NOTE: The following guide assumes you understand UNIX.

I needed to install MiniUPNP to get NAT-PMP on DD-WRT. I did lots of research and finally found the right way to do it.

First search Google for a compatible version of OpenWRT for your router, mine being, then look at the firmware download links for the location of the firmware, in my case, then go into packages and  search for miniupnpd. SSH or telnet into the router and run wget -O /tmp/miniupnpd.ipk (replace URL with correct one for your router), then run ipkg install /tmp/miniupnpd.ipk to install. Once you have it installed, test to verify it runs by typing miniupnpd. If it gives an error saying a library is needed, look for that library in the packages folder and possibly install the same way you installed miniupnpd.

Once miniupnpd runs properly, remove the file /jffs/etc/config/upnpd and vi /jffs/etc/miniupnp.conf to paste the following config, modifying for your network (I use for my router, most dd-wrt routers are configured for

# network interface
# if the WAN interface has several IP addresses, you
# can specify the one to use below

# LAN network interfaces IPs / networks
# there can be multiple listening ips for SSDP traffic.
# should be under the form nnn.nnn.nnn.nnn/nn
# It can also be the network interface name (ie "eth0")
# It if mandatory to use the network interface name to enable IPv6
# HTTP is available on all interfaces.
# When MULTIPLE_EXTERNAL_IP is enabled, the external ip
# address associated with the subnet follows. for example :
# listening_ip=
#listening_ip= listening_ip= #listening_ip=eth0
# port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.

# path to the unix socket used to communicate with MiniSSDPd
# If running, MiniSSDPd will manage M-SEARCH answering.
# default is /var/run/minissdpd.sock

# enable NAT-PMP support (default is no)

# enable UPNP support (default is yes)

# configure minimal and maximal lifetime of the port mapping in seconds
# 120s and 86400s (24h) are suggested values from PCP-base

# chain names for netfilter (not used for pf or ipf).
# default is MINIUPNPD for both

# lease file location

# name of this service, default is "`uname -s` Router"

# bitrates reported by daemon in bits per second

# "secure" mode : when enabled, UPnP client are allowed to add mappings only
# to their IP.

# default presentation url is http address on port 80
# If set to an empty string, no presentationURL element will appear
# in the XML description of the device, which prevents MS Windows
# from displaying an icon in the "Network Connections" panel.

# report system uptime instead of daemon uptime

# notify interval in seconds. default is 30 seconds.

# unused rules cleaning.
# never remove any rule before this threshold for the number
# of redirections is exceeded. default to 20
# clean process work interval in seconds. default to 0 (disabled).
# a 600 seconds (10 minutes) interval makes sense

# log packets in pf (default is no)

# anchor name in pf (default is miniupnpd)

# ALTQ queue in pf
# filter rules must be used for this to be used.
# compile with PF_ENABLE_FILTER_RULES (see config.h file)

# tag name in pf

# make filter rules in pf quick or not. default is yes
# active when compiled with PF_ENABLE_FILTER_RULES (see config.h file)

# uuid : generate your own with uuid=a68ce000-5cf5-11e3-949a-0800200c9a66

# serial and model number the daemon will report to clients
# in its XML description

# UPnP permission rules
# (allow|deny) (external port range) ip/mask (internal port range)
# A port range is <min port>-<max port> or <port> if there is only
# one port in the range.
# ip/mask format must be nn.nn.nn.nn/nn
# it is advised to only allow redirection of port above 1024
# and to finish the rule set with "deny 0-65535 0-65535"
allow 1024-65535 1024-65535
deny 0-65535 0-65535

After you write and close vi, vi /jffs/etc/config/miniupnp.startup to add the following which will make it start up at boot.


#Wait for firewall and other services to startup.
sleep 30

#Configure firewall rules for MiniUPnP
/usr/sbin/iptables -t filter -N MINIUPNPD
/usr/sbin/iptables -t filter -I FORWARD 4 -j MINIUPNPD
/usr/sbin/iptables -t nat -N MINIUPNPD
/usr/sbin/iptables -t nat -I PREROUTING 1 -j MINIUPNPD

#Start MiniUPnP
/jffs/usr/sbin/miniupnpd -f /jffs/etc/miniupnp.conf -d

and then run chmod +x /jffs/etc/config/miniupnp.startup to make it executable.

To enable jffs, look at

Be sure to disable old UPnP server on DD-WRT.

You can of course run it without rebooting to test by running the command noted above.

I used to test the server.

Previous Post Next Post