os-upnp tries NAT-PMP probing on WAN (when shouldn't)

[olmari]

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

• [X] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
• [X] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
• [x] The title contains the plugin to which this issue belongs

Describe the bug When NAT-PMP is enabled, the OPNsense/miniupnpd also sends the NAT-PMP "pbobes" to WAN-interface, while it should not. External interface is set up properly as WAN.

To Reproduce Steps to reproduce the behavior:

1. Install os-upnp
2. Set proper external and internal interfaces
3. Enable NAT-PMP Port Mapping
4. Enable UPnP (daemon itself)
5. See 224.0.0.1:5350 getting probed towards WAN-interface (exposed for example using "Block private networks from WAN" -rule)

Expected behavior NAT-PMP "probes" not to be sent towards WAN, or towards external interface specifically, which is almost always WAN.

Screenshots From firewall view:

Interface	Time			Source		Destination	Proto	Label	
WAN		2025-06-23T17:15:11	10.0.0.250:5351	224.0.0.1:5350	udp	Block private networks from WAN

Relevant log files None

Additional context

• In the screenshot the 10.0.0.250 is routers LAN-interface IP.
• NAT-PMP probes are sent from an <interface IP>:5351 to multicast IP 224.0.0.1:5350, but this should not happen towards the external interface set in os-upnp settings.

Environment OPNsense 25.1.9_2 (amd64). Deciso DEC750

[fichtner]

https://github.com/opnsense/plugins/pull/5005#issuecomment-3640502502

[OPNsense-bot]

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.