Results 1 to 6 of 6

Thread: Port forwarding?

  1. #1
    creeront
    Guest

    Port forwarding?

    Sorry about the previous post, btw (forgot the subject).

    Now I'm thouroughly confused (I'm in mcse classes right now so I'm really swimming in info, but enough with that). From what I understand, routers most basic routers (sans cisco's) cannot forward ports through the firewall to multiple ip's. However, most typical ports can be? e.g. 80 for http, etc. because clearly multiple computers can access the web / ftp / e-mail, etc. So the problem now comes in when holes are not "by default" open. Thus, what "holes" are most typically open? when exactly does one specifically need to open these holes? It sounds like for gaming (my purposes) as a client you don't need to open these ports, but as a server you do? This is extremely bamboozling to me. Any clarification is Extremely welcome.

  2. #2
    Senior Member MosDef112's Avatar
    Join Date
    Feb 2001
    Location
    Bronx, NY
    Posts
    1,364
    Port forwarding is just what it says it is, it forwards any incoming requests on any allowed ports to the appropriate listening servers behind your firewall. You could map multiple IP's using port forwarding. The only item you cannot do multiple instances of is identical mapped ports, whereas you could only forward requests on port 80 to one single IP, and so on. This is just for incoming connections. Outgoing requests from within your LAN using NAT hit your gateway PC or router, the request is then forwarded to your CPE, and then it's send out to the net. It masquerades your internal LAN IP's to your public WAN IP as if your client were directly attached to your CPE. I'm not sure whether outgoing connections are translated using the DMZ protocol or not, but the process that takes place is very similar. It depends on what protocols your software or hardware based firewall supports.
    OMARNYC.COM - My place on the web

  3. #3
    SG Enthusiast
    Join Date
    Jan 2001
    Location
    DC
    Posts
    4,717
    most basic routers (sans cisco's) cannot forward ports through the firewall to multiple ip's. However, most typical ports can be? e.g. 80 for http, etc. because clearly multiple computers can access the web / ftp / e-mail, etc
    You cannot have two webservers listening to port 80 at the same IP address. The router has no way of knowing which webserver is the intended destination. Multiple client requests for pages are possible. The forwarding only affects traffic from your router (representing your IP on the net) and your LAN devices at home. Depending on the router, you can forward ALL ports to a particular machine (this is usually referred to as the DMZ host). All outside requests to your router are forwarded to that host, but your other machines can connect outbound.



    Thus, what "holes" are most typically open? when exactly does one specifically need to open these holes? It sounds like for gaming (my purposes) as a client you don't need to open these ports, but as a server you do? This is extremely bamboozling to me. Any clarification is Extremely welcome.
    Yep. Clients request connections, servers listen for connection requests (simplistic). For others to connect to your gamesever, it has to be listening on whatever port that particular game uses. As a client, the server doesn't need to connect to you - it's the other way around.


    Skye
    anything is possible - nothing is free


    Quote Originally Posted by Blisster
    It *would* be brokeback bay if I in fact went and hung out with Skye and co (did I mention he is teh hotness?)

  4. #4
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,861
    Also remember the way NAT works (Network Address Translation), outgoing requests from your LAN are not blocked, and are honored coming back in. In other words, you mention that port 80 must be open, since all computers on your LAN can access the web. Well, all ports outgoing are open. Port 80 incoming is most likely turned off, so it blocks all incoming strange requests for that port.

    The ports your favorite online games uses, generally you don't have to open ports for it if you play as a client, because all requests originate from inside your LAN, so your router assumes it's legit. However, if you wish to host a server on your LAN behind the router, you must open up the ports that the game uses, since requests for that port will originate from unknown sources outside. Hence the basic firewall that NAT gives you. There are some games out there that do require some ports to be opened for other things, like voice over IP packages, some games on MSN or HeatNet, etc, where there is often a 3rd party service involved.

    Things like ICQ work fine without any ports open, unless you need to receive file transfer from outsiders, you have to open ports. Yet you can file transfer from you to another person without opening ports.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  5. #5

  6. #6
    Advanced Member Stef's Avatar
    Join Date
    Apr 2000
    Location
    Edmonton, Alberta, Canada
    Posts
    712

    Thumbs up

    2 cents from a Linux guru.


    Servers usually accept connections to the default port of the service that they wish to offer. This means that they accept TCP SYN datagrams for that service/port.

    Once they receive this SYN datagram they then send a TCP datagram with the SYN ACK bits set to initiate a connection-orientated session (I"ll be that MCSE stuff is kicking in right about now, eh? Ever think about Linux )

    After the conversation is over, the server or the client (depending on the situation and service) sends a TCP FIN datagram to close the session.

    Basically, a port that is listening is a port that is waiting for a TCP SYN datagram. Usually, if this is the case that means that there is a daemon providing a service on that port.

    Clients, on the other hand do not need to accept TCP SYN datagrams. Clients attemp to connect to a wanted service/port by sending an initial TCP SYN datagram on a specified port or through one of the many Registered or Private ports.

    So the majority of the time there ports are closed to TCP SYN connection attemps and are listening for oriented communications between peers.

    UDP is a little different, perhaps I will tell you that story another time...

    Stef


    www.speedcorp.net

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •