. Member
  • **
  • Posts: 29
  • Karma: +2/-0
    • View Profile
Re: UPnP Configuration Habits
« Reply #4 on: April 28, 2017, 02:09:15 pm »
There are some financial apps that wont work correctly when behind the pfsense firewall, but work fine when connected to just the cellular ISP. I guess I don't know for sure that it needs UPNP, but when I allowed the devices to use it, they started working correctly.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14431
  • Karma: +1336/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: UPnP Configuration Habits
« Reply #5 on: April 30, 2017, 06:57:38 am »
What app?  Are you talking about logging into your bank account or something?

So your saying that these apps don't work at starbucks or hotel wifi, or any other hotspot wifi - which are not going to have UPnP enable that is for damn sure..   I would have to assume the financial app maker would get flooded with support calls since the vast majority of wifi out there does not have UPnP enabled..

UPnP allows for unsolicited inbound connections, to be forwarded at the nat device to your devices IP.. How would that be required for some app to work?  My guess is whatever you were doing for testing - something else changed when you think you enabled UPnP and so you think that is what fixed it.  Look in your UPnP status when using your APP and its working.. What does it show it opened?  This status will show you what was requested, what was opened, etc.
« Last Edit: April 30, 2017, 07:00:53 am by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE (home)