Project

General

Profile

Feature #4320

Enable port-in-use checking in miniupnpd

Added by Daniel Becker almost 5 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
uPNP
Target version:
Start date:
01/27/2015
Due date:
% Done:

100%

Estimated time:

Description

The miniupnpd port has a build-time option that forces it to check if the requested external port is already in use locally on the firewall. This prevents client mappings from interfering with services running on the firewall. This can be enabled by adding CHECK_PORTINUSE to the build options in the pfsense-tools repo; see attached patch.

enable_portinuse.patch (444 Bytes) enable_portinuse.patch Daniel Becker, 01/27/2015 02:07 PM

Associated revisions

Revision 7d790fc3 (diff)
Added by Renato Botelho about 4 years ago

Enable CHECK_PORTINUSE option for net/miniupnpd, fixes #4320

History

#1 Updated by Daniel Becker almost 5 years ago

This might actually be considered a bug rather than a feature, as without this change, miniupnpd will happily let LAN-side clients make e.g. web interface unreachable.

#2 Updated by Daniel Becker almost 5 years ago

The effect that I see most often is Macs on the LAN adding a mapping for external port 4500 (for BTMM) and breaking IPsec in the process.

#3 Updated by Renato Botelho about 4 years ago

  • Target version set to 2.3

#4 Updated by Renato Botelho about 4 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#5 Updated by Chris Buechler about 4 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF