I hope this thread doesn't devolve into a uPnP crucifixion discussion, that has been covered before.
But here goes.
For those of that you need for some reason to use the function in Synology NAS that opens uPnP ports - don't, use this alternative instead.
Some of you will be lucky and find that the synology router wizard sets to NAT-PMP - for the rest of us it doesn't unless synology added it to its router database.
Simply:
Now instead of using uPnP NAT-PMP will be used.
Note your router has to support nat-pmp for this to work.
Note if you set upnp to no in the next file the remote access wizards will never use it! Not even accidentally....
Note this only affect the daemon in the synology OS this won't affect packages, docker containers etc that have upnp disabled.
Hopefully this helps some of you with your upnp mitigation strategies.
But here goes.
For those of that you need for some reason to use the function in Synology NAS that opens uPnP ports - don't, use this alternative instead.
Some of you will be lucky and find that the synology router wizard sets to NAT-PMP - for the rest of us it doesn't unless synology added it to its router database.
Simply:
- login with an SSH client
- navigate to /etc/portfoward
- use sudo vi router.conf to edit the router.conf
- change the following lines in the file:
- support_change_port=yes
- support_router_upnp=yes
- support_router_natpmp=yes
- router_type=natpmp
- leave all other lines as-in
Now instead of using uPnP NAT-PMP will be used.
Note your router has to support nat-pmp for this to work.
Note if you set upnp to no in the next file the remote access wizards will never use it! Not even accidentally....
Note this only affect the daemon in the synology OS this won't affect packages, docker containers etc that have upnp disabled.
Hopefully this helps some of you with your upnp mitigation strategies.