So I have UPnP enabled, but it doesn't seem to be working correctly. I don't have any dynamic dst-nat rules popping up in my NAT chain, and internal devices that rely on UPnP-based port forwarding are not working properly. Specifically, I can see a lot of the traffic that should be forwarded getting dropped by by INPUT chain. Anyone seen this or have a workaround that doesn't poke a huge hole in my firewall?

Same here (RB450G running latest version of software). I thought I was doing something wrong, but maybe not?

Tytaptalkowane na notatniku

I don't allow upnp at all because it opens holes into the firewall for every application running on whatever device in the network. I consider this as very unsafe.

Generally, it is. That's why I restrict all my UPnP devices to a single subnet with nothing sensitive. Regardless, it doesn't look like the UPnP function is working correctly when enabled.

I just tested it on CHR with ROS 6.32.4 (bugfix) and 6.34.3 (current) and it seems to work. No special config, just enabled UPnP, set internal and external interfaces and that's it.

When I open port using standard interface in Windows (tested with 8.1), correct dynamic rule gets added to IP->Firewall->NAT. The only problem is that Windows says something like "gateway did not accept changes" (I have localized Windows, so it's probably not the exact translation). But I remember this happening since long time ago. Different UPnP client (upnpc from http://miniupnp.free.fr) just works without complaints.