As a work-around to my recent trouble in letting customers be able to manage port forwarding on their own, I’ve noticed that MT supports uPNP. Anyone out there use this? I’ve only seen uPNP in action once anywhere and I think AOL was the client and it was a Stinksys router. Seemed to work alright.
uPNP works fine on a private network. I use it on my own home MT router. MSN and a few other software uses it.
BUT, this shouldn’t be implemented on a public network. Any Windows XP client on the ‘internal’ side has the capability of disabling the ‘external’ interface without any form of authentication or special priveledges.
I had reported this to MT in September last year (was still in v2.
, and in fact they added the option ‘Allow to disable External Interface’, which is unchecked by default. But, last time I checked, this option doesn’t make any difference, the external interface can still be disabled
Well, after a bunch of brain storming, comments by others, etc. I’m thinking of going the route of delivering a public ip via PPPoE to their MT CPE. Their internal network is NAT’ed. Turn on uPNP for the client’s internal network. If they need something beyond what uPNP can deliver, either they deal with it or pony up for a managed firewall\router service where they have me make these changes to their NAT for them for a fee.
This feature should work. If it isn’t please make the support outout file when you have successfully disabled the external interface.
Sent to support@mikrotik.com
this will be fixed in the next release.