Project

General

Profile

Actions

Feature #4320

closed

Enable port-in-use checking in miniupnpd

Added by Daniel Becker almost 10 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
UPnP IGD & PCP
Target version:
Start date:
01/27/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

The miniupnpd port has a build-time option that forces it to check if the requested external port is already in use locally on the firewall. This prevents client mappings from interfering with services running on the firewall. This can be enabled by adding CHECK_PORTINUSE to the build options in the pfsense-tools repo; see attached patch.


Files

enable_portinuse.patch (444 Bytes) enable_portinuse.patch Daniel Becker, 01/27/2015 02:07 PM
Actions #1

Updated by Daniel Becker almost 10 years ago

This might actually be considered a bug rather than a feature, as without this change, miniupnpd will happily let LAN-side clients make e.g. web interface unreachable.

Actions #2

Updated by Daniel Becker almost 10 years ago

The effect that I see most often is Macs on the LAN adding a mapping for external port 4500 (for BTMM) and breaking IPsec in the process.

Actions #3

Updated by Renato Botelho about 9 years ago

  • Target version set to 2.3
Actions #4

Updated by Renato Botelho about 9 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #5

Updated by Chris Buechler about 9 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF