5614 Posted April 1, 2005 Posted April 1, 2005 Pre-ramble (skip if you're lazy) The last thread I made on port forwarding was asking how to do it, anyway, that was a while ago and I've come a long way since then! I've been forwarding some ports and I came across a interesting feature of software/hardware firewall pairing. Norton internet security 2005 (NIS) allows you to give programs permission rules, you cannot open up a specific port. My router allows you to open up specific ports. This is good for security as your software firewall allows only pre selected programs to run and just in case one of those is hijacked or corrupt the router will only allow pre selected ports. Meaning that only pre selected programs on pre selected ports can run. This is a lot more secure than just allowing a program (which could be corrupt, become infected with a virus, or be spyware you don't realise) or just opening ports, which are then available for everyone including hackers. Question (read this or else!) So I was opening the ports to play Halo (pc version) multiplayer. I've had the game for a while and it worked fine before I forwarded the ports, but I thought I would just to see what happens if I did... Halo works on two main ports, 2302 and 2303, I forwarded them both to my computer. Then later I saw my brother playing halo online, on port 2302, on a different computer. I thought port forwarding meant that only the specified computer could recieve data from that port? If so how could my brother be playing the game on port 2302? (I'm sure that it was on port 2302, because the server IP/port is displayed)
5614 Posted April 2, 2005 Author Posted April 2, 2005 OK, I can see that 14 people (atm) have read this thread and there is (I assume) no explanation from them... Can I just check that by forwarding ports to my computer I should be the only one able to access them? (After that I'll ask why this is happening!)
Dave Posted April 2, 2005 Posted April 2, 2005 When you say that he was playing online, were people connecting to him or was he just connected to a client? If it was the former then I don't know. If the latter then port forwarding doesn't come into the equation.
5614 Posted April 2, 2005 Author Posted April 2, 2005 It was latter... he was connected to a server (or client) through port 2302, which is forwarded to my computer. Surely because data is being transferred via port 2302 and that port is forwarded to my computer it wouldn't work for him?
Dave Posted April 2, 2005 Posted April 2, 2005 Your typical NAT setup on a bog-standard router assumes that anyone can connect to anywhere they like and that all incoming connections are blocked. You've set up port 2302 to be port forwarded to your computer, so all incoming connections are sent there. It's like saying that because you're forwarded port 80 to your computer, nobody else can use the web Edit: I just realised that this might answer your question. When you "connect" to someone you effectively set up a stream between them and you so that data can be transferred. I don't know how to explain this better; sorry
5614 Posted April 2, 2005 Author Posted April 2, 2005 Yeah, I can see what you are saying and it is obviously true but: If anyone can still use port 2302 and if by opening halo I am setting up a connection through port 2302 then why would I need to forward it in the first place??? (Now I don't actually have to for halo, but I do for some other programs)
1veedo Posted April 2, 2005 Posted April 2, 2005 Dude, think about this: I run a web server over port 80. Does that mean that other people on my network cant access httpd? Routers are smart. An incomming connection would be fowarded to a specified computer but if another computer is using the port as well, like a browser is opened, and a ping has responded to its outbound request, data will be sent to that one. Make sense?
Dave Posted April 2, 2005 Posted April 2, 2005 Routers are smart. Well, the TCP/IP protocol is smart, not necessarily the routers themselves
5614 Posted April 3, 2005 Author Posted April 3, 2005 OK, I accept that, but what I'm saying is that if that is the case (which it is) then why do you need to forward ports in the first place?
Dave Posted April 3, 2005 Posted April 3, 2005 You only need to forward ports if you're running servers behind the router. I have a seperate webserver running on my other machine, and I portforward a port to that.
5614 Posted April 3, 2005 Author Posted April 3, 2005 So then why is it some programs need a port forwarded for incoming connections?
Cap'n Refsmmat Posted April 3, 2005 Posted April 3, 2005 Because you're acting like a server to do online games and such (if you're hosting).
5614 Posted April 3, 2005 Author Posted April 3, 2005 But I'm not hosting, I'm only connecting to them, I am not hosting it.
Silencer Posted April 3, 2005 Posted April 3, 2005 ^Many programs use different ports for sending and recieving, so to get information coming to the client you still need ports forwarded.
5614 Posted April 3, 2005 Author Posted April 3, 2005 hmmm, real life example.... a program needs uses two port ranges, one for incoming data and one for outgoing data. Both incoming/outgoing ports need to be forwarded for this program to work properly... if when I open a program a connection is set up then why do I need to forward ports for incoming??? I can see the logic in forwarding outgoing, but if by opening the program and the program requesting and the connection is set up why do I need to forward ports for incoming? I can see the logic for forwarding incoming, but my logic doesn't allow (once the ports have been forwarded) for a 2nd computer to use those ports too.
Dave Posted April 3, 2005 Posted April 3, 2005 [i']I can see the logic for forwarding incoming, but my logic doesn't allow (once the ports have been forwarded) for a 2nd computer to use those ports too.[/i] The router is "smart" as someone said earlier; it keeps track of the outgoing connections and decides where incoming data should be sent. It's what NAT is all about.
Silencer Posted April 3, 2005 Posted April 3, 2005 Dude, you need to forward the incoming ports, not the outgoing. You have it reversed. I'll explain a little more. When your computer sends out a packet on a specific port to a remote host, the router will send it no matter what (by default). If the remote host replies on that same port, the router will realize that you requested the information and will send the packet to the computer that requested it. So if you go to sfn, the router knows to send packets coming from sfn back to your computer. If your sibling is using google, it knows to send the information from google to him/her. Now, if you are running a server then you are not initiating the connections, remote computers are just sending you information. Normally a router would just ignore the data and not pass it on, because it doesn't know what computer to send it to (and it is a security risk). If, however, you forward a specific port to your computer, it will realize that the remote host is trying to make a connection with you and route the data accordingly. So if your program uses different ports for incoming/outgoing, the outgoing information will get there fine. But since the reply is coming back on a different port, the router doesn't know that it needs to get sent to your computer. That is why the incoming port needs to be forwarded. If you look up the differences between active and passive FTP you will get more information and maybe some diagrams to help you understand.
Dave Posted April 3, 2005 Posted April 3, 2005 That's a much better explanation It's what I was trying to say, only in more detail
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now