[Solved] UPnP System ports (0-1023)

Friends, I have a question!
I Have a TP-Link Archer C7 AC1750 v.2.0 that has been flashed to LEDE at the moment 17.01.4.
With the stock firmware UPnP worked perfectly.
With LEDE, it does not redirect system ports (range 0-1023).
I Googled-read, that's the installation of kmod-nf-nathelper-extra does not solves this problem.
But, no - all ports 0-1023 are still not automatically redirected. Starting with 1024 port - everything works.

Who knows how to solve it, answer me!

See this OpenWRT article...

https://wiki.openwrt.org/doc/howto/upnp

However, as it mentions, enabling UPnP is a huge security risk.

The me question not about how to enable UPnP and how it dangerous...
Question is bound with UPnP...

jwoods, as i wrote UPnP in my router is work with ports starting from 1024.
Please feel the differences between my question and Your answer.
Anyway, thank You for the answer! :wink:

I don't think you're clear on what your asking.

kmod-nf-nathelper-extra has nothing to do with UPnP...it allows you to use multiple PPTP connections from LAN to WAN at the same time.

It's so pity that You don't clear understand my question...
For understanding my question is needs to know what's does it mean "system ports"
Article https://wiki.openwrt.org/doc/howto/vpn.nat.pptp
is not about my question, And I said about it above... :wink:

Look, do You know how to enable redirection system ports with UPnP or not?
By the way system ports starts 0 until 1023.

If You don't know, You:
a) Waste my time
b) Waste You time

It's up to You of course. =D

Sorry, it was my mistake I missed it does not solve ... It is important!
Right version is "I Googled-read, that’s the installation of kmod-nf-nathelper-extra does not solves this problem."

@vodek
Do you have luci-app-upnp with miniupnpd installed ?
You should be able to set up the port range there...
upnp

1 Like

Kherby! Great!

I assumed that the answer is uncomplicated, but many times looked at luci-app-upnp, I did not see the obvious at the emphasis!
Thank you very much, buddy!
I'm very ashamed that everything is so simple ...
Once again many thanks! :+1:

1 Like

Why do you want to utilize UPnP? UPnP should never be utilized as it's a major security risk, providing access to your device(s) from WAN.

  • Take the time, figure out what devices need port redirects (most do not), and manually configure firewall redirect rules.
1 Like

OMG!..
I just want to know how to open System ports! Because I want so. Nothing more!!!
I need not any advices about any risks, any kinds of fear etc. It's not to hard to understanding... :joy:

In all due respect, if you ask a question in a public forum, better be prepared to receive more than explicit answers to your explicit questions; after all you want to outsource doing research and often things are a tad more complicated than a direct response to a direct question can communicate.
Think about it that way, you ask a specific question, because with your background knowledge all you want is the "how to"; but the question an answer will be living on for a long time in the forum/internet, so it seems prudent and reasonable to add information about side effects and overall security concerns. Also by asking a question you immediately reveal that you are not omniscient (otherwise why ask in the first place) and since you did not explicitly mention that you know about the security considerations I believe it quite on topic for people to comment on this aspect. After all you want people to spend some of their time to fix your problem (instead of say doing research yourself) then you better be prepared to accept all of their answers as well-intended. Now, I might be reading to much into this and your smily might be there to acknowledge that; but in that case leading in your comment by a "Thank you very much everybody" followed by your remark.

This is a pretty nice and friendly forum, not in the least as most people are very curteous and assume the best intention by others, and we should cherish that.

1 Like

That's the purpose of UPnP... to open WAN ports automatically when requested by a LAN device.

Since LAN devices only require a handful of redirected ports, it doesn't require a lot of effort to determine what those ports are. If PortForward doesn't have them listed, they will be listed on the device manufacturer's website

This is massively insecure because it allows WAN hosts to make a request to the router and receive a reply back with a whole host of data about the network. Security researchers every year point to the tens of millions of devices, both consumer, and far more concerning, commercial and utility, which still have open WAN side ports allowing for remote communication.

With all due respect to all forum participants.
The specific question implies a specific answer!
The other is just disrespect and flood. Yes it is.
Let's respect each other and each other's time.
I have answer for my question from Kherby.
Thank You very much Kherby another one time!

2 Likes

You were provided with multiple specific answers. There is no need to utilize UPnP, as it's just as big of a security risk as WPS.

  • It's your device, your network... considering the router's firewall is what protects your digital life, one generally won't choose to knowingly make their router's firewall less secure.

    • By all means though, don't trust me, do your own research on google... such as this explanation on StackExchange

But your question was

So all you expected was a post stating
"I do!"
as that is a direct response to your specific question...

I am out of here, as this is not going to lead anywhere productive. As parting comment I refer to LEDE project rule # 12 (https://lede-project.org/rules); not clear to me how "insulting" people that spend time on your topic furthers that cause.

Look!
I did not asked about the dangers of uPnP. Yes, it is.
I asked how to open System ports (0-1023). Yes, it is.
I have right answer from my question. Yes, it is.
I'm very glad that you knows a lot about unauthorized access to devices with uPnP but it does not interest me at all. Yes, it is.
I need not any advices not related to my question. Yes, it is.

And what are you talking about? About what?
So, let's finish the flood.
It's just stupid.

Your questions were asked and answered.

Move on.

Do You want to talk about this? :rofl: