Hi, Most routers support port forwarding via UPnP IDG or/and NAT-PMP/PCP. And many vendors use the MiniUPnPd http://miniupnp.free.fr This daemon is kind of standard de-facto. This is necessary for any p2p application but OpenWrt builds don't have it pre-installed and pre-configured. While it's not so difficult to install, this is an additional step and still something that users must know. For example, I didn't know about it for about two years while already using OpenWrt. For many users this makes life after switching to OpenWrt worse than it was before because, for example, now their gaming console works slower. Even if someone will try to install it there is a risk to configure it incorrectly and expose WAN to LAN forwarding.
Could you include the MiniUPnPd into OpenWrt? There may be few concerns: 1. The UPnP IDG protocol has a very bad reputation. See "Universal Pwn n Play" talk. 2. The MiniUPnPd also had a security issue in 2014 when the WAN to LAN forwarding was enabled for NAT-PMP. 3. A disk space usage: I checked on OpenWrt with WR1043N (MIPS) and after installing the miniupnpd and it's dependency libcap-ng the disk size usage increased to 72Kb. The binary itself is 98565 bytes, in contrast with uhttpd 46212 and lighttpd 221413. Maybe for Tiny builds this may be too much. To make it smaller and easier for a code audit we may strip the UPnP and leave only NAT-PMP/PCP. See https://github.com/miniupnp/miniupnp/issues/545 In July 2014 there was two discussions about IPv6 firewall policy for direct connections: "OpenWRT IPv6 firewall" http://lists.openwrt.org/pipermail/openwrt-devel/2014-July/000763.html "IPv6 firewall and Port Control Protocol" http://lists.openwrt.org/pipermail/openwrt-devel/2014-July/000671.html The MiniUPnPd can solve the problem at least partially. See also: a forum discussion https://forum.openwrt.org/t/port-control-protocol-support/114411 Regards, Sergey _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel