Today, my son came to me whining that his Xbox is spitting out errors that it couldn't open a port because it couldn't find the upnp on the new router.
After doing some reading, I enabled the upnp2 service on ERL but before you all go jump on me to tell me I am crazy to enable the upnp service on my router. I done some serious reading learning that I could set ERL upnp2 only to listen local lan for probes and block any upnp probe from outside network (WAN).
Now my son Xbox is happily connected to internet without spitting out errors and I already did a upnp probe with Shield UP probe test which it detected no upnp on my WAN ip address.
i could add ACL rules for upnp to allow only certain devices to open upnp for more security but i figured since it could not be probed from the outside that it secured enough as it is. I know it not fool-proof but it better than a whining son who couldn't play his game in peace.