1veedo Posted November 3, 2006 Posted November 3, 2006 Ok well this is getting ridiculous. I tried putting my computer in DMZ but this apparently brings my computer out of the firewall and doesn't do much to forward ports. I assume there are like 50000 ports so I tried forwarding the range 1 - 50000 and my router told me to reset and log on again. So that didn't really work. I had twenty other forwards to begin with so maybe it would've been better to delete those first, but anyway, aside from running all these wires around and connecting directly to the Internet (thus kicking the other computers off), is there anyway I can just tell the router, "Forward everything to my computer?"
Dak Posted November 3, 2006 Posted November 3, 2006 if im understanding this properly, wouldn't forwarding everything to your computer kick everyone else of the internet anyway, cos all their incoming traffic would go to your pc?
ecoli Posted November 4, 2006 Posted November 4, 2006 Ok well this is getting ridiculous. I tried putting my computer in DMZ but this apparently brings my computer out of the firewall and doesn't do much to forward ports. I assume there are like 50000 ports so I tried forwarding the range 1 - 50000 and my router told me to reset and log on again. So that didn't really work. I had twenty other forwards to begin with so maybe it would've been better to delete those first, but anyway, aside from running all these wires around and connecting directly to the Internet (thus kicking the other computers off), is there anyway I can just tell the router, "Forward everything to my computer?" What's wrong with fowarding ports individually as you need them?
Ndi Posted November 4, 2006 Posted November 4, 2006 Is this continuing an older thread? I have no clue how your network is arranged. Does everyone else have a fixed Internet address and going through the firewall? If so, forwarding every port makes all connections go to you. OTOH you don't need port forwarding in such a scenario. Do you have some form of sharing? Is there a server masquarading (maybe even the firewall acting as such)? If so, forwarding too many ports will leave the others with little space to work, possibly slowing down the network and making certain services unavailable. Can you give any detail of how the network is physically laid out? Ah, and there are a total of 65535 ports available (TCP). Anyway, port forwarding is supposed to keep ports reserved for your machine when you are on a private LAN and there is a server routing everything from the public IP to your LAN IP. This allows a designated machine to pipe through that port and act as a server. Also, there are other concerns to forwarding (if you moved your computer behind such a router), such as IP address change. In any case, if you forward all ports nobody else can use the connection to the Internet. You should only forward ports that you run servers on e.g. 80 for a HTTP server.
1veedo Posted November 4, 2006 Author Posted November 4, 2006 Other computers would be able to get on the Internet Forwarding only concerns incoming connections. I already have twenty port ranges forwarded to my computer (I'm not really using them all at the moment but instead of editing virtual servers I just leave them). It essentially is THE server on my network. The other two computers dont run any services, and probably cant in the first place (they're both Windows). "If so, forwarding every port makes all connections go to you." This is essentially what I want. What's wrong with fowarding ports individually as you need them?It's just an annoyance. It'd be so much easier if I didn't have to constantly edit my router settings. Plus at twenty I'm out of room to forward any more ports. (ok, yeah, I know twenty is a lot but most are rarely used. Like all the filesharing ports -- I don't use them all the time, just every now and then when I need something.) So am I out of luck or is it possible to do this?
Gaz Posted November 4, 2006 Posted November 4, 2006 Plus at twenty I'm out of room to forward any more ports. (ok, yeah, I know twenty is a lot but most are rarely used. Like all the filesharing ports -- I don't use them all the time, just every now and then when I need something.) So am I out of luck or is it possible to do this? If the DMZ function isn't doing what you want, and you're running out of forward input boxes on your router config the only other solution is to get a better router. Find an old box and learn how to use PF
1veedo Posted November 5, 2006 Author Posted November 5, 2006 Lol DMZ is the feature I was looking for. My router was just being stupid. After resetting it (with a pin) it seems to be working. Btw: The Internet still works for everyone else
Dak Posted November 5, 2006 Posted November 5, 2006 iirc, dmz forwards all unnasigned ports to the dmz pc. hence, why i thought forwarding every port would steal the other peoples internet -- they need at least a few ports forwarded to them, i think, to recieve stuff from the net
Ndi Posted November 5, 2006 Posted November 5, 2006 A port can only be used by one program at a time! Think of how this rule interacts with NAT. Well you've only got one external ip address on your router. When computer 1 is using port 500, it is using port 500 on it's internal ip address. If you have set up a port forwarding rule for computer 1 and port 500, the external ip address's port 500 is also in use. This means that you can only use port 500 on one computer on the network at a time. Using port 500 on two computers at the same time would violate the one program rule, and your data would get messed up. Most routers require you to specify an internal ip address to forward ports to, just for this reason. Some do not, so be aware of this. Port Forwarding rules will only work for one computer at a time! Quote from PortForward.com. When you forward a port, that port is bound to an IP. If you forward *all* ports, then another computer can't connect. Automatically forwarding unused ports by designation of a default DMZ will allow everyone to connect and forward incoming connections to that computer. Your original post seemed to indicate you tried to set a forwarding rule that will cover all ports. This is not the same. [edit] It took me a while to realize that my reply was basically what Dak already said. I need to pay more attention, sorry.
