The MikroTik RouterOS supports Universal Plug and Play architecture for transparent peer-to-peer network connectivity of personal computers and network-enabled intelligent devices or appliances.
UPnP enables data communication between any two devices under the command of any control device on the network. Universal Plug and Play is completely independent of any particular physical medium. It supports networking with automatic discovery without any initial configuration, whereby a device can dynamically join a network. DHCP and DNS servers are optional and will be used if available on the network. UPnP implements simple yet powerfull NAT traversal solution, that enables the client to get full two-way peer-to-peer network support from behind the NAT.
There are two interface types for UPnP: internal (the one local clients are connected to) and external (the one the Internet is connected to). A router may only have one external interface with a 'public' IP address on it, and as many internal interfaces as needed, all with source-NATted 'internal' IP addresses.
The UPnP protocol is used for many modern applications, like most of DirectX games, as well as for various Windows Messenger features (remote asisstance, application sharing, file transfer, voice, video) from behind a firewall.
|allow-disable-external-interface (yes | no ; Default: yes)||whether or not should the users be allowed to disable router's external interface. This functionality (for users to be able to turn the router's external interface off without any authentication procedure) is required by the standard, but as it is sometimes not expected or unwanted in UPnP deployments which the standard was not designed for (it was designed mostly for home users to establish their ownlocal networks), you can disable this behavior|
|enabled (yes | no ; Default: no)||Enable uPnP service|
|show-dummy-rule (yes | no ; Default: yes)||Enable a workaround for some broken implementations, which are handling the absense of UPnP rules incorrectly (for example, popping up error messages). This option will instruct the server to install a dummy (meaningless) UPnP rule that can be observed by the clients, which refuse to work correctly otherwise|
/ip upnp interfaces
|interface (string; Default: )||Interface name on which uPnP will be running|
|type (external | internal; Default: no)||uPnP interface type:
|forced-external-ip (Ip; Default: )||Force static dst-address for NAT rules, if multiple public IP addresses are being used on WAN interface|
We have masquerading already enabled on our router:
[admin@MikroTik] ip upnp> /ip firewall src-nat print Flags: X - disabled, I - invalid, D - dynamic 0 chain=srcnat action=masquerade out-interface=ether1 [admin@MikroTik] ip upnp>
To enable UPnP feature:
[admin@MikroTik] ip upnp> set enable=yes [admin@MikroTik] ip upnp> print enabled: yes allow-disable-external-interface: yes show-dummy-rule: yes [admin@MikroTik] ip upnp>
Now all we have to do is to add interfaces:
[admin@MikroTik] ip upnp interfaces> add interface=ether1 type=external [admin@MikroTik] ip upnp interfaces> add interface=ether2 type=internal [admin@MikroTik] ip upnp interfaces> print Flags: X - disabled # INTERFACE TYPE 0 X ether1 external 1 X ether2 internal [admin@MikroTik] ip upnp interfaces> enable 0,1 [admin@MikroTik] ip upnp interfaces>