To the lazy user

When you want be with more then one hosts (PCs) at the same in the Internet whilst have only one IPv4 IP address, you have configure OpenWrt to perform Network address translation (by default). When using NAT, certain services require Port forwarding.

Port forwarding should be always done manually in /etc/config/firewall as described in subsection: redirects. It is not really complicated. But because people tend to be lazy, other people address their lazyness:

There are a couple of security nightmares, which offer to do necessary (and maybe unnecessary as well!) port forwardings "auto-magically" for you. The way this works is, that you install a daemon on OpenWrt, which listens to request from programs you run on hosts (PC, gaming console, ..) in your internal LAN which ports to forward. There are a couple of different network protocols based upon which the communication between the requesting side and the serving side takes place. They are incompatible with one another.

UPnP and NAT-PMP Upnp en de
UPnP and NAT-PMP NAT Port Mapping Protocol (NAT-PMP)
Zero configuration networking
? Port triggering

All these protocols do not address real technical problems, but their only purpose is to spare the user the need to learn about his network and configure it. While this is not a bad thing per se, such solutions do pose security risks.

Back to top

doc/howto/user.beginner.lazy.txt · Last modified: 2013/09/26 13:05 by sourcejedi