03-14-2023 01:08 AM
Hi there!
I have recently logged-in into the settings of my T3200M modem from Telus to check how the firewall was set-up, and I discovered that there were lots of port forwarding rules set-up on the device. Over 20 or so, all from the same LAN start/end port, over TCP to various WAN start/end points. I didn’t set them up, so I assume this was done by Telus.
I don’t have any other modem/router, everything is connected directly to T3200M. My home Wi-Fi is set-up through a separate access-point (also from Telus) which is connected to T3200M via ethernet. Some other devices are connected via ethernet as well (TV, NAS, PlayStation, etc).
My questions are:
1. Is the port forwarding something that Telus normally does when setting up their network? Do I need those, and if so - why? Or can I remove them?
2. Is the firewall setting “NAT only” adequate, or should it be changed to low/medium instead?
thanks everyone.
Solved! Go to Solution.
03-14-2023 11:53 AM
You should read up on UPnP. That is where all of those entries will have originated from and not from Telus. UPnP allows devices, and even software like games, to set up entries in the routing table so that they can receive data on a specific port and device on your home network. If you were to delete the entries and still had UPnP enabled, they'll just appear again once you use the device (PC, console, etc) or the software that originally created the entries in the first place. If UPnP was disabled, and it's not hard to do, then if you try to use a device or software that needs certain entries to work, you'd have to do that manually, assuming the device or software has the instructions available on what ports to use. Some sites do recommend disabling UPnP.
The firewall being set to NAT only isn't bad especially if you do any gaming.
03-14-2023 11:53 AM
You should read up on UPnP. That is where all of those entries will have originated from and not from Telus. UPnP allows devices, and even software like games, to set up entries in the routing table so that they can receive data on a specific port and device on your home network. If you were to delete the entries and still had UPnP enabled, they'll just appear again once you use the device (PC, console, etc) or the software that originally created the entries in the first place. If UPnP was disabled, and it's not hard to do, then if you try to use a device or software that needs certain entries to work, you'd have to do that manually, assuming the device or software has the instructions available on what ports to use. Some sites do recommend disabling UPnP.
The firewall being set to NAT only isn't bad especially if you do any gaming.
03-15-2023 02:06 AM
Thank you, this seems to be the reason, indeed. UPnP is enabled on my router. I have looked it up further, and it appears that all these port forwarding rules originate from my recently installed NAS and seem legit. That said, most of the sources that I read about UPnP on do recommend to disable it. Now, my question is: are these port forwarding rules which originate through UPnP permanent (until deleted manually), or temporary? If I disable UPnP, will these rules remain so that my NAS could work properly? I googled, but didn’t find any straightforward answer to this.
I was wondering whether keeping UPnP disabled most of the time and only temporarily enabling it when connecting new devices (such as a NAS) to the network would help to avoid setting up port forwarding rules manually, yet not keep the network vulnerable for potential attacks all the time.
Thanks!
03-15-2023 12:01 PM
I believe any UPnP forwading entries will be removed if you disable it. This is mentioned here:
Configure UPnP port forwarding - Google Fiber Help
I tend to agree with this article with respect to use of UPnP:
What is UPnP and is it Safe? (lepide.com)
FWIW I have it enabled and also use a NAS.
03-14-2023 04:02 PM
1. I checked port forwarding on my T3200 and aside from the rules I've created the only ones there are for the Telus Wi-Fi access point.
2. What do you consider adequate? Unless you have specific requirements I would stick with the default.
03-15-2023 02:09 AM
Thank you. Looks like this was done my my NAS via UPnP. By “adequate” I mean “safe enough” or “most recommended” for an average user. E.g. UPnP seems to be enabled by default on most routers - yet, from what I read, most sources recommend turning it off.