Uncomplicated Firewall (UFW) and UPNP
Is it feasible to set up UFW to permit UPNP in between computer systems in the residence network?
Every little thing functions if I switch off the firewall. I can see in syslog the firewall is obstructing me. I've attempted all type of pointers around like open 1900, 1901, 5353, these all felt like arbitrary efforts. I recognize the concern is UPNP demands an arbitrary port and also UFW is merely obstructing it.
You appear to be near the solution. The most convenient point to do is to momentarily switch off the firewall allow your media boxes compete a number of mins and afterwards examine the result from lsof
lsof -i :1025-9999 +c 15
The - i checklists "files" representing an open port, make use of - i4 to limit to IPv4 just. The number checklist limits this to a checklist of port numbers - miss it off if you desire every little thing. The+c little bit simply offers you extra meaningfull command names related to the ports
netstat -lptu --numeric-ports
This details every one of the energetic ports in addition to their method and also source/target address.
With this details, you can construct a manuscript to set ufw appropriately. Below is my manuscript using instance:
#!/bin/sh # Set up local firewall using ufw (default install on Ubuntu) # @see /etc/services for port names # obtain server's IP address SERVERIP=192.168.1.181 # Local Network LAN="192.168.0.0/255.255.0.0" # disable firewall ufw disable # reset all firewall rules ufw reset # set default rules: deny all incoming traffic, allow all outgoing traffic #ufw default allow incoming ufw default deny incoming ufw default allow outgoing # open port for SSH ufw allow OpenSSH # open port for Webmin ufw allow webmin # open ports for Samba file sharing ufw allow from $LAN to $SERVERIP app Samba ufw allow to $LAN from $SERVERIP app Samba #ufw allow from $LAN to $SERVERIP 137/udp # NetBIOS Name Service #ufw allow from $LAN to $SERVERIP 138/udp # NetBIOS Datagram Service #ufw allow from $LAN to $SERVERIP 139/tcp # NetBIOS Session Service #ufw allow from $LAN to $SERVERIP 445/tcp # Microsoft Directory Service # open ports for Transmission-Daemon ufw allow 9091 ufw allow 20500:20599/tcp ufw allow 20500:20599/udp # Mediatomb ## upnp service discovery ufw allow 1900/udp ## Mediatomb management web i/f ufw allow 49152 # Plex Media Server ## Manage ufw allow 32400 # open port for MySQL ufw allow proto tcp from $LAN to any port 3306 # open ports for web services ufw allow 80 ufw allow 443 ufw allow 8000:9999/tcp ufw allow 8000:9999/udp # Deny FTP ufw deny 21/tcp # Webmin/usermin allow ufw allow webmin ufw allow 20000 # open port for network time protocol (ntpd) ufw allow ntp # Allow Firefly (DAAP) ufw allow 3689 # enable firewall ufw enable # list all firewall rules ufw status verbose
You need to have the ability to see from the Mediatomb area that uPNP is working with the typical port 1900 over UDP (not TCP) and also is open in both instructions, this is the major port for you. Yet you can additionally see that there are countless various other ports needed for details solutions.