Router won't UPnP for WHS 2011 Remote Web Access

[ikon 438]

I can confirm that it's now working. Doesn't help when the certificate issuer screws it up.....

[Drashna Jaelre 156]

I have a bad history with GoDaddy.... 

I avoid them whenever I can. And that means paying for my own domain via eNom. 

 

But glad to hear that got sorted out.

[g725s 17]

I have a bad history with GoDaddy.... 

I avoid them whenever I can. And that means paying for my own domain via eNom. 

 

But glad to hear that got sorted out.

 

The FREE option from Windows Server through the setup wizard is with GoDaddy.  So you really don't have an option there if you want FREE and easy.  For my needs it is good enough for me right  now.

 

Now that the certificate is fixed I can click on RWA from the LaunchPad and it will launch the browser for RWA which I can now view from within my LAN, where I could not before.

 

I'm wondering if maybe this certificate problem was the cause of UPnP not working on my router in the first place.  Not that I need or want UPnP to work at this point.  But just curious.

Edited January 22, 2015 by g725s

[ikon 438]

Probably, but I concur that there's no need to enable UPnP. Friends don't let friends UPnP

[g725s 17]

Probably, but I concur that there's no need to enable UPnP. Friends don't let friends UPnP

 

Yes, I appreciate the heads up on that one, thanks to you guys.  I won't be enabling UPnP.

 

But this router is somewhat state-of-the-art, you would think the UPnP would work without problem.  I did flash it with the latest Merlin firmware but that only adds more features and would not affect UPnP.

[ikon 438]

If you mean that UPnP should function; i.e. work the way it's supposed to, then yes, it should. Not that we want it to

 

If you mean the router is advanced enough that UPnP should work without security risks, then no, the router really can't do that. The problem is that malware gets into the inside of your network, usually by a computer browsing to a bad web site, then it just does what any other legitimate app does to configure UPnP, except it opens ports for nefarious purposes.

[Drashna Jaelre 156]

Yes, I appreciate the heads up on that one, thanks to you guys.  I won't be enabling UPnP.

 

But this router is somewhat state-of-the-art, you would think the UPnP would work without problem.  I did flash it with the latest Merlin firmware but that only adds more features and would not affect UPnP.

UPnP works great.

 

I mean, once a computer gets infected with a botnet virus, it's super easy for it to open ports (such as file sharing, or for RAT tools) and allow outside access to your system. With no prompts or notifications. All silently, and without your knowledge. Unless you're OCD and check the UPNP entries all the time.

 

 

That's why you should disable UPNP. Always. In fact, I'm glad that pfsense, untangled and sophos don't support UPNP at all.

 

 

 

 

The FREE option from Windows Server through the setup wizard is with GoDaddy.  So you really don't have an option there if you want FREE and easy.  For my needs it is good enough for me right  now.

 

Now that the certificate is fixed I can click on RWA from the LaunchPad and it will launch the browser for RWA which I can now view from within my LAN, where I could not before.

 

I'm wondering if maybe this certificate problem was the cause of UPnP not working on my router in the first place.  Not that I need or want UPnP to work at this point.  But just curious.

Yup, I know. That's why I opted to pay for the eNom option over the free option.

It may cost me per year, but it's worth paying that to be free of GoDaddy. IMO.

[g725s 17]

UPnP works great.

 

I mean, once a computer gets infected with a botnet virus, it's super easy for it to open ports (such as file sharing, or for RAT tools) and allow outside access to your system. With no prompts or notifications. All silently, and without your knowledge. Unless you're OCD and check the UPNP entries all the time.

 

 

That's why you should disable UPNP. Always. In fact, I'm glad that pfsense, untangled and sophos don't support UPNP at all.

 

 

 

 

 

 

Could you enable UPnP just for setting up a device, and then disable it after you've setup the device?  Could a Botnet Virus make changes that would not be visible?

Edited January 23, 2015 by g725s

[ikon 438]

Could you enable UPnP just for setting up a device, and then disable it after you've setup the device?  Could a Botnet Virus make changes that would not be visible?

 

No, it couldn't. As long as you check the port forward settings on your router, and you can account for each one as something you need, you're good.

 

I haven't tried this, but one thing you might be able to do is disconnect the router from the Internet while running the wizard. It might not work though, if the wizard insists on talking to the Internet while it's configuring things. Still, it might get far enough to configure the UPnP ports before complaining. All in all though, I think it's just as easy to set up the ports manually.

[Poppapete 104]

I tried that with an RT-N66U. It didn't work for me.  The upside was that I had had plenty of practice at manual port forwarding which stood me in good stead when I moved to UT and Sophos which for good reason do not allow UPnP.