UPnP and NAT-PMP

NetworkPro · November 9, 2011, 8:23am

Hi.

UPnP exposes information to the internal users. It should be possible to make use of UPnP portforwarding only while maintaining stealth.

NAT-PMP would be good to have as well considering UPnP has been suboptimal so far.

What do you think?

dadaniel · November 10, 2011, 9:46am

It would be great to have the same features as seen here in Tomato Firmware:

NetworkPro · November 10, 2011, 9:51am

Yes. This is serious.

MikroTik, Please.

elgo · November 29, 2011, 10:48am

Would be a damn good idea.

normis · November 29, 2011, 10:52am

send this feature request to support

NetworkPro · October 13, 2012, 9:52am

Can we please have decent/best in world UPnP already ?

I am talking about making it usable in ISP/Wireless ISP environments with higher requirements about security, usability and stability for customers without public IPs.

Thank you.

janisk · October 15, 2012, 12:53pm

you can have decent UPnP:
http://wiki.mikrotik.com/wiki/Manual:IP/UPnP

Quindor · November 8, 2012, 12:03pm

I second this request. Settings like those suggested from Tomato are necessary to be able to use uPNP on a larger scale. Currently there is no way to do the cleanup in a decent way. Also secure mode can be very important in a hack sensitive environment.

Especially with IPv4 filling up or rather, having filled up. It’s of paramount importance to have great uPNP and NAT-PMP support. NAT will only get used more and more the coming years instead of less.

jarda · April 3, 2015, 7:51am

Is it on to-do list or not?

Zorro · April 9, 2015, 6:54am

NAT-PMP features - imply vulnerable code usage(unless someone re-wrote “from scratch” clean fork, which is unlikely) and actual only among Apple “MacOS”(glorified xBSD mix/mess with ugly UI/DE) users, ie niche market.
probably if Apple consumers fill petition to invest/pay into Mikrotik to implement that - it may happen. for example.

laimis17 · September 28, 2015, 5:16am

Well NAT-PMP carries other advantages like:
DNS Long-Lived Queries - a protocol for setting up long-lived DNS queries with change notification, as a more efficient alternative to rapidly polling the server
and
Dynamic DNS Update Leases - a protocol for performing DNS Dynamic Updates with an attached lease time, that are automatically deleted unless renewed before the lease expires, much like a DHCP address lease.

Cisco and juniper adopted it in carrier grade NAT.
I think if Mikrotik would adopt this protocol, this fact would catch attention among mac and i* users.

Zorro · October 10, 2015, 7:54pm

personally i more like enjoy others NAT-T things support in RouterOS, but if anyone be happier with NAT-PMP its okay, WHEN/IF someone implement relatively secure support of it, which is not happened, yet, sadly
and since NAT-PMP mention - why not PCP instead, which is ough to be replacement for NAT-PMP, right ?
ie, This thing https://en.wikipedia.org/wiki/Port_Control_Protocol
its support EAP and other essential features and thus resolve portions of concerns/flaws both security and performance -wise.
and yes, it May be useful. just like DIAMETER implementation along with RADIUS its ought to replace over time/years.

laimis17 · May 10, 2016, 2:26pm

Any news on from mikrotik on implementation (PMP or PCP).
Come on guys, tell us you’ve done it already!

Zorro · May 15, 2016, 6:09am

PCP would be funny things https://en.wikipedia.org/wiki/Port_Control_Protocol
aswell as configurable NAT-T implementation.
implementing NAT-PMP(that ought to be replaced by PCP)had not much sense by itself.