UFW blocking upnp port mapping

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP








up vote
1
down vote

favorite
1












I'm attempting to use portmapper-2.1.1 (https://github.com/kaklakariada/portmapper) to get a upnp mapping to my ubuntu 16.04LTS machine.



I've got UFW configured to allow all outgoing and block incoming (aside from a few specific ports).



I thought this would work because I'm running portmapper on the ubuntu box (eg. outgoing), but isn't. I think this is due to the way upnp is setup to find clients. To be clear, with UFW disabled, portmapper works as expected.



My first thought was to just allow the port that the upnp service 'replies' on, but that seems to be random. Ex (from my UFW log):



Apr 26 19:07:34 [UFW BLOCK] IN=enp2s0 OUT= SRC=192.168.1.1 DST=192.168.1.161 LEN=411 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=41927 LEN=391



Apr 26 19:33:32 [UFW BLOCK] IN=enp2s0 OUT= SRC=192.168.1.1 DST=192.168.1.161 LEN=411 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=60212 LEN=391



(192.168.1.1 is my router, 192.168.1.161 is the ubuntu box)



I don't want to just open most/all ports to incoming udp packets for this, so the question is: Is there a UFW/iptables rule that will allow this to work that isn't just 'allow everything'?




16.04 networking server ufw upnp




share|improve this question
























    up vote
    1
    down vote

    favorite
    1












    I'm attempting to use portmapper-2.1.1 (https://github.com/kaklakariada/portmapper) to get a upnp mapping to my ubuntu 16.04LTS machine.



    I've got UFW configured to allow all outgoing and block incoming (aside from a few specific ports).



    I thought this would work because I'm running portmapper on the ubuntu box (eg. outgoing), but isn't. I think this is due to the way upnp is setup to find clients. To be clear, with UFW disabled, portmapper works as expected.



    My first thought was to just allow the port that the upnp service 'replies' on, but that seems to be random. Ex (from my UFW log):



    Apr 26 19:07:34 [UFW BLOCK] IN=enp2s0 OUT= SRC=192.168.1.1 DST=192.168.1.161 LEN=411 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=41927 LEN=391



    Apr 26 19:33:32 [UFW BLOCK] IN=enp2s0 OUT= SRC=192.168.1.1 DST=192.168.1.161 LEN=411 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=60212 LEN=391



    (192.168.1.1 is my router, 192.168.1.161 is the ubuntu box)



    I don't want to just open most/all ports to incoming udp packets for this, so the question is: Is there a UFW/iptables rule that will allow this to work that isn't just 'allow everything'?




    16.04 networking server ufw upnp




    share|improve this question






















      up vote
      1
      down vote

      favorite
      1









      up vote
      1
      down vote

      favorite
      1






      1





      I'm attempting to use portmapper-2.1.1 (https://github.com/kaklakariada/portmapper) to get a upnp mapping to my ubuntu 16.04LTS machine.



      I've got UFW configured to allow all outgoing and block incoming (aside from a few specific ports).



      I thought this would work because I'm running portmapper on the ubuntu box (eg. outgoing), but isn't. I think this is due to the way upnp is setup to find clients. To be clear, with UFW disabled, portmapper works as expected.



      My first thought was to just allow the port that the upnp service 'replies' on, but that seems to be random. Ex (from my UFW log):



      Apr 26 19:07:34 [UFW BLOCK] IN=enp2s0 OUT= SRC=192.168.1.1 DST=192.168.1.161 LEN=411 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=41927 LEN=391



      Apr 26 19:33:32 [UFW BLOCK] IN=enp2s0 OUT= SRC=192.168.1.1 DST=192.168.1.161 LEN=411 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=60212 LEN=391



      (192.168.1.1 is my router, 192.168.1.161 is the ubuntu box)



      I don't want to just open most/all ports to incoming udp packets for this, so the question is: Is there a UFW/iptables rule that will allow this to work that isn't just 'allow everything'?




      16.04 networking server ufw upnp




      share|improve this question












      I'm attempting to use portmapper-2.1.1 (https://github.com/kaklakariada/portmapper) to get a upnp mapping to my ubuntu 16.04LTS machine.



      I've got UFW configured to allow all outgoing and block incoming (aside from a few specific ports).



      I thought this would work because I'm running portmapper on the ubuntu box (eg. outgoing), but isn't. I think this is due to the way upnp is setup to find clients. To be clear, with UFW disabled, portmapper works as expected.



      My first thought was to just allow the port that the upnp service 'replies' on, but that seems to be random. Ex (from my UFW log):



      Apr 26 19:07:34 [UFW BLOCK] IN=enp2s0 OUT= SRC=192.168.1.1 DST=192.168.1.161 LEN=411 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=41927 LEN=391



      Apr 26 19:33:32 [UFW BLOCK] IN=enp2s0 OUT= SRC=192.168.1.1 DST=192.168.1.161 LEN=411 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=60212 LEN=391



      (192.168.1.1 is my router, 192.168.1.161 is the ubuntu box)



      I don't want to just open most/all ports to incoming udp packets for this, so the question is: Is there a UFW/iptables rule that will allow this to work that isn't just 'allow everything'?





      16.04 networking server ufw upnp





      share|improve this question











      share|improve this question




      share|improve this question










      asked Apr 26 at 23:41









      aaa

      62




      62




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          1
          down vote













          It looks like the packets you need to allow have these characteristics:



          • They are incoming on interface enp2s0

          • They have a source IP address of 192.168.1.1

          • They have a source UDP port of 1900

          So what you need is to allow all incoming UDP packets from 192.168.1.1 port 1900.



          Use this command to add the rule:



          sudo ufw allow from 192.168.1.1 port 1900 to any proto udp


          Check out the added rule:



          me@ubuntu:~$ sudo ufw status
          Status: active

          To Action From
          -- ------ ----
          Anywhere ALLOW 192.168.1.1 1900/udp


          Hope this helps!






          share|improve this answer




















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "89"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1028570%2fufw-blocking-upnp-port-mapping%23new-answer', 'question_page');

            );

            Post as a guest

















            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            1
            down vote













            It looks like the packets you need to allow have these characteristics:



            • They are incoming on interface enp2s0

            • They have a source IP address of 192.168.1.1

            • They have a source UDP port of 1900

            So what you need is to allow all incoming UDP packets from 192.168.1.1 port 1900.



            Use this command to add the rule:



            sudo ufw allow from 192.168.1.1 port 1900 to any proto udp


            Check out the added rule:



            me@ubuntu:~$ sudo ufw status
            Status: active

            To Action From
            -- ------ ----
            Anywhere ALLOW 192.168.1.1 1900/udp


            Hope this helps!






            share|improve this answer
























              up vote
              1
              down vote













              It looks like the packets you need to allow have these characteristics:



              • They are incoming on interface enp2s0

              • They have a source IP address of 192.168.1.1

              • They have a source UDP port of 1900

              So what you need is to allow all incoming UDP packets from 192.168.1.1 port 1900.



              Use this command to add the rule:



              sudo ufw allow from 192.168.1.1 port 1900 to any proto udp


              Check out the added rule:



              me@ubuntu:~$ sudo ufw status
              Status: active

              To Action From
              -- ------ ----
              Anywhere ALLOW 192.168.1.1 1900/udp


              Hope this helps!






              share|improve this answer






















                up vote
                1
                down vote










                up vote
                1
                down vote









                It looks like the packets you need to allow have these characteristics:



                • They are incoming on interface enp2s0

                • They have a source IP address of 192.168.1.1

                • They have a source UDP port of 1900

                So what you need is to allow all incoming UDP packets from 192.168.1.1 port 1900.



                Use this command to add the rule:



                sudo ufw allow from 192.168.1.1 port 1900 to any proto udp


                Check out the added rule:



                me@ubuntu:~$ sudo ufw status
                Status: active

                To Action From
                -- ------ ----
                Anywhere ALLOW 192.168.1.1 1900/udp


                Hope this helps!






                share|improve this answer












                It looks like the packets you need to allow have these characteristics:



                • They are incoming on interface enp2s0

                • They have a source IP address of 192.168.1.1

                • They have a source UDP port of 1900

                So what you need is to allow all incoming UDP packets from 192.168.1.1 port 1900.



                Use this command to add the rule:



                sudo ufw allow from 192.168.1.1 port 1900 to any proto udp


                Check out the added rule:



                me@ubuntu:~$ sudo ufw status
                Status: active

                To Action From
                -- ------ ----
                Anywhere ALLOW 192.168.1.1 1900/udp


                Hope this helps!







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered May 3 at 16:56







                user822833


































                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1028570%2fufw-blocking-upnp-port-mapping%23new-answer', 'question_page');

                    );

                    Post as a guest
































































                    -

                    Popular posts from this blog

                    pylint3 and pip3 broken

                    Image
                    Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I have tried sudo apt remove --purge on various packages. I get the same when I reinstall. I have also tried reinstall using aptitude. This does not work. My current workaround is to run pylint3 as root, which works, but is bad practice. pip3 $ pip3 Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pip/_vendor/__init__.py", line 33, in vendored __import__(vendored_name, globals(), locals(), level=0) ImportError: No module named 'pip._vendor.pkg_resources' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/bin/pip3", line 9, in <module> from pip import main File "/usr/lib/python3/dist-packages/pip/__init__.py", line 13, in <module> from pip.exceptions import InstallationError, CommandError, PipError File "/usr/lib/python3/dist-packages/pip/exceptions.py", line 6, ...
                    Read more

                    Missing snmpget and snmpwalk

                    Image
                    Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I have installed Zabbix appliance, directly preinstalled and found that there is missing snmpwalk and snmpget commands. I tried to install it with: apt-get install net-snmp-utils but I have error message: Unable to locate package. I have also check what from SNMP is preinstalled and there is: libsnmp-base libsnmp30:amd64 snmp-mibs-downloader snmpd snmptrapd snmptrapfmt How can I install snmpget and snmpwalk ? snmp zabbix share | improve this question edited Jan 29 at 10:10 Yaron 8,552 7 18 38 asked Jan 29 at 9:51 Alfista 1 apt install snmp perhaps ? If named differently - apt cache snmp – fugitive Jan 29 at 10:00 add a comment  |  up vote 0 down vote favorite I have installed Zabbix appliance, directly preinstalled and found that there is missing snmpwalk and snmpget commands. I tried...
                    Read more

                    How to enroll fingerprints to Ubuntu 17.10 with VFS491

                    Image
                    Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I decided to switch from Windows to Ubuntu 17.10, I meet it like 8 years ago and I didn't decided to switch until now (haha). Well, my actual device is an HP Probook 4540s with a Validity fingerprint sensor (VFS491). The fingerprint sensor worked fine on Windows but I can't get it to work in Ubuntu. The device is recognized as 138a:003d but is not detected as a fingerprint scanner by some apps like Fingerprint GUI. I want to use the fingerprint scanner to log in into my user account in Ubuntu but it doesn't supports fingerprints without special software and the drivers of the fingerprint scanner are available for Windows but not for any Linux distribution. I found something on GitHub (https://github.com/eekpie/libfprint) about the integration of the VFS491 in libfprint and I think it can help but I don't know what to do with it, so that's why I need the help of the community to do it since I am...
                    Read more