This wiki is a community-maintained resource about everything there is to know about IPFire.
You need to use pakfire and install miniupnpd either via the web interface or via 'pakfire install miniupnpd'
There is no graphical configuration for miniupnpd, it's all done via configuration file.
Edit /etc/miniupnpd/miniupnpd.conf . This is what mine looks like. I've included my comments.
# LAN network interfaces IPs / networks # there can be multiple listening ips for SSDP traffic. # should be under the form nnn.nnn.nnn.nnn/nn # HTTP is available on all interfaces # port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect. #port=0 # chain names for netfilter (not used for pf or ipf). # (Don't change these, otherwise you'll have to change some iptables code) upnp_forward_chain=UPNPFW upnp_nat_chain=UPNPFW # bitrates reported by daemon in bits per second # enable NAT-PMP support (default is no) # (I use NAT-PMP and UPNP, enable what you would like to use.) enable_natpmp=yes # enable UPNP support (default is yes) # (I use NAT-PMP and UPNP, enable what you would like to use.) enable_upnp=yes # "secure" mode : when enabled, UPnP client are allowed to add mappings only # to their IP. # (I've always left this alone) secure_mode=no # report system uptime instead of daemon uptime system_uptime=yes # notify interval in seconds. default is 30 seconds. notify_interval=60 # unused rules cleaning. # never remove any rule before this threshold for the number # of redirections is exceeded. default to 20 #clean_ruleset_threshold=10 # clean process work interval in seconds. default to 0 (disabled). # a 600 seconds (10 minutes) interval makes sense clean_ruleset_interval=600 # serial and model number the daemon will report to clients # in its XML description serial=12345678 model_number=1 # UPnP permission rules # (allow|deny) (external port range) ip/mask (internal port range) # A port range is <min port>-<max port> or <port> if there is only # one port in the range. # ip/mask format must be nn.nn.nn.nn/nn # it is advised to only allow redirection of port above 1024 # and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535" #allow 0-65535 0.0.0.0/0 0-65535 # (You need to allow clients access. In my case I have one system I'm denying # access and then allowing everyone else) deny 0-65535 172.16.87.30/32 0-65535 allow 1024-65535 172.16.87.0/24 1024-65535
After updating the miniupnpd config file start the service by using the Web Interface -> Status -> Services and locate "miniupnpd" and then click the Green up arrow to start the service.
Once enabled and started you should be able to see the changes in iptables by using the Web Interface -> Firewall -> Iptables . The clients should show up under "Chain UPNPFW" for "iptables" and "IPTable Network Address Translation" tables.