filecoin-project
Lotus: let DisableNatPortMap default to true
Checklist
- [X] This is not a security-related bug/issue. If it is, please follow please follow the security policy.
- [X] I have searched on the issue tracker and the lotus forum, and there is no existing related issue or discussion.
- [X] I am running the
Latest release, the most recent RC(release canadiate) for the upcoming release or the dev branch(master), or have an issue updating to any of these. - [X] I did not make any code changes to lotus.
Lotus component
- [ ] lotus daemon - chain sync
- [ ] lotus fvm/fevm - Lotus FVM and FEVM interactions
- [ ] lotus miner/worker - sealing
- [ ] lotus miner - proving(WindowPoSt/WinningPoSt)
- [ ] lotus JSON-RPC API
- [ ] lotus message management (mpool)
- [X] Other
Describe the Bug
DisableNatPortMap currently defaults to false.
This produces a lot of WARN level messages about upnp failures if the router isn't set up right. lotus seems not to be able to identify that it isn't able to perform the given task on the given device it runs upnp against and loops.
Beyond that: it isn't recommended to enable upnp router sides without good reasons to do so. having DisableNatPortMap default to false might encourage router settings that are unsecure or unable to be comprehended by the user in their full impact.
i'd remove upnp features completely from the code. the gains are outweighed by the risks i think
@f8-ptrk We will look into why this was set to false in the first place. But I think I do agree with you that there's no point in setting it to false if there's no strong reason to.
Next step for this ticket is to investigate why DisableNatPortMap defaults to false.
That said, FilOz is currently not going to prioritise doing this investigation in Q3, and we have therefore put up a "Good First Issue" ticket on it.
It defaults to false because it allows residential users to be dialled into.
