ljm42 Posted January 4, 2020 Share Posted January 4, 2020 (edited) Plugin Name: UPnP Monitor. Install using Community Applications. Minimum Unraid version: 6.8.0 Source code: https://github.com/ljm42/unraid-upnp This plugin gives visibility into the UPnP activity on your network. It uses the upnpc client that ships with Unraid to contact the UPnP server running on your router to get a list of all the UPnP port forwards that have been setup on your network. You can review the list and take action (limited) if there are any that you do not expect to see. The plugin offers a debug mode if you would like to see the exact commands that it runs to get the data. I may remove this at some point. There is also a refresh button to get the latest data from the router without reloading the whole page. Notes / Caveats: The UPnP client is disabled by default in Unraid, you can enable it on the Settings -> Management Access page. Unless you do that, this plugin will not be useful. Note: In Unraid 6.8.0 you also need to have the WireGuard plugin installed in order to see the option to enable UPnP. Starting with 6.8.1 this is no longer necessary. Similarly, if you have disabled UPnP on your router then this plugin will not be useful. I only run IPV4, so it is possible that the plugin will not parse IPV6 addresses properly. If you notice any parsing problems, please PM me the output of the debug screen and I'll take a look. UPnP and Security Many people feel that UPnP is a security risk because it requires no authentication - any application on your network is able to forward a port through the router. On the flip side, it is super convenient If you are running UPnP on your network, you can take the following steps to take to reduce your risk (no warranty or guarantee is implied): Update your router's firmware. Older versions of UPnP had security issues so it is important to stay fairly current. In general, if your router isn't getting regular updates you should probably replace it. If your router has an option for "secure mode UPnP", enable it. This makes it so that a computer on your network can only forward a port to itself. Without this, any computer on the network can forward a port to any other computer, which is definitely a security concern. In some routers this may be enabled by default with no option to disable it. High-end routers like pfSense and OPNsense allow you to restrict which IP addresses are allowed to make UPnP calls to setup port forwards. You can use this to limit your risk by only allowing trusted computers to do this. Review the list of active UPnP port forwards so you are aware of how it is being used. Your router may or may not provide this functionality. That is the purpose of this plugin. Delete any UPnP port forwards you no longer want. This plugin assumes your router is running in "secure mode", so it will only let you delete port forwards that point at Unraid's main IP address. To delete port forwards that point to other IP addresses you would need to look for that option on your router. You may be able to delete them en masse by disabling/enabling UPnP on the router, or rebooting it. Of course, this will not prevent them from being created again in the future. For that you need a router that allows the restrictions mentioned in item 3 above, or simply disable UPnP on the router. Edited January 12, 2020 by ljm42 Quote Link to comment
Toobie Posted January 4, 2020 Share Posted January 4, 2020 Hi @ljm42 - thanks for the plugin. I wanted to test this but of course, as may a lot of users, my upnp client is disabled. The hint with the management page is good, but I dont have any upnp options in there?! Im using 6.8.0. Quote Link to comment
Squid Posted January 4, 2020 Share Posted January 4, 2020 8 minutes ago, Toobie said: Hi @ljm42 - thanks for the plugin. I wanted to test this but of course, as may a lot of users, my upnp client is disabled. The hint with the management page is good, but I dont have any upnp options in there?! Im using 6.8.0. The line shows up there if Dynamix Wireguard is installed Quote Link to comment
Toobie Posted January 4, 2020 Share Posted January 4, 2020 5 minutes ago, Squid said: The line shows up there if Dynamix Wireguard is installed A bit difficult or? But yes, worked. Thx. Quote Link to comment
ljm42 Posted January 4, 2020 Author Share Posted January 4, 2020 (edited) On 1/4/2020 at 2:40 PM, Squid said: The line shows up there if Dynamix Wireguard is installed On 1/4/2020 at 2:45 PM, Toobie said: A bit difficult or? But yes, worked. Thx. Ah, so upnpc is disabled by default and you need to install the Wireguard plugin to enable it. Interesting. I will update the OP. Thanks! Edit: Starting with Unraid 6.8.1, the Wireguard plugin is no longer required. Edited January 12, 2020 by ljm42 1 Quote Link to comment
AnnabellaRenee87 Posted April 14, 2021 Share Posted April 14, 2021 Not working for me for some reason, I'm on PFSense with UPnP turned on for the Servers IP. Here's the logs it generated. Command timeout 12 stdbuf -o0 upnpc -m br0 -l 2>&1 Status 0 Results upnpc : miniupnpc library test client, version 2.1. (c) 2005-2018 Thomas Bernard. Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/ for more information. List of UPNP devices found on the network : desc: http://10.0.0.2:8096/dlna/9b902c51-b640-4805-9413-713cac1323ab/description.xml st: urn:schemas-upnp-org:device:MediaServer:1 desc: http://10.0.0.2:8096/dlna/9b902c51-b640-4805-9413-713cac1323ab/description.xml st: uuid:9b902c51-b640-4805-9413-713cac1323ab desc: http://10.0.0.2:8096/dlna/9b902c51-b640-4805-9413-713cac1323ab/description.xml st: upnp:rootdevice desc: http://10.0.128.114:9080 st: upnp:rootdevice desc: http://10.0.128.123:9080 st: upnp:rootdevice desc: http://10.0.1.11:80/plugin/discovery/discovery.xml st: upnp:rootdevice desc: http://10.0.1.10:80/plugin/discovery/discovery.xml st: upnp:rootdevice desc: http://192.168.122.1:34400/device.xml st: upnp:rootdevice UPnP device found. Is it an IGD ? : http://10.0.0.2:8096/ Trying to continue anyway Local LAN ip address : unset GetConnectionTypeInfo failed. GetStatusInfo failed. GetLinkLayerMaxBitRates failed. GetExternalIPAddress failed. (errorcode=-3) i protocol exPort->inAddr:inPort description remoteHost leaseTime GetGenericPortMappingEntry() returned -3 (UnknownError) Determination ->gateway is [10.0.0.1] ->No IGD device found ->UPnP not available on this network. Quote Link to comment
ljm42 Posted March 20, 2023 Author Share Posted March 20, 2023 Hi folks, I haven't worked on this plugin in quite some time and I'm not sure when I'll get back to it. Currently it is non-functional in PHP 8 so I'm marking it as incompatible with 6.12. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.