Miniupnpd is a internet gateway daemon that lets clients on a local network request ports to be forwarded to them using the UPnP and NatPMP standards. It is very small, it uses almost no memory and it can be configured to be more secure than most of the alternatives.
miniupnpd can be setup on a local networks firewall/gateway in order to provide programs running on clients on the local network with a means of requesting that ports be forwarded to them. Network-heavy programs like qBittorrent can use UPnP or NatPMP provided by miniupnpd to allow clients on the Internet to open direct communications with them.
miniupnp can be configured to restrict what ports clients on the local network can request. This is important because you don't want clients on the local network to be able to request ports like
443 if you are running a web server on the gateway or another box on your local network.
miniupnp does not offer any services beyond giving LAN clients the ability to have ports forwarded to them. It is not a DNLA server, it does not offer things like music streaming, file transfer or any other functionality you may find in other uPnP software. That can be a strength, miniupnpd does what it is supposed to and only that. If you use a GNU/Linux box as a gateway/firewall and you want LAN clients to be able to request a limited set of port then miniupnpd is a great choice.
deny lines in the above example are very important. The
allow configuration line should be
allow (external port or port range, min-max) (allowed subnet) (internal port or range)
So the following line will allow external ports 51000 to 54000 to be forwarded to ports 1024-65535 on any local network client on the subnet 192.168.0.1:
allow 51000-54000 192.168.0.1/24 1024-65535
Make sure you use/keep the
deny line the manual page and the default configuration file proposes:
deny 0-65535 0.0.0.0/0 0-65535
The above configuration example will not work on your machine uness you change
ext_ifname= to the interface facing Internet and
listening_ip= to the interface (or IP). You can have multiple
listening_ip= lines if you have multiple local networks.
The MiniUPnP project has a homepage at miniupnp.free.fr.