UFW blocking upnp port mapping
It looks like the packets you need to allow have these characteristics:
- They are incoming on interface enp2s0
- They have a source IP address of 192.168.1.1
- They have a source UDP port of 1900
So what you need is to allow all incoming UDP packets from 192.168.1.1 port 1900.
Use this command to add the rule:
sudo ufw allow from 192.168.1.1 port 1900 to any proto udp
Check out the added rule:
me@ubuntu:~$ sudo ufw status
Status: active
To Action From
-- ------ ----
Anywhere ALLOW 192.168.1.1 1900/udp
Hope this helps!
Related videos on Youtube
01 : 58
03 : 58
08 : 03
02 : 32
09 : 31
aaa
Updated on September 18, 2022Comments
-
aaa over 1 year
I'm attempting to use portmapper-2.1.1 (https://github.com/kaklakariada/portmapper) to get a upnp mapping to my ubuntu 16.04LTS machine.
I've got UFW configured to allow all outgoing and block incoming (aside from a few specific ports).
I thought this would work because I'm running portmapper on the ubuntu box (eg. outgoing), but isn't. I think this is due to the way upnp is setup to find clients. To be clear, with UFW disabled, portmapper works as expected.
My first thought was to just allow the port that the upnp service 'replies' on, but that seems to be random. Ex (from my UFW log):
Apr 26 19:07:34 [UFW BLOCK] IN=enp2s0 OUT= SRC=192.168.1.1 DST=192.168.1.161 LEN=411 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=41927 LEN=391
Apr 26 19:33:32 [UFW BLOCK] IN=enp2s0 OUT= SRC=192.168.1.1 DST=192.168.1.161 LEN=411 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=60212 LEN=391
(192.168.1.1 is my router, 192.168.1.161 is the ubuntu box)
I don't want to just open most/all ports to incoming udp packets for this, so the question is: Is there a UFW/iptables rule that will allow this to work that isn't just 'allow everything'?