Enable port-in-use checking in miniupnpd
The miniupnpd port has a build-time option that forces it to check if the requested external port is already in use locally on the firewall. This prevents client mappings from interfering with services running on the firewall. This can be enabled by adding CHECK_PORTINUSE to the build options in the pfsense-tools repo; see attached patch.
This might actually be considered a bug rather than a feature, as without this change, miniupnpd will happily let LAN-side clients make e.g. web interface unreachable.
The effect that I see most often is Macs on the LAN adding a mapping for external port 4500 (for BTMM) and breaking IPsec in the process.
- Target version set to 2.3
- Status changed from New to Feedback
- % Done changed from 0 to 100
- Status changed from Feedback to Resolved
Also available in: Atom