Closed GoogleCodeExporter closed 9 years ago
Hello!
Please look at syslog )) You've answered at your question yourself )
UPnPd (http://en.wikipedia.org/wiki/Upnp) is a daemon which which is able to
open ports to WAN if any application requests this option. For example, when
you use skype, any media applications in your network, play games etc.
Of course you can disable this option as it is not very safe to use it.
Follow this page http://my.router/Advanced_WAN_Content.asp, there is 'Enable
NAT-UPnP?' option. Choose 'No' and apply. That's it ;)
Original comment by d...@soulblader.com
on 29 Dec 2011 at 4:08
Thank You for your replay.
Disabling NAT-UPNP will make transmission remote gui not connecting to my
router from WAN right ? and that's not what i want ;). Any other sugesstions ?.
I have looked in my laptop which process is using that port and it turns out
that it's svchost (netsvcs). Don't know why it's doing that.
Last thing, can you tell me correct iptables command to disable that ports from
ssh ??
Original comment by zboq2...@gmail.com
on 29 Dec 2011 at 5:24
There is another way to set Transmission "visible" from WAN. Follow this link
http://my.router/Advanced_VirtualServer_Content.asp
first, enable port forwarding if it is not enabled/
Then write a rule below:
serv. name port range local ip local port protocol
-------------------------------------------------------------------
can_be_any 9091 your_router_ip(local) 9091 TCP
This works only in p6 firmware. Please, see wiki page for details.
svchost - I suppose you're using windows os. This service searches for network
devices such as local printers, scanners, media servers and so on. Windows is
always asking for name of device via netbios. I don't know really, but I think
you can't disable this service on win.
I'm sorry, where do you want to disable ssh? It we are talking about router,
then I'm sure it is absolutely safe to use ssh in your local network. By
default, the port is opened to local network only. If you'll try to connect to
device from internet, router will drop these packets. So, normally ssh uses 22
port or sometimes 2222, telnet 23 (telnet is non-safe application!!). If you'd
like to disable it at all follow to System settings
(http://my.router/Advanced_System_Content.asp) set it to off, and apply.
Original comment by d...@soulblader.com
on 29 Dec 2011 at 5:56
about ssh, maybe i have written it incorectly. I wanted to use ssh in my local
network to login to router and that using it disable those ports with iptables
command.
Question: In wiki You wrote that to use transmission from WAN we need to enable
NAT-UPNP and later add a rule to forward transmission port to router and also
change the S10iptables because forwarding ports to router is disabled by
deafult. Above You wrote that I don't need to enable NAT-UPNP so which one is
it ??
Original comment by zboq2...@gmail.com
on 29 Dec 2011 at 6:34
I'm sorry, it was written for p2 then I adited it a little.
I wrote -
to enable nat upnp - I think it's easier for people who never worked on Linux
to enable smth. in web iface, that write any iptables rules.
then it is written to edit /opt/etc/init.d/S10iptables, a bug was found that
router couldn't forward ports in virtual server to itself. It was fixed in p6.
Now there is no need to use this script for transmission, but it still exists
for some special needs...
So actually, I need to update wikis, but I completely have no time to do that.
Sorry =/
It will be updated next week on new year's weekend...
Please sorry my English.. I think I haven't got it again. Do you want to use
some service (ssh) and close port to this service by iptables? But it will be
impossible to use this service for you too as port is closed. You know, if
you've got strong password (more than 8 chars. with smth. like !, #<>?&. I mean
some special chars, don't worry access will be denied to everyone who wants to
practice in hacking.
Original comment by d...@soulblader.com
on 29 Dec 2011 at 7:59
Ok, I get it now with the iptables and web interface. Actually i did port
forwarding in both web interface and iptables so i think i'm gonna remove it
from s10iptables script ;-).
About ssh......, I have written in the first post that i have tcp and udp ports
forwarded do my local computer (192.168.1.104.49394). All i wanted to do is
login to router using ssh and disable that forwarding. I tried to do that using
rule similar to the one i S10iptables:
iptables -D FORWARD -p tcp --destination-port 49394 -j ACCEPT
but it doesn't work (says someting that there is no port like that forwarded or
there is some mistake in the rule). So to be clear, I didn't want to close ssh
port obiously, I wanted to use ssh to close ports opened by upnpd :). I hope i
have explained it enough.
Btw. Thanks for work your doing with this router. I had a lot of problems with
mine from the day i bought it. I was even thinking about returning it, but now
it works flawlessly with your firmware :D. One think though, can i watch
something using upnp on my tv that is seeding in transmission at the same time
??. Yesterday i had a serious crash of the router after doing that. Internet
was working but i coudn't get to it using ssh or web gui and upnp also stopped
working after that. I had to power off and on to get it working again. But
thats maybe not should be asked in this thread. Sorry for that.
Original comment by zboq2...@gmail.com
on 29 Dec 2011 at 8:54
Hello! Ok, I see now, thank you! Yes if you want manage transmission downloads
from the internet, there is no need to use S10iptables. If you have already
added to script some rules, you should remove them, or just comment them with
'#'.
If you give this rule to iptables most likely it will return an error message.
There is a service on your Windows host, which similar to upnpd in router.
Router allocates a dynamic port. I think you shouldn't close it. Windows OS
updates its firewall such way. It also uses netbios to find network devices and
asks a found device name. I think you should check microsoft documentation to
be sure it is safe.
Yes, there you can watch iptv when transmission is running. I'm afraid I can't
give you the exact settings, but IGMP snooping should be set to 'On', Hardware
nat - 'On'.
(check here - http://192.168.130.254/Main_IPTStatus_Content.asp its status).
If you a device which process stream flow can't deal with UDP, then you should
activate proxy service on router.
follow here http://192.168.130.254/Advanced_IPTV_Content.asp (i'm on p7 now)
enable this option - 'Enable multicast routing?'
then set 'IPTV UDP Multicast в HTTP Proxy порт.' to 4022 for example.
I'll try to do wiki help page for this.
Best wishes! ;)
Original comment by d...@soulblader.com
on 30 Dec 2011 at 1:23
Hello!
In the begining i would like to thank you for all your replies to my
problem.
Since this issues status is done and i don't want to start a new one i'm
writing directly to your email.
Yestarday, i had partial crash of the router again. There was the same
problem after using dlna. I was unable to login through ssh, web and i
didn't have access to hdd connected to it. But internet worked though.
Since i can't connect to router at this point, I can't do any diagnostic
and don't know what is cousing that. The only way to get router back to
normal is power off and on and after that it works fine.
Is there a way to look through general log after restart to see if there is
something that may help ??
btw, i'm still at p6 firmware ;).
Original comment by zboq2...@gmail.com
on 5 Jan 2012 at 10:45
Original issue reported on code.google.com by
zboq2...@gmail.com
on 29 Dec 2011 at 11:17