Comments on Administrating Your Gateway Device Via UPnP

Administrating Your Gateway Device Via UPnP Do you often need to reconnect due to download purposes or forward ports manually because some applications don't support it natively? Then this is the right thing for you!This howto covers a Perl script allowing you to administrate your gateway device via UPnP. You can reconnect, add and remove port forwarding entries and many more.

18 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Anonymous

That line is supposed to be:

chomp($devnum = <>);

But the less than and greater than signs got disappeared. (Probably because it looked like an HTML tag and got stripped.)

I know that what it's supposed to be because you can download the script from his blog: http://mydeblog.hostcell.net/2009/04/21/administrating-your-gateway-device-via-upnp/

By: nikhil

thanks for pointing that out

i was getting the same error

By: Anonymous

After fixing the chomp error and running the script I get a 

 'Command failed'

 with no explanation..

By: Anonymous

That is not quite true.  Any internal application then has the ability to not only cause issues with your computer but to manipulate your firewall as well.  Think viruses or malware.  Say you accidentally get a virus on your PC.  It scans not only your PC but your whole network for services.  Then it uses high port ranges to open up all of your services to the internet.  It can simply report home what it's current IP is.  This is disastrous for a business network but can cause a lot of grief at home as well.


 

By: Jafo

In what you describe it doesn't matter if you are using uPnP or not!

When there's a possibility to execute malicious within a LAN all the shares, intranet webservers, printers and other apps/devices can be a victim. This isn't bound to uPnP only!

By: Anonymous

That's not entirely true. If your router doesn't respond to UPNP requests on the WAN (as most are not configured to ignore) UPNP will not make your machines behind the router more exposed. Obviously, if the applications that are published to the WAN have security issues then the machine can potentially be exploited, however this would be the same with or without UPNP

By:

Even if it is a private home network as long as the device is connected to the internet, it can be taken over due to the weakness of upnp. so tell me if you do not have a problem with your home router being part of a zombie botnet.

By: Anonymous

If it's a private home network, I don't see a problem.

 

By: Mehdi

# ./igdctl.pl -p
syntax error at ./igdctl.pl line 132, near "= )"
Execution of ./igdctl.pl aborted due to compilation errors.

By: Anonymous

Exactly what I was thinking. uPnP = only for media streaming.

By:

The UPNP protocol is by default insecure, i would think twice before implementing it on a gateway device.

 http://en.wikipedia.org/wiki/Universal_Plug_and_Play#Problems_with_UPnP

By: DS

I think the regular expression for the $duration variable should be ($duration =~ m/^\d+$/) instead of m/^\d$/ line 105.

Curiously my gate device will not accept the add-port request if I do not declare a duration.

By: Anonymous

After installing the perl extension and changing the privileges on the file.  I run it, but I get "No Device Found"

any thoughts?

thanks,

jeffrey

By: Anonymous

I had the same problem with it reporting no devices even though other programs had worked. The easy solution I found was to disable my firewall. The better solution would be for it to open up a port on the local machine to allow incoming packets. The only thing is it doesn't listen on a constant port, I've seen some that listen on 1901, in which case you could manually open up port 1901 on your firewall. You could modify the UPnP perl module to send from port 1901 in which case replies will come back to that port and you can open it up on your firewall.

To make sure your UPnP enabled device is responding to the request use ngrep:

# ngrep -d wlan0 -qttl -W byline port 1900

-Indie

By: Anonymous

Good article, but surely you mean "Administering your gateway device via UPnP"

By: PhobosK

Another problem for the script is the <data> usage on line 109 - DATA is case sensitive - so it should be:

 

print STDOUT <DATA> and exit 2;

By: Dariusaurius

Thanks for providing the script to us! 

For all those of you who wants to us the script with docker, I want you share my dockerfile with you: 

dariusaurius/igdctl: UPnP gateway port mapper with Docker (github.com)

By: Andrew Jobson

This is excellent but requires the fixes:

Line 132 should be chomp($devnum = <>);

Line 109 should be print STDOUT <DATA> and exit 2;

 

Also, some routers expose the service urn:schemas-upnp-org:service:WANPPPConnection:1 rather than urn:schemas-upnp-org:service:WANIPConnection:1

I think they are functionally identical, so to fix the script for my (WANPPPConnection) case, I inserted this on just after line 147:

# AJ additional - look for a WANPPPConnection if we didn't find a WANIPConnection

if(!$service) {

$service = $device->getservicebyname("urn:schemas-upnp-org:service:WANPPPConnection:1");

}