I was setting up port forwarding for Apple Fileshaaring to a MacPro connected by ethernet to a new Verizon router FiOS-G1100 and noticed that some ports were already active for Port Forwarding:
MacPro name & IP address followed by :16402
UPnP IGD UDP 58625 (Applications & Ports Forwarded)
UDP Any -> 58625
MacPro name & IP address followed by :54045
UPnP IGD UDP 54045 (Applications & Ports Forwarded)
UDP Any ->54045
MacPro name & IP address followed by :54045
UPnP IGD TCP 54045 (Applications & Ports Forwarded)
TCP Any ->54045
MacPro name & IP address followed by :16402
UPnP IGD UDP 57749 (Applications & Ports Forwarded)
UDP Any ->57749
I tried to just turn the above off but they would then automatically turn back to active. I'm not sure why they are there and none of other Macs on this network show unexplained ports. When setting up the router, the FiOS tech support person used "Double-Click To Start Support Session" to access this Mac (in retrospect unnecessarily). I don't know if this is a leftover from that session. Since I don't want unexplained ports open in my firewall, can I delete?
In Port Triggering window, I noticed two ports open:
L2TP Triggering - Layer Two Tunneling Protocol
UDP Any -> 1701 (Outgoing Trigger Ports)
UDP Any -> Same as Initiating Ports (Incoming Ports to Open)
and
TFTP Triggering - Trivial File Transfer Protocol
UDP 1024 - 65535 -> 69 (Outgoing Trigger Ports)
UDP Any -> Same as Initiating Ports Incoming Ports to Open
- - - can these be turned off or deleted? Not sure what they are for but do not appear to be specific for a particular computer on the network.
there is also an Apple Extreme base station on network in bridge mode.
thanks!
Solved! Go to Correct Answer
For the first part, you have UPnP enabled on the router. Many routers include this feature which allows local devices to instruct a router to automatically add needed port forwards without requiring manual configuration. Great for ease of use, bad for security. That same capability can easily be used by a piece of malware to instruct a router to open backdoor ports into a system to allow an attacked in as well as allow applications to expose or make themselves vulnerable to attack from outsiders when you don't intend to have the service accessible from the internet.
I always recommend turning off UPnP. Most applications nowadays can work around not having it enabled and the few that can't can usually tell you what port forwards are required so that you can configure it manually. Find the UPnP page on your G1100 under the "Advanced" page on the administration page and disable it.
As for the triggers, unless you are running an L2TP based VPN connection or a TFTP server, you can disable these if you like. Of course, if you're not running these protocols on any system, they'll never trigger, so there is no real harm in leaving them either.
For the first part, you have UPnP enabled on the router. Many routers include this feature which allows local devices to instruct a router to automatically add needed port forwards without requiring manual configuration. Great for ease of use, bad for security. That same capability can easily be used by a piece of malware to instruct a router to open backdoor ports into a system to allow an attacked in as well as allow applications to expose or make themselves vulnerable to attack from outsiders when you don't intend to have the service accessible from the internet.
I always recommend turning off UPnP. Most applications nowadays can work around not having it enabled and the few that can't can usually tell you what port forwards are required so that you can configure it manually. Find the UPnP page on your G1100 under the "Advanced" page on the administration page and disable it.
As for the triggers, unless you are running an L2TP based VPN connection or a TFTP server, you can disable these if you like. Of course, if you're not running these protocols on any system, they'll never trigger, so there is no real harm in leaving them either.
Start a new topic or ask questions in the open forum.
