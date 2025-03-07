When designing products or protocols, there's often a trade-off to be made. Often, it's in favor of convenience instead of security, like with WPS pairing for Wi-Fi devices or UPnP, which lets devices open their own ports to the internet through a firewall. But did you know there's another network protocol that's similar to UPnP in scope that you should probably turn off in your router?

It's called NAT-PMP, or Network Address Translation Port Mapping Protocol, which lets a device on your home network ask the router to forward NAT traffic from an external source to it. Unlike UPnP, NAT-PMP takes some configuration to get working correctly and securely, but even then it's still a potential security risk. If none of your devices use NAT-PMP, you should probably turn it off in your router, or you can disable it on a per-device basis if you have a few devices that use it. It's often Apple devices or apps that use Apple's Bonjour service that use NAT-PMP, so that's a good place to start looking.

