Normally the default "accept on input from LAN list" rule would cover uPnP negotiation. But if you had a more custom firewall, say VLANs, you'd need to allow those port on "input" to router. But these ports should NOT be exposed to the internet, only local LANs/VLANs. The uPnP "server" on the Mikrotik will add DYNAMIC rules as need by uPnP clients on the local network(s) (e.g. gaming console/things).Do I open these ports on the input chain? And the ports are "destination port"?
udp port 1900
tcp port 2828
When enabling uPnP, make sure pick the right interface for "internal" (e.g. if you have VLANs, you need to add them if you want them to use uPnP). And you WAN / internet should be marked as "external".
Statistics: Posted by Amm0 — Sun Jan 14, 2024 1:30 am