# WAN network interfaceext_ifname=eth0#ext_ifname=xl1# if the WAN interfac

1. # WAN network interface
2. ext_ifname=eth0
3. #ext_ifname=xl1
4. # if the WAN interface has several IP addresses, you
5. # can specify the one to use below
6. #ext_ip=
7.  
8. # LAN network interfaces IPs / networks
9. # there can be multiple listening ips for SSDP traffic.
10. # should be under the form nnn.nnn.nnn.nnn/nn
11. # It can also be the network interface name (ie "eth0")
12. # It if mandatory to use the network interface name to enable IPv6
13. # HTTP is available on all interfaces.
14. # When MULTIPLE_EXTERNAL_IP is enabled, the external ip
15. # address associated with the subnet follows. for example :
16. # listening_ip=192.168.0.1/24 88.22.44.13
17. #listening_ip=192.168.0.1/24
18. #listening_ip=10.5.0.0/16
19. listening_ip=eth1
20. # CAUTION: mixing up WAN and LAN interfaces may introduce security risks!
21. # be sure to assign the correct interfaces to LAN and WAN and consider
22. # implementing UPnP permission rules at the bottom of this configuration file
23.  
24. # port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
25. http_port=0
26. # port for HTTPS. set to 0 for autoselect (default)
27. https_port=0
28.  
29. # path to the unix socket used to communicate with MiniSSDPd
30. # If running, MiniSSDPd will manage M-SEARCH answering.
31. # default is /var/run/minissdpd.sock
32. #minissdpdsocket=/var/run/minissdpd.sock
33.  
34. # enable NAT-PMP support (default is no)
35. enable_natpmp=yes
36.  
37. # enable UPNP support (default is yes)
38. enable_upnp=yes
39.  
40. # PCP :
41. # configure minimal and maximal lifetime of the port mapping in seconds
42. # 120s and 86400s (24h) are suggested values from PCP-base
43. #min_lifetime=120
44. #max_lifetime=86400
45.  
46. # chain names for netfilter (not used for pf or ipf).
47. # default is MINIUPNPD for both
48. upnp_forward_chain=forwardUPnP
49. upnp_nat_chain=UPnP
50.  
51. # lease file location
52. #lease_file=/var/log/upnp.leases
53.  
54. # to enable the next few runtime options, see compile time
55. # ENABLE_MANUFACTURER_INFO_CONFIGURATION (config.h)
56.  
57. # name of this service, default is "`uname -s` router"
58. #friendly_name=MiniUPnPd router
59.  
60. # manufacturer name, default is "`uname -s`"
61. #manufacturer_name=Manufacturer corp
62.  
63. # manufacturer url, default is URL of OS verndor
64. #manufacturer_url=http://miniupnp.free.fr/
65.  
66. # model name, default is "`uname -s` router"
67. #model_name=Router Model
68.  
69. # model description, default is "`uname -s` router"
70. #model_description=Very Secure Router - Model
71.  
72. # model url, default is URL of OS vendor
73. #model_url=http://miniupnp.free.fr/
74.  
75. # bitrates reported by daemon in bits per second
76. # by default miniupnpd tries to get WAN interface speed
77. bitrate_up=1000000
78. bitrate_down=10000000
79.  
80. # "secure" mode : when enabled, UPnP client are allowed to add mappings only
81. # to their IP.
82. #secure_mode=yes
83. secure_mode=no
84.  
85. # default presentation url is http address on port 80
86. # If set to an empty string, no presentationURL element will appear
87. # in the XML description of the device, which prevents MS Windows
88. # from displaying an icon in the "Network Connections" panel.
89. #presentation_url=http://www.mylan/index.php
90.  
91. # report system uptime instead of daemon uptime
92. system_uptime=yes
93.  
94. # notify interval in seconds. default is 30 seconds.
95. #notify_interval=240
96. notify_interval=60
97.  
98. # unused rules cleaning.
99. # never remove any rule before this threshold for the number
100. # of redirections is exceeded. default to 20
101. #clean_ruleset_threshold=10
102. # clean process work interval in seconds. default to 0 (disabled).
103. # a 600 seconds (10 minutes) interval makes sense
104. clean_ruleset_interval=600
105.  
106. # log packets in pf (default is no)
107. #packet_log=no
108.  
109. # anchor name in pf (default is miniupnpd)
110. #anchor=miniupnpd
111.  
112. # ALTQ queue in pf
113. # filter rules must be used for this to be used.
114. # compile with PF_ENABLE_FILTER_RULES (see config.h file)
115. #queue=queue_name1
116.  
117. # tag name in pf
118. #tag=tag_name1
119.  
120. # make filter rules in pf quick or not. default is yes
121. # active when compiled with PF_ENABLE_FILTER_RULES (see config.h file)
122. #quickrules=no
123.  
124. # uuid : generate your own with "make genuuid"
125. uuid=7bb81e67-dfc4-4864-b1e6-6da13a685982
126.  
127. # serial and model number the daemon will report to clients
128. # in its XML description
129. #serial=12345678
130. #model_number=1
131.  
132. # UPnP permission rules
133. # (allow|deny) (external port range) ip/mask (internal port range)
134. # A port range is <min port>-<max port> or <port> if there is only
135. # one port in the range.
136. # ip/mask format must be nn.nn.nn.nn/nn
137. # it is advised to only allow redirection of port above 1024
138. # and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
139. # The following default ruleset allows specific LAN side IP addresses
140. # to request only ephemeral ports. it is recommended that users
141. # modify the IP ranges to match their own internal networks, and
142. # also consider implementing network-specific restrictions
143. # CAUTION: failure to enforce any rules may permit insecure requests to be made!
144. allow 1024-65535 192.168.0.0/24 1024-65535
145. allow 1024-65535 192.168.1.0/24 1024-65535
146. allow 1024-65535 192.168.0.0/23 22
147. allow 12345 192.168.7.113/32 54321
148. deny 0-65535 0.0.0.0/0 0-65535
149.  
150. ETH0 = External (ip by ISP)
151. ETH1 = Internal (ip by Server 192. )