miniupnpd missing

refering to : Miniupnpd deprecated

Short and simple question, can we have back miniupnp please!
Why were a remove of the package justified with a “security” reason?

If someone didn’t installed it because of “security reasons”, what will a complete refuse of the package gain for a safety me?
If you not need it, just don’t install it, thats all for your “security”.

From a gamer’s point of view and multiple Gaming-Console user, there is no possibility to play with multiple consoles on the same time.
How should i tell different consoles to use different ports for the same game and game services?
One of the devices will ever give an error or will have restricted or limited access to the game services because of used and blocked ports.
I can not edit the gamefiles on a gaming-console and therefore i can’t change the used ports.
Plain and simple, it is not possible anymore to use Ipfire!

Is this the way you want it? No Gamers welcome? Because of “security”?

What if someone has outgoing Firewall behavior allowed and a malware connection that uses a STUN or any other UDP hole punching?
Did you ever uses skype or teamviewer behind a firewall? Because of the security you have to block and ban everything then?

You have to change your thoughts over upnp, if you don’t see it througt your PC-Glasses and possible maleware infect etc. or simply not intended use it.

It is not possible to install maleware on consoles, so there will be no reason to not use upnp for such devices.
This devices have it’s own firewall, in it’s own cosmos and many mechanics on board to penetrate every consumer router. But if you connect a second console, than will be the fun be started. I really wish you 2 boys with gaming consoles and one can disconnect the other by simply turning on the console.

Must i really change the distribution for my firewall/router to a different one?
That would be a real shame, i like ipfire, but our ways diverge then, because of different security understanding.

Jan,

Did the workaround suggestions in the Miniupnpd deprecated link not work?

Connecting via ORANGE (or even BLUE) is a good, workable solution. There are no changes needed to the ports on the gaming device!

We use MS Teams, FaceTime, Zoom and WebEX - all work A-OK for me without anything special added (like a firewall rule).

What did not work for you?

Hey!

How should the “workaround” work like UPNP? How should i tell two or more devices to use different NATed Ports for the same service? The needed Ports are used once and if another device will use it, you get restricted or limited access, because of these blocked ports. So these “workaround” (btw. it is not a workaround) work for exactly one device, if you are too lazy to make a port forward, but not for two or three or …

There is no alternative to UPNP as long we stick to IPv4 and NAT.

You have an security problem then, if you did not need any additional firewall rules.
Otherwise everything is fine here except the problem with the missing UPNP and no possible alternative.

Hello!

@ms
@arne_f

Would a responsible person have mercy and please answer if the upnp package comes back or not? Would be important for me, because if not, i have to change the distribution.

Hi,

we currently do not have any plans to bring back this package. UPnP is broken, a massive security problem and practically not supported by many clients any more.

Your gaming should work without it. What is the problem you are facing?

-Michael

Hi!

No it will definatly not work.

You have two or more Machines (Gaming-Consoles), that have the same services, same ports are used and no possibility to edit the files on these machines.
So if one Gaming-Console is online an the second one will be turnd on, the first Gaming-Console will lost the connection because of double used NATted ports. Or the second Gaming-Console will have no connection to the Service because of blocked ports from the first Gaming-Console.

I don’t think i have to explain the NAT and port restrictions here!

Hmmm… nice discussion about this behavior!

Anyway, thank you very much for the reply!

I am really sad about it, but it is your decision.
Thank you for having me the last 8 years to use Ipfire!

Over and out!

@me
please delete my account. Thanks!

No you don’t, but this is not how NAT works. There will be different outgoing ports being used.

What game console are you using?

There is no need to be sad about this. It is a really really bad idea to continue using UPnP. We are not taking these decisions to annoy people for our own entertainment. It is a technical necessity.

Here is a good write up from another source: Reddit - Dive into anything

I would really urge you to not use UPnP any more. You practically disable the firewall and allow all sorts of hosts to access your network from the internet.

I want just to do a ‘meta’-comment.

The topic was first blocked because of ‘too fast typing’ ( whatever that means and how the system stated this ).
I’ve allowed this post, because I felt it would start a new fundamental discussion about upnp.
Nice to see, I was right.

Hi!

Just one more post, i can’t leave it like that.

So you have no clue how gaming consoles work. There is no randomisation of service ports.
Your have to think about that the consoles acting as a server and they provide services on the (inter)net-work. They use STUN, Teredo, IPSec, TCP, UDP, VOIP and so on. The gaming Consoles are provide Chatsever, Relayserver, Gameserver, Listenserver, Fileserver, VPN and so on.

They are not dumb typing machines like PCs to watch some porn in the internet.

Please inform yourself before making such unqualified claims that they use randomisated ports only.

Please what?
Tales of upnp or what we talking about?

That manufakturer of consumer Router are too dumb to configure the own RouterOS and provided UPnP as a service on Port 1900 to the WAN side. The real problem with UPnP sits in front of the computer and read this Post.

Any NAT can be punched though as easily as with UPnP if the firewall is incorrect configured, like 90% of the Consumer or maybe many more Routers out there. To name just a few well-known methods: NAT Slipstreaming, UDP hole punching, STUN and certainly many other unknown methods out there.
Mostly you can use Teamviewer, Skype or any other Software that use UDP hole punching behind a “firewall” without to add or edit any rule. So in sight of security you have than prohibit NAT intirely.

Fact is, if you want to operate more than one gaming console at the same time and you will have the best expirience of entertainment, you need UPnP as long as we stick to IPv4. You can discuss about the use of UPnP, but it doesn’t change the fact, that you can’t change the ports to use without UPnP and there are not one alternativ out in the wild. So if UPnP is outdatet in your thougth, than IPv4 is outdatet and therefore IPfire is outdatet and have to be removed. Ohh whait…

Copy and Paste

Bye!

Yes you were.

Thank you very much. I am very well informed about how the firewall in IPFire works. The behaviour of the client device does not matter for that.

However, just think that I was trying to help you here. Trying to find the right solution that works for you and others that doesn’t completely expose every single host on your network to anyone on the internet. Let’s just say I care about IPFire.

Unfortunately I wasn’t as awake as Bernhard was and I didn’t see how you just wanted to rant and tell us all how unhappy you are with your game console using some technology that simply doesn’t work.

I hope you find some other software that does what you want it do to.

For all the others who run into the same problem: Please do not use UPnP. Just don’t it is that broken. Simply put your games console in front of the firewall. At least that doesn’t harm your network then. It is really really that broken.