This shows you the differences between two versions of the page.
Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
userdoc:tt_universal_plug_play [2012/07/08 16:04] abelbeck |
userdoc:tt_universal_plug_play [2012/07/17 15:09] abelbeck |
Within AstLinux there are a few power user features to help minimize the security risks. | Within AstLinux there are a few power user features to help minimize the security risks. |
| |
* The configuration variable ''UPNP_ALLOW'' defaults to not being defined, so any client within the selected interface's network may dynamically define NAT EXT->LAN firewall rules. Setting ''UPNP_ALLOW'' to an IPv4 address, or space separated list of IPv4 addresses, will restrict only those addresses to be able to define NAT EXT->LAN firewall rules. For example if your XBox is assigned the IPv4 address 192.168.101.90, setting UPNP_ALLOW="192.168.101.90" will only allow your XBox to define NAT EXT->LAN firewall rules. | * The configuration variable ''UPNP_ALLOW'' defaults to not being defined, so any client within the selected interface's network may dynamically define NAT EXT->LAN firewall rules. Setting ''UPNP_ALLOW'' to an IPv4 address, or space separated list of IPv4 addresses, will restrict only those addresses to be able to define NAT EXT->LAN firewall rules. For example if your XBox is assigned the IPv4 address 192.168.101.90, setting ''UPNP_ALLOW="192.168.101.90"'' will only allow your XBox to define NAT EXT->LAN firewall rules. |
| |
* The configuration variable ''UPNP_SECURE_MODE'' defaults to ''UPNP_SECURE_MODE="yes"'' which limits clients to add mappings to only their IPv4 address. Setting ''UPNP_SECURE_MODE="no"'' will disable "secure mode" but may be required in some situations. | * The configuration variable ''UPNP_SECURE_MODE'' defaults to ''UPNP_SECURE_MODE="yes"'' which limits clients to add mappings to only their IPv4 address. Setting ''UPNP_SECURE_MODE="no"'' will disable "secure mode" but may be required in some situations. |
| |
* Users with networking experience may define a separate internal interface LAN or DMZ via a VLAN to contain only Universal Plug'n'Play clients. Then using a managed switch, force these clients on this special Universal Plug'n'Play network. The //Interfaces:// setting above would only be this one special network. | * Users with networking experience may define a separate internal interface LAN or DMZ via a VLAN to contain only Universal Plug'n'Play clients. Then using a managed switch, configure these clients on this special Universal Plug'n'Play network. The //Interfaces:// setting above would only be this one special network. |
| |
* By default only port numbers 1024 through 65535 are allowed to be remapped. | * Only port numbers 1024 through 65535 are allowed to be remapped for the external interface and also by default on the internal interface(s). The variable ''UPNP_ALLOW'' may optionally specify the allowed internal port-range along with the IPv4 address, defaulting to 1024-65535 . For example ''UPNP_ALLOW="192.168.101.90~3000-4000"'' will allow an internal port range of 3000-4000 for IPv4 address 192.168.101.90. |
| |