Advertisement
Guest User

Untitled

a guest
Mar 1st, 2015
771
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.02 KB | None | 0 0
  1. # WAN network interface
  2. ext_ifname=eth0
  3. #ext_ifname=xl1
  4. # if the WAN interface has several IP addresses, you
  5. # can specify the one to use below
  6. #ext_ip=
  7.  
  8. # LAN network interfaces IPs / networks
  9. # there can be multiple listening ips for SSDP traffic.
  10. # should be under the form nnn.nnn.nnn.nnn/nn
  11. # It can also be the network interface name (ie "eth0")
  12. # It if mandatory to use the network interface name to enable IPv6
  13. # HTTP is available on all interfaces.
  14. # When MULTIPLE_EXTERNAL_IP is enabled, the external ip
  15. # address associated with the subnet follows. for example :
  16. # listening_ip=192.168.0.1/24 88.22.44.13
  17. #listening_ip=192.168.0.1/24
  18. #listening_ip=10.5.0.0/16
  19. listening_ip=eth1
  20. # CAUTION: mixing up WAN and LAN interfaces may introduce security risks!
  21. # be sure to assign the correct interfaces to LAN and WAN and consider
  22. # implementing UPnP permission rules at the bottom of this configuration file
  23.  
  24. # port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
  25. http_port=0
  26. # port for HTTPS. set to 0 for autoselect (default)
  27. https_port=0
  28.  
  29. # path to the unix socket used to communicate with MiniSSDPd
  30. # If running, MiniSSDPd will manage M-SEARCH answering.
  31. # default is /var/run/minissdpd.sock
  32. #minissdpdsocket=/var/run/minissdpd.sock
  33.  
  34. # enable NAT-PMP support (default is no)
  35. enable_natpmp=yes
  36.  
  37. # enable UPNP support (default is yes)
  38. enable_upnp=yes
  39.  
  40. # PCP :
  41. # configure minimal and maximal lifetime of the port mapping in seconds
  42. # 120s and 86400s (24h) are suggested values from PCP-base
  43. #min_lifetime=120
  44. #max_lifetime=86400
  45.  
  46. # chain names for netfilter (not used for pf or ipf).
  47. # default is MINIUPNPD for both
  48. upnp_forward_chain=forwardUPnP
  49. upnp_nat_chain=UPnP
  50.  
  51. # lease file location
  52. #lease_file=/var/log/upnp.leases
  53.  
  54. # to enable the next few runtime options, see compile time
  55. # ENABLE_MANUFACTURER_INFO_CONFIGURATION (config.h)
  56.  
  57. # name of this service, default is "`uname -s` router"
  58. #friendly_name=MiniUPnPd router
  59.  
  60. # manufacturer name, default is "`uname -s`"
  61. #manufacturer_name=Manufacturer corp
  62.  
  63. # manufacturer url, default is URL of OS verndor
  64. #manufacturer_url=http://miniupnp.free.fr/
  65.  
  66. # model name, default is "`uname -s` router"
  67. #model_name=Router Model
  68.  
  69. # model description, default is "`uname -s` router"
  70. #model_description=Very Secure Router - Model
  71.  
  72. # model url, default is URL of OS vendor
  73. #model_url=http://miniupnp.free.fr/
  74.  
  75. # bitrates reported by daemon in bits per second
  76. # by default miniupnpd tries to get WAN interface speed
  77. bitrate_up=1000000
  78. bitrate_down=10000000
  79.  
  80. # "secure" mode : when enabled, UPnP client are allowed to add mappings only
  81. # to their IP.
  82. #secure_mode=yes
  83. secure_mode=no
  84.  
  85. # default presentation url is http address on port 80
  86. # If set to an empty string, no presentationURL element will appear
  87. # in the XML description of the device, which prevents MS Windows
  88. # from displaying an icon in the "Network Connections" panel.
  89. #presentation_url=http://www.mylan/index.php
  90.  
  91. # report system uptime instead of daemon uptime
  92. system_uptime=yes
  93.  
  94. # notify interval in seconds. default is 30 seconds.
  95. #notify_interval=240
  96. notify_interval=60
  97.  
  98. # unused rules cleaning.
  99. # never remove any rule before this threshold for the number
  100. # of redirections is exceeded. default to 20
  101. #clean_ruleset_threshold=10
  102. # clean process work interval in seconds. default to 0 (disabled).
  103. # a 600 seconds (10 minutes) interval makes sense
  104. clean_ruleset_interval=600
  105.  
  106. # log packets in pf (default is no)
  107. #packet_log=no
  108.  
  109. # anchor name in pf (default is miniupnpd)
  110. #anchor=miniupnpd
  111.  
  112. # ALTQ queue in pf
  113. # filter rules must be used for this to be used.
  114. # compile with PF_ENABLE_FILTER_RULES (see config.h file)
  115. #queue=queue_name1
  116.  
  117. # tag name in pf
  118. #tag=tag_name1
  119.  
  120. # make filter rules in pf quick or not. default is yes
  121. # active when compiled with PF_ENABLE_FILTER_RULES (see config.h file)
  122. #quickrules=no
  123.  
  124. # uuid : generate your own with "make genuuid"
  125. uuid=7bb81e67-dfc4-4864-b1e6-6da13a685982
  126.  
  127. # serial and model number the daemon will report to clients
  128. # in its XML description
  129. #serial=12345678
  130. #model_number=1
  131.  
  132. # UPnP permission rules
  133. # (allow|deny) (external port range) ip/mask (internal port range)
  134. # A port range is <min port>-<max port> or <port> if there is only
  135. # one port in the range.
  136. # ip/mask format must be nn.nn.nn.nn/nn
  137. # it is advised to only allow redirection of port above 1024
  138. # and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
  139. # The following default ruleset allows specific LAN side IP addresses
  140. # to request only ephemeral ports. it is recommended that users
  141. # modify the IP ranges to match their own internal networks, and
  142. # also consider implementing network-specific restrictions
  143. # CAUTION: failure to enforce any rules may permit insecure requests to be made!
  144. allow 1024-65535 192.168.0.0/24 1024-65535
  145. allow 1024-65535 192.168.1.0/24 1024-65535
  146. allow 1024-65535 192.168.0.0/23 22
  147. allow 12345 192.168.7.113/32 54321
  148. deny 0-65535 0.0.0.0/0 0-65535
  149.  
  150. ETH0 = External (ip by ISP)
  151. ETH1 = Internal (ip by Server 192. )
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement