[ previous ] [ next ] [ threads ]
 From:  "Quark IT - Hilton Travis" <Hilton at quarkit dot com dot au>
 To:  "Tom Valdes" <Tom dot Valdes at soa dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] uPNP in future versions? or how can I do this?
 Date:  Sun, 4 Sep 2005 09:15:59 +1000
Hi Tom,

> -----Original Message-----
> From: Tom Valdes [mailto:Tom dot Valdes at soa dot com] 
> Sent: Saturday, 3 September 2005 00:45
> Are there any plans to include uPNP in a future version?

God no!  UPnP is a security night-terror waiting to happen.  When a
hacker with an IQ in double digits starts to look at how reminiscent of
a sieve UPnP is, they will have a field day.  There is NO way to protect
a security device that implements UPnP.

> I am pretty sure I know the risks, but this is what I'm 
> trying to do, so what is the right way to do it?

If you knew the risks, you'd not be asking for this on a security
device.  So, the right way to do it is not to do it at all. 

> I have a game system that needs ports forwarded to it, but each game
> needs different ports.

Then forward the needed ports.

> I could put it in a DMZ, but I have a cable modem with one dynamic IP
> address, so I can't simply forward all ports for one address to the
> machine in the DMZ.
> From what I understand, I need uPNP.  Is there another way to do this?

With port forwards.



Hilton Travis                          Phone: +61 (0)7 3344 3889
(Brisbane, Australia)                  Phone: +61 (0)419 792 394
Manager, Quark IT                      http://www.quarkit.com.au
         Quark AudioVisual             http://www.quarkav.net

http://www.threatcode.com/ <-- its now time to shame poor coders 
into writing code that is acceptable for use on today's networks

War doesn't determine who is right.  War determines who is left.

This document and any attachments are for the intended recipient 
  only.  It may contain confidential, privileged or copyright 
     material which must not be disclosed or distributed.