Uncomplicated Firewall (UFW) and UPNP

Is it feasible to set up UFW to permit UPNP in between computer systems in the residence network?

Every little thing functions if I switch off the firewall. I can see in syslog the firewall is obstructing me. I've attempted all type of pointers around like open 1900, 1901, 5353, these all felt like arbitrary efforts. I recognize the concern is UPNP demands an arbitrary port and also UFW is merely obstructing it.

2022-06-07 14:41:02
You appear to be near the solution. The most convenient point to do is to momentarily switch off the firewall allow your media boxes compete a number of mins and afterwards examine the result from lsof

lsof -i :1025-9999 +c 15

The - i checklists "files" representing an open port, make use of - i4 to limit to IPv4 just. The number checklist limits this to a checklist of port numbers - miss it off if you desire every little thing. The+c little bit simply offers you extra meaningfull command names related to the ports

netstat -lptu --numeric-ports

This details every one of the energetic ports in addition to their method and also source/target address.

With this details, you can construct a manuscript to set ufw appropriately. Below is my manuscript using instance:


# Set up local firewall using ufw (default install on Ubuntu)
# @see /etc/services for port names

# obtain server's IP address

# Local Network

# disable firewall
ufw disable

# reset all firewall rules
ufw reset

# set default rules: deny all incoming traffic, allow all outgoing traffic
#ufw default allow incoming
ufw default deny incoming
ufw default allow outgoing

# open port for SSH
ufw allow OpenSSH

# open port for Webmin
ufw allow webmin

# open ports for Samba file sharing
ufw allow from $LAN to   $SERVERIP app Samba
ufw allow to   $LAN from $SERVERIP app Samba

#ufw allow from $LAN to $SERVERIP 137/udp # NetBIOS Name Service
#ufw allow from $LAN to $SERVERIP 138/udp # NetBIOS Datagram Service
#ufw allow from $LAN to $SERVERIP 139/tcp # NetBIOS Session Service
#ufw allow from $LAN to $SERVERIP 445/tcp # Microsoft Directory Service

# open ports for Transmission-Daemon
ufw allow 9091
ufw allow 20500:20599/tcp
ufw allow 20500:20599/udp

# Mediatomb
## upnp service discovery
ufw allow 1900/udp
## Mediatomb management web i/f
ufw allow 49152

# Plex Media Server
## Manage
ufw allow 32400

# open port for MySQL
ufw allow proto tcp from $LAN to any port 3306

# open ports for web services
ufw allow 80
ufw allow 443
ufw allow 8000:9999/tcp
ufw allow 8000:9999/udp

# Deny FTP
ufw deny 21/tcp

# Webmin/usermin allow
ufw allow webmin
ufw allow 20000

# open port for network time protocol (ntpd)
ufw allow ntp

# Allow Firefly (DAAP)
ufw allow 3689

# enable firewall
ufw enable

# list all firewall rules
ufw status verbose

You need to have the ability to see from the Mediatomb area that uPNP is working with the typical port 1900 over UDP (not TCP) and also is open in both instructions, this is the major port for you. Yet you can additionally see that there are countless various other ports needed for details solutions.

2022-06-07 15:11:34