Feature #4320
Enable port-in-use checking in miniupnpd
Start date:
01/27/2015
Due date:
% Done:
100%
Estimated time:
Description
The miniupnpd port has a build-time option that forces it to check if the requested external port is already in use locally on the firewall. This prevents client mappings from interfering with services running on the firewall. This can be enabled by adding CHECK_PORTINUSE to the build options in the pfsense-tools repo; see attached patch.
Associated revisions
History
#1
Updated by Daniel Becker over 4 years ago
Updated by This might actually be considered a bug rather than a feature, as without this change, miniupnpd will happily let LAN-side clients make e.g. web interface unreachable.
#2
Updated by Daniel Becker over 4 years ago
The effect that I see most often is Macs on the LAN adding a mapping for external port 4500 (for BTMM) and breaking IPsec in the process.
#3
Updated by Renato Botelho over 3 years ago
Updated by - Target version set to 2.3
#4
Updated by Renato Botelho over 3 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 7d790fc310e3273122659b3d96186f16ac300972.
#5
Updated by Chris Buechler over 3 years ago
Updated by - Status changed from Feedback to Resolved
Enable CHECK_PORTINUSE option for net/miniupnpd, fixes #4320