So, What is UPnP? Good question. The reason you’re probably here is that you have a game on your XBox that says it needs UPnP. Whatever the reason why you’re asking, this is a brief overview of what it is.
UPnP, according to the standard’s website: “The UPnP architecture is a distributed, open networking architecture that leverages TCP/IP and the Web to enable seamless proximity networking in addition to control and data transfer among networked devices in the home, office, and everywhere in between.”
What that means is that it makes network configuration a lot easier for the home user. The question is then: Why isn’t everyone using it?
The answer is security. UPnP interacts with a firewall and opens (and later closes) holes to make communication easier between devices. While this is a great benefit to people wanting things to just work, you lose some of the security of only allowing certain network traffic in and out of your network.
Bottom line: Corporations don’t use UPnP, generally, home users do. If you are concerned about security, I would suggest learning how to port forward, yourself.
Why use UPnP?
In order for a devices to communicate over networks, they have to get several different pieces of information from the router or server (or they need to be manually configured… gross). These pieces are:
- An IP address
- A name
- DNS settings
- Network information (subnet mask, etc)
You said that UPnP messes with the router/firewall
I did. And it does. I’ll explain.
The TCP/IP suite uses ports, along with IP addresses, to communicate. Let’s say 192.168.100 wants to talk to 192.168.1.101. First! 192.168.1.101 must be listening on a specific port (we’ll say port 80). Second! 192.168.1.100 will open up one of its ports (this will be a random number below 64,000 and above 1024).
Diagram:
That’s all well and dandy, but… we have hackers. Hackers will exploit machines by attacking them on these ports that they listen on (such as port 80). PCs actually listen on several ports by default, and so this can be a huge problem once we connect a computer to the internet.
If you hook up a PC with no firewall protection to the internet, it will be port scanned and exploited. That is why routers and Operating Systems provide firewall services. It basically will ONLY allow traffic on specific authorized ports, not 1–64,o00.
Additionally, your router also NAT’s your traffic (Port address Translation, to be specific), so, it makes it slightly more difficult for traffic to come to your computer because your firewall is helping your computer share ONE IP address. Wikipedia has further explanation on NAT/PAT.
So, what does UPnP do to your firewall/router?
UPnP will dynamically open up ports on your firewall when applications need them. In other words, rather than having to allow certain ports through your firewall whenever your application requests access, it will give this access automatically. This works amazingly for applications that are network intensive, such as multiplayer games, or peer-to-peer applications (such as Steam, or BitTorrent). All of these programs listen on specific ports to communicate, and they will not communicate properly unless the ports are “opened” or forwarded properly on your firewall. UPnP negates the need to manually port forward! Let me say that again with a carriage return as buffer for emphasis.
UPnP negates the need to manually port forward!
Exciting, right?
Okay, I’m converted, how do I enable UPnP?
You have to make sure your OS (or XBox) has it enabled. In Windows 7, go to Network and Sharing Center–Advanced Sharing Settings–and Enable Network Discovery. In XP, it is a windows component (accessible through add-remove programs—windows component), and you have to install the UPnP network service. Follow Microsoft’s tutorial to see how to do this.
Additionally, you have to enable UPnP on your router. Hopefully our router supports it. If it doesn’t, you might look at installing an open source firmware replacement (such as DD-WRT or Tomato) to do this.
In DD-WRT, it’s under NAT/QoS and UPnP: See the picture:
Enable UPnP
When will UPnP not do me any good?
If you aren’t using multiplayer games or online consoles, or if you don’t use Steam, BitTorrent, or any number of peer-to-peer programs, OR… if you want to share files over your home network without having to manually configure your devices (although Windows does a great job of taking a lot of work out of this, already), then… UPnP won’t do much for you.
Additionally, if you have a Double NAT situation, e.g. you live in an apartment complex and your WAN IP is a private IP (such as you can see from my dd-wrt picture), then your router’s UPnP will not do you much good.
Summary
UPnP is a standard to take out the work from network configuration. Your devices will detect each other automatically, and communicate with devices over the internet much smoother. Although UPnP is potentially dangerous, and not recommended for corporate situations, it is a lot easier than having to make port forwarding entries for every peer-to-peer program you will ever use.