Versions Compared

Old Version 2

changes.mady.by.user Guntis G.

Saved on

compared with

New Version 3

changes.mady.by.user Artūrs C.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The UPnP protocol is used for many modern applications, like most of DirectX games, as well as for various Windows Messenger features like remote assistance, application sharing, file transfer, voice, video from behind a firewall.

...

Warning

If you do not disable the allow-disable-external-interface, any user from the local network will be able (without any authentication procedures) to disable the router's external interface

UPnP Interfaces

Code Block
/ip upnp interfaces


PropertyDescription
interface (string; Default: )Interface name on which uPnP will be running
type (external | internal; Default: no)UPnP interface type:
  • external - the interface a global IP address is assigned to
  • internal - router's local interface the clients are connected to
forced-external-ip (Ip; Default: )Allow specifying what public IP to use if the external interface has more than one IP available.


Note

In more complex setups with VLANs, where the VLAN interface is considered as the LAN interface, the VLAN interface itself should be specified as the internal interface for UPnP to work properly.

...

Code Block
languageros
[admin@MikroTik] ip upnp> /ip firewall src-nat print
Flags: X - disabled, I - invalid, D - dynamic
  0   chain=srcnat action=masquerade out-interface=ether1
[admin@MikroTik] ip upnp>

To enable the UPnP feature:

Code Block
languageros
[admin@MikroTik] ip upnp> set enable=yes
[admin@MikroTik] ip upnp> print
                             enabled: yes
    allow-disable-external-interface: yes
                     show-dummy-rule: yes
[admin@MikroTik] ip upnp>

...

Code Block
languageros
[admin@MikroTik] ip upnp interfaces> add interface=ether1 type=external
[admin@MikroTik] ip upnp interfaces> add interface=ether2 type=internal
[admin@MikroTik] ip upnp interfaces> print
Flags: X - disabled
  #   INTERFACE TYPE
  0 X ether1    external
  1 X ether2    internal

[admin@MikroTik] ip upnp interfaces> enable 0,1

Now once the client from the internal interface side will send UPnP request dynamic NAT rules will be created on the router, example rules could look something similar to these:

Code Block
languageros
[admin@MTadmin@MikroTik] > ip firewall nat print 
Flags: X - disabled, I - invalid, D - dynamic 

0 chain=srcnat action=masquerade out-interface=ether1

1 D ;;; upnp 192.168.88.10: ApplicationX
chain=dstnat action=dst-nat to-addresses=192.168.88.10 to-ports=55000 protocol=tcp 
dst-address=10.0.0.1 in-interface=ether1 dst-port=55000

2 D ;;; upnp 192.168.88.10: ApplicationX
chain=dstnat action=dst-nat to-addresses=192.168.88.10 to-ports=55000 protocol=udp 
dst-address=10.0.0.1 in-interface=ether1 dst-port=55000

...