Most distributions provide the Linux IGD package (linux-igd) to provide UPnP port mappings for workstations behind a router. linux-igd does not support multiple WAN connections (nor do other UPnP providers) and the patches submitted to linux-igd do not work.

Using UPnP with multiple WAN connections is a problem since the UPnP specification does not define what should happen when multiple WAN connections are available which makes UPnP unusable in situations where connections are load-balanced over multiple outbound interfaces.

A workaround is to start as many daemons as there are WAN interfaces available such that whenever a client requests a port reservation, all the upnpd daemons will add a forward for the WAN interface that they are bound to.

First install linux-igd, on Debian:

aptitude install linux-igd

but do not configure the package / daemon by editing /etc/default/linux-igd.

Create the following unit file at /etc/systemd/system/linux-igd@.service with the following contents:

[Unit]
Description=Start Linux IGD on WAN Interface %i
After=network-online.service

[Service]
[Unit]
Description=Start Linux IGD on WAN Interface %i
After = network.target

[Service]
Type=simple
KillMode=process
User=root
ExecStart=/bin/sh -c "/usr/sbin/upnpd -f `echo %i | cut -d '-' -f 1` `echo %i | cut -d '-' -f 2`"

[Install]
WantedBy = multi-user.target

Now, for all WAN interfaces, ie: eth2, eth3, …, enable upnpd by issuing:

systemctl enable linux-igd@WAN-LAN.service

where:

• WAN is a WAN interface,
• LAN is the local LAN interface

For instance, given two external interfaces eth2, eth3 and a LAN interface named br0, the commands would be:

systemctl enable linux-igd@eth2-br0.service
systemctl enable linux-igd@eth3-br0.service

Finally, start the daemons, by issuing:

systemctl start linux-igd@eth2-br0.service
systemctl start linux-igd@eth3-br0.service

The UPnP specification does not explicitly define what should occur when multiple WAN interfaces are available such that the method described here will naively add the port mapping to all WAN interfaces. Unfortunately, unless some sort of connection tracking is bundled with UPnP, there is no other way to deal with multiple WAN interfaces. Nevertheless, this solution should be sufficient to work around route-based load balancing and provide UPnP to a local network.