Jump to content
RESET Forums (homeservershow.com)

Router won't UPnP for WHS 2011 Remote Web Access

g725s

By g725s,
in Remote Access

 Share Followers 0

Recommended Posts

  • Replies 143
  • Created
  • Last Reply

Top Posters In This Topic

  • g725s

    46

  • ikon

    45

  • jmwills

    28

  • oj88

    13

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Drashna Jaelre

4125 isn't needed .... despite what people may say.   As for port 80, I have Cox as well. They DEFINITELY block port 80 by default. You can get around this by buying the business package...... And

ikon

Yes, WPA2 Personal + AES -> that's the ticket.   And, yes, use https://. It's more secure. Gradually, web sites are migrating to https anyway. Http is just too vulnerable.

ikon

My feeling is that, today, everyone should use https everywhere they can.

Drashna Jaelre

Drashna Jaelre 159

Posted
Posted

I have a bad history with GoDaddy.... 

I avoid them whenever I can. And that means paying for my own domain via eNom. 

 

But glad to hear that got sorted out.

Link to post
Share on other sites
g725s

g725s 18

Posted
  • Author
Posted (edited)

I have a bad history with GoDaddy.... 

I avoid them whenever I can. And that means paying for my own domain via eNom. 

 

But glad to hear that got sorted out.

 

The FREE option from Windows Server through the setup wizard is with GoDaddy.  So you really don't have an option there if you want FREE and easy.  For my needs it is good enough for me right  now.

 

Now that the certificate is fixed I can click on RWA from the LaunchPad and it will launch the browser for RWA which I can now view from within my LAN, where I could not before.

 

I'm wondering if maybe this certificate problem was the cause of UPnP not working on my router in the first place.  Not that I need or want UPnP to work at this point.  But just curious.

Edited by g725s
Link to post
Share on other sites
g725s

g725s 18

Posted
  • Author
Posted

Probably, but I concur that there's no need to enable UPnP. Friends don't let friends UPnP ;)

 

Yes, I appreciate the heads up on that one, thanks to you guys.  I won't be enabling UPnP.

 

But this router is somewhat state-of-the-art, you would think the UPnP would work without problem.  I did flash it with the latest Merlin firmware but that only adds more features and would not affect UPnP.

Link to post
Share on other sites
ikon

ikon 439

Posted
Posted

If you mean that UPnP should function; i.e. work the way it's supposed to, then yes, it should. Not that we want it to ;)

 

If you mean the router is advanced enough that UPnP should work without security risks, then no, the router really can't do that. The problem is that malware gets into the inside of your network, usually by a computer browsing to a bad web site, then it just does what any other legitimate app does to configure UPnP, except it opens ports for nefarious purposes.

Link to post
Share on other sites
Drashna Jaelre

Drashna Jaelre 159

Posted
Posted

Yes, I appreciate the heads up on that one, thanks to you guys.  I won't be enabling UPnP.

 

But this router is somewhat state-of-the-art, you would think the UPnP would work without problem.  I did flash it with the latest Merlin firmware but that only adds more features and would not affect UPnP.

UPnP works great.

 

I mean, once a computer gets infected with a botnet virus, it's super easy for it to open ports (such as file sharing, or for RAT tools) and allow outside access to your system. With no prompts or notifications. All silently, and without your knowledge. Unless you're OCD and check the UPNP entries all the time.

 

 

That's why you should disable UPNP. Always. In fact, I'm glad that pfsense, untangled and sophos don't support UPNP at all.

 

 

 

 

The FREE option from Windows Server through the setup wizard is with GoDaddy.  So you really don't have an option there if you want FREE and easy.  For my needs it is good enough for me right  now.

 

Now that the certificate is fixed I can click on RWA from the LaunchPad and it will launch the browser for RWA which I can now view from within my LAN, where I could not before.

 

I'm wondering if maybe this certificate problem was the cause of UPnP not working on my router in the first place.  Not that I need or want UPnP to work at this point.  But just curious.

Yup, I know. That's why I opted to pay for the eNom option over the free option.

It may cost me per year, but it's worth paying that to be free of GoDaddy. IMO.

Link to post
Share on other sites
g725s

g725s 18

Posted
  • Author
Posted (edited)

UPnP works great.

 

I mean, once a computer gets infected with a botnet virus, it's super easy for it to open ports (such as file sharing, or for RAT tools) and allow outside access to your system. With no prompts or notifications. All silently, and without your knowledge. Unless you're OCD and check the UPNP entries all the time.

 

 

That's why you should disable UPNP. Always. In fact, I'm glad that pfsense, untangled and sophos don't support UPNP at all.

 

 

 

 

 

 

Could you enable UPnP just for setting up a device, and then disable it after you've setup the device?  Could a Botnet Virus make changes that would not be visible?

Edited by g725s
Link to post
Share on other sites
ikon

ikon 439

Posted
Posted

Could you enable UPnP just for setting up a device, and then disable it after you've setup the device?  Could a Botnet Virus make changes that would not be visible?

 

No, it couldn't. As long as you check the port forward settings on your router, and you can account for each one as something you need, you're good.

 

I haven't tried this, but one thing you might be able to do is disconnect the router from the Internet while running the wizard. It might not work though, if the wizard insists on talking to the Internet while it's configuring things. Still, it might get far enough to configure the UPnP ports before complaining. All in all though, I think it's just as easy to set up the ports manually.

Link to post
Share on other sites
Poppapete

Poppapete 104

Posted
Posted

I tried that with an RT-N66U. It didn't work for me.  The upside was that I had had plenty of practice at manual port forwarding which stood me in good stead when I moved to UT and Sophos which for good reason do not allow UPnP.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Followers 0
Go to topic listing
×
×
  • Create New...