Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire.

Please join in and help us improving it!


You need to use pakfire and install miniupnpd either via the web interface or via 'pakfire install miniupnpd'

There is no graphical configuration for miniupnpd, it's all done via configuration file.

Edit /etc/miniupnpd/miniupnpd.conf . This is what mine looks like. I've included my comments.

LAN network interfaces IPs / networks

there can be multiple listening ips for SSDP traffic.

should be under the form nnn.nnn.nnn.nnn/nn

HTTP is available on all interfaces

port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.


chain names for netfilter (not used for pf or ipf).

(Don't change these, otherwise you'll have to change some iptables code)


bitrates reported by daemon in bits per second

enable NAT-PMP support (default is no)

(I use NAT-PMP and UPNP, enable what you would like to use.)


enable UPNP support (default is yes)

(I use NAT-PMP and UPNP, enable what you would like to use.)


"secure" mode : when enabled, UPnP client are allowed to add mappings only

to their IP.

(I've always left this alone)


report system uptime instead of daemon uptime


notify interval in seconds. default is 30 seconds.


unused rules cleaning.

never remove any rule before this threshold for the number

of redirections is exceeded. default to 20


clean process work interval in seconds. default to 0 (disabled).

a 600 seconds (10 minutes) interval makes sense


serial and model number the daemon will report to clients

in its XML description


UPnP permission rules

(allow|deny) (external port range) ip/mask (internal port range)

A port range is - or if there is only

one port in the range.

ip/mask format must be nn.nn.nn.nn/nn

it is advised to only allow redirection of port above 1024

and to finish the rule set with "deny 0-65535 0-65535"

allow 0-65535 0-65535

(You need to allow clients access. In my case I have one system I'm denying

access and then allowing everyone else)

deny 0-65535 0-65535
allow 1024-65535 1024-65535

After updating the miniupnpd config file start the service by using the Web Interface -> Status -> Services and locate "miniupnpd" and then click the Green up arrow to start the service.

Once enabled and started you should be able to see the changes in iptables by using the Web Interface -> Firewall -> Iptables . The clients should show up under "Chain UPNPFW" for "iptables" and "IPTable Network Address Translation" tables.

  • https://en.wikipedia.org/wiki/Universal_Plug_and_Play
  • http://miniupnp.free.fr
  • https://github.com/miniupnp/miniupnp/blob/master/miniupnpd/miniupnpd.conf
Edit Page ‐ Yes, you can edit!

Older Revisions • April 16, 2015 at 12:23 pm • Erik Kapfer