Community discussions

MikroTik App
just joined
Topic Author
Posts: 1
Joined: Mon Apr 01, 2013 2:22 am

Acting as UPnP client to open ports on another router.

Mon Apr 01, 2013 2:38 am

Hey I'm very new to RouterOS, and I'm wondering if its possible, via scripting, to open a port on another router using UPnP, ie, act as a UPnP client.

Anyone in here knows if this is straight-forward.. or is it possible at all ?

User avatar
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Acting as UPnP client to open ports on another router.

Wed Apr 03, 2013 11:04 am

uPnP is protocol with packet exchange to establish nat rules. i would not attempt to create/recreate it via scripting. Easier would be to run some guest as metarouter and use already made program to manipulate upnp.
just joined
Posts: 1
Joined: Wed Jul 24, 2019 12:38 pm

Re: Acting as UPnP client to open ports on another router.

Wed Jul 24, 2019 12:50 pm

I have LTE USB modem, Huawei E3372 which is acting like a router. IT appears as LTE interface (on interface list), and is reachable at IP Automatic DHCP client for that interface is assigned with IP with GW
Outgoing traffic is OK, this device is acting as NAT router, and works fine. I need to access the Mikrotik router from mobile network side. I have static IP on my SIM card, but this LTE USB modem is completely closed from that side.
Opening with browser the IP brings me to a very poor menu. There is no option to change LAN parameters, and in security tab, there is only option to enable UPnP. How can I simulate on my Mikrotik to act as UPnP client, and to open ports on this USB LTE modem for remote access, for example for port 22 (SSH) or 8291 (WinBox) ?
Any idea ?
just joined
Posts: 18
Joined: Thu Jul 18, 2019 10:51 pm
Location: Durban, South Africa

Re: Acting as UPnP client to open ports on another router.

Wed Nov 20, 2019 7:34 pm

A USB modem would not have it's own IP address as it is a USB modem.

If you are using a USB modem, on a USB port on the RB, then it should show up under /interface as lte1. If you have a static IP then you are good to go, if not, you can use /ip cloud to enable the built in RB Dynamic DNS functionality. Your external IP should appear under /ip addresses for the interface lte1. If you disable the default rules under /ip firewall you should gain access, but be warned this opens your RB to attack, so go to /ip service and disable the services you don't need and assign new port numbers to the ones you do need. Also when you go to /system users you can create a new user with full access and give him a unique name say, my4dm1n4cc as well as a secure password. Test this account has full access before disabling the default admin account. This ensures that you have a kind of virtual 2 step authentication. The hacker would need to guess your username and your password.

If you are running a USB Router Modem, that connects to your RB via LAN, you will need to get it to do port forwarding. Depending on the model, you will have different methods of doing this, however not all models do support it. If this is the case, toss it, you are not going to find an easy solution unless you spend extra money anyway. I would recommend getting your hands on a RB with builtin LTE functionality. If you can do port forwarding, then you are one step closer. You would have to then proceed with the steps from /ip firewall in the above paragraph.

Please remember, uPNP is not a replacement for Port Forwarding. It is designed for Games, Mediaplayers, and other devices that use Peer to Peer and Push communications, where a peer on the network (Internet) or a server, can initiate contact with the client. Trying to get uPNP to work in a bunch of layers (multiple routers) will become a headache. On sites where we run communal networks for student, who mostly want to play XBox and PlayStation instead of studying, we have assigned a seperate port forward for each person's console and set it up on their console.

Hope this helps.
I am a RouterOS Junkie... needing my daily fix. If I don't get to work on a RouterBoard I get a major itch.

Who is online

Users browsing this forum: No registered users and 12 guests