UPNP2/NATPMP

Topics including remote access and management can go here, including port forwarding, telnet, ssh, and advanced network settings.
Forum rules
We've moved! Head over to Synology Community (community.synology.com) to meet up with our team and other Synology enthusiasts!
mrfjong
Trainee
Trainee
Posts: 14
Joined: Thu May 16, 2013 12:29 pm

UPNP2/NATPMP

Unread post by mrfjong » Sun Aug 12, 2018 8:21 pm

Hello,

I am using NATPMP in Securemode on my Synology NAS.
When I do "show upnp2 rules" on my Ubiquiti Edgerouter I can recognize all the ports that are set up by the NAS apart from one port range: 1024 to 1033.

Does anyone know which application or service could be using those ports / or how to go about identifying the process that asks for the ports? I have tried logging into the NAS and used "netstat -tulpn", but no processes using those ports mentioned are listed. I have also cleared the rules on the Ubiquiti and rebooted the NAS, and it requests the rules straight away again.

(Please do not post replies saying I should not be using upnp - while I appreciate the concern)

Kind regards
Last edited by mrfjong on Mon Aug 13, 2018 8:16 am, edited 1 time in total.

User avatar
mike42dk
Proficient
Proficient
Posts: 2984
Joined: Sun Jun 06, 2010 7:45 am
Location: Denmark

Re: UPNP2/NATPMP

Unread post by mike42dk » Mon Aug 13, 2018 7:20 am

Hi

My bid could be that you are running CloudStation, it has been reported to use port 1024
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
DS 415+ DSM 6.2
2 WD red 2 TB RAID 1
2 Seagate nas 4 TB basic
DX 213
1 WD purple 1 TB basic

mrfjong
Trainee
Trainee
Posts: 14
Joined: Thu May 16, 2013 12:29 pm

Re: UPNP2/NATPMP

Unread post by mrfjong » Mon Aug 13, 2018 8:23 am

Hey Mike,

Thank you for the suggestion, and I think you could be right.
I am not running CloudStation, but I am running Drive which I believe is the successor to CloudStation.

I feel pretty confident I do not have any malware so I guess I will leave it at that.

However, I would really appreciate if som Linux guru could give me some valuable input on how to better identify which process uses or requests which ports through upnp.
Alternatively, if there is some clever/easy way to sniff the traffic and identify upnp requests
+ which process is making them from the packets?

UPDATE: I disabled Drive and Plex - but the ports are still being opened by the NAS. I
I blocked those ports in the NAS software firewall just in case - but I still want to know what they are.
I am leaning towards a theory where the Ubiquiti remembers something from earlier that is not relevant anymore.
(That the clear upnp2 rules does not in fact permanently clear everything as is should be).

Kind regards

Locked

Return to “Remote Access and Network Management”