Firewall Wizards mailing list archives
Re: Is NAT in OpenBSD PF UPnP enabled or Non UPnP?
From: Darren Reed <darrenr () reed wattle id au>
Date: Wed, 1 Jun 2005 19:01:31 +1000 (EST)
On May 30, 2005, at 10:31 PM, Darren Reed wrote:Is the NAT in PF UPnP enabled?? or could someone tell me how I can accomplish this with OpenBSD.The only free, unix-based, UPnP implementation is for Linux and iptables, so your solution is to wipe OpenBSD and install Linux. When it comes to things like UPnP, there are a lot of luddites in the *BSD community. Others of us, who have benefited from it and understand why it is useful, just don't have time.An odd set of comments to make. I understand why UPnP is useful, and it is a fine thing for your LAN at home or maybe a tiny business which can't afford anyone to actually manage the network, but the people on this list ought to have some concern about security, too.
Not really an odd set of comments, go ask on an openbsd or pf mailing list if someone has developed a UPnP server yet and see how many abusive replies you get back about it being insecure, etc. Luddites.
I don't see how permitting arbitrary services to go through can be a good idea from that standpoint, any more than permitting arbitrary RPC through is a good idea....
Do you let ssh through a firewall? If you let that through, with tunnelling, you may as well be letting through arbitrary services. If you're letting HTTP thorugh a firewall, you're letting RPC through (remember SOAP ?)
To the OP: why are you trying to do UPnP through a firewall? Why can't you put the devices which are permitted/expected to talk to each other with that kind of freedom on the same subnet?
Ugh. You make it sound like you really don't understand UPnP or what he wants to do at all. UPnP is a firewall to host protocol/service, generally NOT something that goes through it. It's most often used by services running on an internal host that want to have someone connect in, but can't because of NAT. Personally, I'd prefer to be able to configure a UPnP server than just open random ports, permanently on my firewall, wouldn't you? Would you rather have a static configuration for bittorrent that always redirected port 6881-6889 (and had them open, regardless of whether or not your client was running) or configure a piece of software to open those ports, as required by the application? People seem to think "oh no, devices can control the firewall and make it open everything!" - bah, that's just an implementation detail. Anyway, I could go on but I gotta run... Darren _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Is NAT in OpenBSD PF UPnP enabled or Non UPnP? Darren Reed (Jun 01)
- Re: Is NAT in OpenBSD PF UPnP enabled or Non UPnP? Chuck Swiger (Jun 01)
- Re: Is NAT in OpenBSD PF UPnP enabled or Non UPnP? Darren Reed (Jun 01)
- Message not available
- Re: Is NAT in OpenBSD PF UPnP enabled or Non UPnP? Chuck Swiger (Jun 02)
- Re: Is NAT in OpenBSD PF UPnP enabled or Non UPnP? Darren Reed (Jun 02)
- Re: Is NAT in OpenBSD PF UPnP enabled or Non UPnP? Chuck Swiger (Jun 02)
- Re: Is NAT in OpenBSD PF UPnP enabled or Non UPnP? Darren Reed (Jun 04)
- Re: Is NAT in OpenBSD PF UPnP enabled or Non UPnP? Paul D. Robertson (Jun 04)
- Re: Is NAT in OpenBSD PF UPnP enabled or Non UPnP? Darren Reed (Jun 04)
- Re: Is NAT in OpenBSD PF UPnP enabled or Non UPnP? Paul D. Robertson (Jun 04)
- RE: Is NAT in OpenBSD PF UPnP enabled or Non UPnP? FirewallAdmin (Jun 10)
- Re: Is NAT in OpenBSD PF UPnP enabled or Non UPnP? Darren Reed (Jun 01)
- Re: Is NAT in OpenBSD PF UPnP enabled or Non UPnP? Chuck Swiger (Jun 01)