Comments on Administrating Your Gateway Device Via UPnP
Administrating Your Gateway Device Via UPnP Do you often need to reconnect due to download purposes or forward ports manually because some applications don't support it natively? Then this is the right thing for you!This howto covers a Perl script allowing you to administrate your gateway device via UPnP. You can reconnect, add and remove port forwarding entries and many more.
18 Comment(s)
Comments
That line is supposed to be:
chomp($devnum = <>);
But the less than and greater than signs got disappeared. (Probably because it looked like an HTML tag and got stripped.)
I know that what it's supposed to be because you can download the script from his blog: http://mydeblog.hostcell.net/2009/04/21/administrating-your-gateway-device-via-upnp/
thanks for pointing that out
i was getting the same error
After fixing the chomp error and running the script I get a
'Command failed'
with no explanation..
That is not quite true. Any internal application then has the ability to not only cause issues with your computer but to manipulate your firewall as well. Think viruses or malware. Say you accidentally get a virus on your PC. It scans not only your PC but your whole network for services. Then it uses high port ranges to open up all of your services to the internet. It can simply report home what it's current IP is. This is disastrous for a business network but can cause a lot of grief at home as well.
In what you describe it doesn't matter if you are using uPnP or not!
When there's a possibility to execute malicious within a LAN all the shares, intranet webservers, printers and other apps/devices can be a victim. This isn't bound to uPnP only!
That's not entirely true. If your router doesn't respond to UPNP requests on the WAN (as most are not configured to ignore) UPNP will not make your machines behind the router more exposed. Obviously, if the applications that are published to the WAN have security issues then the machine can potentially be exploited, however this would be the same with or without UPNP
Even if it is a private home network as long as the device is connected to the internet, it can be taken over due to the weakness of upnp. so tell me if you do not have a problem with your home router being part of a zombie botnet.
If it's a private home network, I don't see a problem.
# ./igdctl.pl -p
syntax error at ./igdctl.pl line 132, near "= )"
Execution of ./igdctl.pl aborted due to compilation errors.
Exactly what I was thinking. uPnP = only for media streaming.
The UPNP protocol is by default insecure, i would think twice before implementing it on a gateway device.
http://en.wikipedia.org/wiki/Universal_Plug_and_Play#Problems_with_UPnP
I think the regular expression for the $duration variable should be ($duration =~ m/^\d+$/) instead of m/^\d$/ line 105.
Curiously my gate device will not accept the add-port request if I do not declare a duration.
After installing the perl extension and changing the privileges on the file. I run it, but I get "No Device Found"
any thoughts?
thanks,
jeffrey
I had the same problem with it reporting no devices even though other programs had worked. The easy solution I found was to disable my firewall. The better solution would be for it to open up a port on the local machine to allow incoming packets. The only thing is it doesn't listen on a constant port, I've seen some that listen on 1901, in which case you could manually open up port 1901 on your firewall. You could modify the UPnP perl module to send from port 1901 in which case replies will come back to that port and you can open it up on your firewall.
To make sure your UPnP enabled device is responding to the request use ngrep:
# ngrep -d wlan0 -qttl -W byline port 1900
-Indie
Good article, but surely you mean "Administering your gateway device via UPnP"
Another problem for the script is the <data> usage on line 109 - DATA is case sensitive - so it should be:
print STDOUT <DATA> and exit 2;
Thanks for providing the script to us!
For all those of you who wants to us the script with docker, I want you share my dockerfile with you:
dariusaurius/igdctl: UPnP gateway port mapper with Docker (github.com)
This is excellent but requires the fixes:
Line 132 should be chomp($devnum = <>);
Line 109 should be print STDOUT <DATA> and exit 2;
Also, some routers expose the service urn:schemas-upnp-org:service:WANPPPConnection:1 rather than urn:schemas-upnp-org:service:WANIPConnection:1
I think they are functionally identical, so to fix the script for my (WANPPPConnection) case, I inserted this on just after line 147:
# AJ additional - look for a WANPPPConnection if we didn't find a WANIPConnection
if(!$service) {
$service = $device->getservicebyname("urn:schemas-upnp-org:service:WANPPPConnection:1");
}