UPNP2 doesn't seem to be working after I put my firewall in place. It is driving me mad as it seems to stop my computer that connects to an exchange server from authorising.
Is there anything that I can do?
Output of show upnp2 rules:
show upnp2 rules Firewall pin holes pkts bytes target prot opt in out source destination NAT port forwards pkts bytes target prot opt in out source destination
firewall
show firewall
all-ping enable
broadcast-ping disable
ipv6-name Allow-All-IPv6 {
default-action drop
enable-default-log
rule 1 {
action accept
state {
established enable
related enable
}
}
rule 2 {
action drop
log enable
state {
invalid enable
}
}
rule 100 {
action accept
protocol ipv6-icmp
}
rule 2000 {
action accept
description "Allow all traffic"
protocol all
}
}
ipv6-name Allow-EST-Drop-INV-IPv6 {
default-action drop
enable-default-log
rule 1 {
action accept
state {
established enable
related enable
}
}
rule 2 {
action drop
log enable
state {
invalid enable
}
}
rule 100 {
action accept
protocol ipv6-icmp
}
}
ipv6-name LAN-Local-IPv6 {
default-action drop
enable-default-log
rule 1 {
action accept
state {
established enable
related enable
}
}
rule 2 {
action drop
log enable
state {
invalid enable
}
}
rule 100 {
action accept
protocol ipv6-icmp
}
rule 200 {
action accept
description "Allow HTTP/HTTPS"
destination {
port 80,443
}
protocol tcp
}
rule 600 {
action accept
description "Allow DNS"
destination {
port 53
}
protocol tcp_udp
}
rule 700 {
action accept
description "Allow DHCP"
destination {
port 67,68
}
protocol udp
}
rule 800 {
action accept
description "Allow SSH"
destination {
port 22
}
protocol tcp
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name Allow-All {
default-action drop
enable-default-log
rule 1 {
action accept
state {
established enable
related enable
}
}
rule 2 {
action drop
log enable
state {
invalid enable
}
}
rule 2000 {
action accept
description "Allow all traffic"
protocol all
}
}
name Allow-EST-Drop-INV {
default-action drop
enable-default-log
rule 1 {
action accept
state {
established enable
related enable
}
}
rule 2 {
action drop
log enable
state {
invalid enable
}
}
}
name LAN-Local {
default-action drop
enable-default-log
rule 1 {
action accept
state {
established enable
related enable
}
}
rule 2 {
action drop
log enable
state {
invalid enable
}
}
rule 100 {
action accept
protocol icmp
}
rule 200 {
action accept
description "Allow HTTP/HTTPS"
destination {
port 80,443
}
protocol tcp
}
rule 600 {
action accept
description "Allow DNS"
destination {
port 53
}
protocol tcp_udp
}
rule 700 {
action accept
description "Allow DHCP"
destination {
port 67,68
}
protocol udp
}
rule 800 {
action accept
description "Allow SSH"
destination {
port 22
}
protocol tcp
}
}
options {
mss-clamp {
mss 1412
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enableZone policy
show zone-policy
zone LAN {
default-action drop
from Local {
firewall {
ipv6-name Allow-All-IPv6
name Allow-All
}
}
from WAN {
firewall {
ipv6-name Allow-EST-Drop-INV-IPv6
name Allow-EST-Drop-INV
}
}
interface eth1
interface eth2
}
zone Local {
default-action drop
from LAN {
firewall {
ipv6-name LAN-Local-IPv6
name LAN-Local
}
}
from WAN {
firewall {
ipv6-name Allow-EST-Drop-INV-IPv6
name Allow-EST-Drop-INV
}
}
local-zone
}
zone WAN {
default-action drop
from LAN {
firewall {
ipv6-name Allow-All-IPv6
name Allow-All
}
}
from Local {
firewall {
ipv6-name Allow-All-IPv6
name Allow-All
}
}
interface pppoe0
interface eth0
}upnp2
show service upnp2 listen-on eth1 listen-on eth2 nat-pmp disable secure-mode disable wan eth0