1veedo Posted November 6, 2006 Author Posted November 6, 2006 There's a little distinction you're not making here. By definition you forward a port to only one computer. It'd be pretty difficult to split incoming connections to two computers. This is just common sense but I guess some people are dumb and think you can. Other computers can still use forwarded ports though. It's not like when you forward a port you make a black list, "oops, nobody else can use this port now." This is because they make outgoing connections and routers (well maybe TCP/IP, according to dave) are smart enough to send everything where it belongs. Incoming connections only go to one place though. What dak pointed out is just that, if you wanted to, you could specify ports to be sent to other computers, and the rest would still go to the dmz computer.
Dak Posted November 6, 2006 Posted November 6, 2006 What dak pointed out is just that, if you wanted to, you could specify ports to be sent to other computers, and the rest would still go to the dmz computer. actually, reguardless of what i actually pointed out, i was trying to say exactly what ndi did. i was under the impression that one port on the router got mapped to one port on a pc. so, two pc's could recieve on port 10000, but one would go through the router via port 10000, and the other via 10001. ie, router:10000 -->192.168.1.2:10000 and router:10001 --> 192.168.1.3:10000 hence why i thought that manually mapping all the ports onto your ip would not leave any for the other people in your house. on what you said, i assume manually-forwarding just changes: auto-forward to requester, otherwize drop to auto-forward to requester, otherwize forward to 192.168.1.2 hence, requested incomming traffic is unnafected, and (semingly) unrequested incomming traffic is the only traffic effected by manually setting forwarding rules?
1veedo Posted November 6, 2006 Author Posted November 6, 2006 Heh port mapping is pretty useful for websites. Your router can do that AND your name server. DynDNS for instance can auto send data over port 80 for a name to your computer at 81, another name to port 82, etc, but from the user end it's all port 80. That way one address can host more than one website (w/o requiring :81/:82). I'm not sure what you meant by the rest of the post though. The whole thing about blocking other computers from the Internet was discussed in the other thread I posted: http://scienceforums.net/showthread.php?t=10110 He forwarded a port for halo and his brother was still playing halo. "If so how could my brother be playing the game on port 2302?" I think dave explains it pretty well in post 5 and Silencer again in 17.
Dak Posted November 6, 2006 Posted November 6, 2006 im still confused after reading that thread, and some articles on the net. can a router, of the kind you'd find in someones home, recieve two requested incomming connections at the same port at exactly the same time? ie, can two servers be sending data to, say, port 10000 of the router, and have the router still successfully send the packets to the correct computer in the intenal network, at exactly the same time? the rest of my post meant: i thought that, for any given port, routers automatically and dynamically mapped ports based on who had requested the data, unless you manually set the port forwarding, in which case it just mapped the port onto whichever computer/port you told it to. ie, if you map port 10000 to 192.168.1.3:10000, then that's it -- all data to router:10000 will now go to 192.168.1.3:10000. however, from what you said, id guess that manually setting port fowarding rules just determines what the router will do with data if it can't figure out that a computer on the network requested it -- usually, it would drop this traffic; if you make a port-forwarding rule, then this traffic would be forwarded according to the forwarding rule you set. but, if the data was requested by another computer on the network, then the port-fowarding rule would not effect it, as it only comes into effect after the router can't figure out what to do with a given packet (hence, forwarding will change 'auto-foward to requester, otherwize drop' to 'auto-foward to requester, otherwize forward to x'). hence, why traffic that is requested, like web pages, need not be manually forwarded, but bit-torrent ('unrequested' incomming traffic) has to be; also hence why you can forward every port, and other computers can still access, say, websites. ? He forwarded a port for halo and his brother was still playing halo. "If so how could my brother be playing the game on port 2302? just to clarify, im not arguing that forwarding all ports will block other people from accessing the web -- just saying that i thought it would, and would like to fix my understanding of how routers work
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now