Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # WAN network interface
- ext_ifname=eth0
- #ext_ifname=xl1
- # if the WAN interface has several IP addresses, you
- # can specify the one to use below
- #ext_ip=
- # LAN network interfaces IPs / networks
- # there can be multiple listening ips for SSDP traffic.
- # should be under the form nnn.nnn.nnn.nnn/nn
- # It can also be the network interface name (ie "eth0")
- # It if mandatory to use the network interface name to enable IPv6
- # HTTP is available on all interfaces.
- # When MULTIPLE_EXTERNAL_IP is enabled, the external ip
- # address associated with the subnet follows. for example :
- # listening_ip=192.168.0.1/24 88.22.44.13
- #listening_ip=192.168.0.1/24
- #listening_ip=10.5.0.0/16
- listening_ip=eth1
- # CAUTION: mixing up WAN and LAN interfaces may introduce security risks!
- # be sure to assign the correct interfaces to LAN and WAN and consider
- # implementing UPnP permission rules at the bottom of this configuration file
- # port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
- http_port=0
- # port for HTTPS. set to 0 for autoselect (default)
- https_port=0
- # path to the unix socket used to communicate with MiniSSDPd
- # If running, MiniSSDPd will manage M-SEARCH answering.
- # default is /var/run/minissdpd.sock
- #minissdpdsocket=/var/run/minissdpd.sock
- # enable NAT-PMP support (default is no)
- enable_natpmp=yes
- # enable UPNP support (default is yes)
- enable_upnp=yes
- # PCP :
- # configure minimal and maximal lifetime of the port mapping in seconds
- # 120s and 86400s (24h) are suggested values from PCP-base
- #min_lifetime=120
- #max_lifetime=86400
- # chain names for netfilter (not used for pf or ipf).
- # default is MINIUPNPD for both
- upnp_forward_chain=forwardUPnP
- upnp_nat_chain=UPnP
- # lease file location
- #lease_file=/var/log/upnp.leases
- # to enable the next few runtime options, see compile time
- # ENABLE_MANUFACTURER_INFO_CONFIGURATION (config.h)
- # name of this service, default is "`uname -s` router"
- #friendly_name=MiniUPnPd router
- # manufacturer name, default is "`uname -s`"
- #manufacturer_name=Manufacturer corp
- # manufacturer url, default is URL of OS verndor
- #manufacturer_url=http://miniupnp.free.fr/
- # model name, default is "`uname -s` router"
- #model_name=Router Model
- # model description, default is "`uname -s` router"
- #model_description=Very Secure Router - Model
- # model url, default is URL of OS vendor
- #model_url=http://miniupnp.free.fr/
- # bitrates reported by daemon in bits per second
- # by default miniupnpd tries to get WAN interface speed
- bitrate_up=1000000
- bitrate_down=10000000
- # "secure" mode : when enabled, UPnP client are allowed to add mappings only
- # to their IP.
- #secure_mode=yes
- secure_mode=no
- # default presentation url is http address on port 80
- # If set to an empty string, no presentationURL element will appear
- # in the XML description of the device, which prevents MS Windows
- # from displaying an icon in the "Network Connections" panel.
- #presentation_url=http://www.mylan/index.php
- # report system uptime instead of daemon uptime
- system_uptime=yes
- # notify interval in seconds. default is 30 seconds.
- #notify_interval=240
- notify_interval=60
- # unused rules cleaning.
- # never remove any rule before this threshold for the number
- # of redirections is exceeded. default to 20
- #clean_ruleset_threshold=10
- # clean process work interval in seconds. default to 0 (disabled).
- # a 600 seconds (10 minutes) interval makes sense
- clean_ruleset_interval=600
- # log packets in pf (default is no)
- #packet_log=no
- # anchor name in pf (default is miniupnpd)
- #anchor=miniupnpd
- # ALTQ queue in pf
- # filter rules must be used for this to be used.
- # compile with PF_ENABLE_FILTER_RULES (see config.h file)
- #queue=queue_name1
- # tag name in pf
- #tag=tag_name1
- # make filter rules in pf quick or not. default is yes
- # active when compiled with PF_ENABLE_FILTER_RULES (see config.h file)
- #quickrules=no
- # uuid : generate your own with "make genuuid"
- uuid=7bb81e67-dfc4-4864-b1e6-6da13a685982
- # serial and model number the daemon will report to clients
- # in its XML description
- #serial=12345678
- #model_number=1
- # UPnP permission rules
- # (allow|deny) (external port range) ip/mask (internal port range)
- # A port range is <min port>-<max port> or <port> if there is only
- # one port in the range.
- # ip/mask format must be nn.nn.nn.nn/nn
- # it is advised to only allow redirection of port above 1024
- # and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
- # The following default ruleset allows specific LAN side IP addresses
- # to request only ephemeral ports. it is recommended that users
- # modify the IP ranges to match their own internal networks, and
- # also consider implementing network-specific restrictions
- # CAUTION: failure to enforce any rules may permit insecure requests to be made!
- allow 1024-65535 192.168.0.0/24 1024-65535
- allow 1024-65535 192.168.1.0/24 1024-65535
- allow 1024-65535 192.168.0.0/23 22
- allow 12345 192.168.7.113/32 54321
- deny 0-65535 0.0.0.0/0 0-65535
- ETH0 = External (ip by ISP)
- ETH1 = Internal (ip by Server 192. )
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement