1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

UPnP vs. NAT-PMP

Discussion in 'Tomato Firmware' started by landa, Nov 30, 2009.

  1. landa

    landa LI Guru Member

    What is the difference between them? Which is better to activate in Tomato?

    Thanks!
     
  2. bripab007

    bripab007 Network Guru Member

    The miniupnpd daemon built into Tomato supports both, so it'll use whichever one the client piece (e.g. chat client, bit torrent client, Xbox 360, etc.) tries to use. It's been my experience that NAT-PMP protocol is the better of the two because it seems to clean up old port openings better and also just works better in my home Mac environment (NAT-PMP protocol was partially written by or started by Apple).
     
  3. karogyoker

    karogyoker Addicted to LI Member

  4. Azuse

    Azuse LI Guru Member

    Oh ffs. Upnp is not security risk and never has been. What those people you find running around touting it as such conveniently forget to mention are two very simple things. For upnp to be abused the commands must come from the lan thus the security issue is not upnp, but the virus/twit who allowed outside access on their pc. Secondly home routers firewalls allow all outbound connections by default meaning that once the network has been compromised there's no need to use upnp to talk to the outside world.

    If you're worried about security use the raf mod with secure mode enable (only allow port forwards to the device that requests them) but really, tomato's upnp is deliberately limited. The developers aren't daft, unlike the Microsoft ones that though it'd be smart to write a protocol for automatically reconfiguring an entire network without authentication or any way for the user to know what parts of the protocol their device supports.
     
  5. mstombs

    mstombs Network Guru Member

    Fully agree with you Azuse.

    The only issue that has ever been confirmed was in the UK with the BT home-hub, which had a full upnp implementation for auto configuration. Pretty large installed base - but I believe the specific backdoor fixed pretty quickly.

    I don't think any Tomato upnp has been that 'feature rich', but I also bet there's a lot of folk out there whose routers still have the "cross-site scripting vulnerability" - if you are logged into the router GUI in one window a script from a website in another could configure anything on your router for you!

    I think Intel were the ones behind the original upnp...
     
  6. Toastman

    Toastman Super Moderator Staff Member Member

    Just enable both - some applications such as uTorrent can use NAT-PMP, along with any Apple devices. The rest will use UPnP. No problem...
     

Share This Page