Originally Posted by mingus
Both require UPnP to work? I thought that was a security risk and always disable that.
"UPnP is just as reliable, and as safe, as any applications running on your computer. If you control your computers properly, and ONLY trusted applications run on them, UPnP is perfectly safe. If you don't control your computers properly, applications hijacking UPnP to open holes in your router will be the least of your worries.
UPnP is actually more secure when your computers can be trusted. UPnP, as I state above, will dynamically instruct the router to close specific ports when they are not needed. Port forwarding, and port triggering, leave ports open forever.
The other advantage of UPnP is that it allows you to have servers on your LAN, using dynamic IP addressing. Port forwarding requires a server to have a fixed IP address. Port triggering, depending upon the NAT router, may or may not require a server to have a fixed IP address.
With port forwarding, or port triggering, you can have only a single computer on the LAN running a given server application. A pre defined port can be forwarded to only one server.
With UPnP forwarding, multiple computers can run the same UPnP compliant application, such as an IM program. The server application can negotiate with the router, as necessary, and have the port forwarded.
Bottom line? A properly written UPnP capable application is more functional, and no less secure, than an equivalent non-UPnP capable application. On a LAN with a properly designed layered security strategy, it will not create a security risk."