Enabling UPnP in Firewall of Ubuntu 9.10

Ioannis Vranos cppdeveloper at ontelecoms.gr
Mon Nov 9 23:07:28 UTC 2009 

On Mon, 2009-11-09 at 21:41 +0100, Nils Kassube wrote:
> Ioannis Vranos wrote:
> > OS: Ubuntu 9.10 x64.
> > Ubuntu comes with its firewall.
> 
> You mean ufw, right? Although it is installed by default it isn't 
> enabled by default. Did you enable it? If yes, how?


I have installed Firestarter.


> 
> > My router has also a firewall and it supports UPnP.
> 
> It is probably a NAT router and you can use UPnP to open specific ports 
> or port ranges by your applications. But that has nothing to do with the 
> router's firewall (whatever that may be).
> 
> > Some Ubuntu applications like Transmission, Pidgin, etc. support
> >  UPnP.
> > How may I make the Ubuntu's firewall support UPnP?
> 
> Can you explain why you think you need to enable UPnP on the Ubuntu 
> machine? Is something not working? Although UPnP may be useful for the 
> router it isn't useful for your Ubuntu machine, IMHO. BTW: I have 
> disabled UPnP on my router but ktorrent works nonetheless without a 
> problem.

Well, for Bittorrent, without UPnP support of Ubuntu's firewall, I have
created port forwarding rules in my NAT router, and I have opened the
equivalent ports in Ubuntu's firewall.


However I am also connecting to MSN service, and I suspect that it may
not work properly in all situations.


In addition, from a security perspective, I think random UPnP ports are
better, than continuous port forwarding (open ports) in my router.



> 
> Your application opens the necessary ports when you start it. Unless you 
> have blocked the ports with the firewall, they can be used from your 
> machine to the router. Now if you have blocked them, just don't do it. 
> If you are behind a NAT router, the firewall will only protect from 
> other machines on your LAN. If there are only your own trusted machines 
> you don't need the firewall on your Ubuntu machine because your machine 
> isn't reachable from the outside anyway, due to your router's NAT.


At first the router is not much safe, the ISP upgrades its firmware,
even with the firewall on.


Secondly, routers have also security bugs, and a second firewall on each
machine in a LAN is not a bad idea.



Regards,


-- 
Ioannis Vranos

C95 / C++03 Software Developer

http://www.cpp-software.net

More information about the ubuntu-users mailing list