Jump to content

Recommended Posts

Posted

Pre-ramble (skip if you're lazy)

 

The last thread I made on port forwarding was asking how to do it, anyway, that was a while ago and I've come a long way since then!

 

I've been forwarding some ports and I came across a interesting feature of software/hardware firewall pairing.

 

Norton internet security 2005 (NIS) allows you to give programs permission rules, you cannot open up a specific port.

My router allows you to open up specific ports.

 

This is good for security as your software firewall allows only pre selected programs to run and just in case one of those is hijacked or corrupt the router will only allow pre selected ports. Meaning that only pre selected programs on pre selected ports can run.

 

This is a lot more secure than just allowing a program (which could be corrupt, become infected with a virus, or be spyware you don't realise) or just opening ports, which are then available for everyone including hackers.

 

Question (read this or else!)

So I was opening the ports to play Halo (pc version) multiplayer. I've had the game for a while and it worked fine before I forwarded the ports, but I thought I would just to see what happens if I did...

 

Halo works on two main ports, 2302 and 2303, I forwarded them both to my computer.

 

Then later I saw my brother playing halo online, on port 2302, on a different computer.

 

I thought port forwarding meant that only the specified computer could recieve data from that port?

If so how could my brother be playing the game on port 2302?

(I'm sure that it was on port 2302, because the server IP/port is displayed)

Posted

OK, I can see that 14 people (atm) have read this thread and there is (I assume) no explanation from them...

 

Can I just check that by forwarding ports to my computer I should be the only one able to access them?

 

(After that I'll ask why this is happening!)

Posted

When you say that he was playing online, were people connecting to him or was he just connected to a client? If it was the former then I don't know. If the latter then port forwarding doesn't come into the equation.

Posted

It was latter... he was connected to a server (or client) through port 2302, which is forwarded to my computer.

 

Surely because data is being transferred via port 2302 and that port is forwarded to my computer it wouldn't work for him?

Posted

Your typical NAT setup on a bog-standard router assumes that anyone can connect to anywhere they like and that all incoming connections are blocked. You've set up port 2302 to be port forwarded to your computer, so all incoming connections are sent there.

 

It's like saying that because you're forwarded port 80 to your computer, nobody else can use the web :)

 

Edit: I just realised that this might answer your question. When you "connect" to someone you effectively set up a stream between them and you so that data can be transferred. I don't know how to explain this better; sorry :embarass:

Posted

Yeah, I can see what you are saying and it is obviously true but:

 

If anyone can still use port 2302 and if by opening halo I am setting up a connection through port 2302 then why would I need to forward it in the first place???

 

(Now I don't actually have to for halo, but I do for some other programs)

Posted

Dude, think about this:

I run a web server over port 80. Does that mean that other people on my network cant access httpd?

 

Routers are smart. An incomming connection would be fowarded to a specified computer but if another computer is using the port as well, like a browser is opened, and a ping has responded to its outbound request, data will be sent to that one. Make sense?

Posted
Routers are smart.

 

Well, the TCP/IP protocol is smart, not necessarily the routers themselves ;)

Posted

OK, I accept that, but what I'm saying is that if that is the case (which it is) then why do you need to forward ports in the first place?

Posted

You only need to forward ports if you're running servers behind the router. I have a seperate webserver running on my other machine, and I portforward a port to that.

Posted

^Many programs use different ports for sending and recieving, so to get information coming to the client you still need ports forwarded.

Posted

hmmm, real life example....

 

a program needs uses two port ranges, one for incoming data and one for outgoing data.

 

Both incoming/outgoing ports need to be forwarded for this program to work properly... if when I open a program a connection is set up then why do I need to forward ports for incoming???

 

I can see the logic in forwarding outgoing, but if by opening the program and the program requesting and the connection is set up why do I need to forward ports for incoming?

 

I can see the logic for forwarding incoming, but my logic doesn't allow (once the ports have been forwarded) for a 2nd computer to use those ports too.

Posted
[i']I can see the logic for forwarding incoming, but my logic doesn't allow (once the ports have been forwarded) for a 2nd computer to use those ports too.[/i]

 

The router is "smart" as someone said earlier; it keeps track of the outgoing connections and decides where incoming data should be sent. It's what NAT is all about.

Posted

Dude, you need to forward the incoming ports, not the outgoing. You have it reversed.

 

I'll explain a little more. When your computer sends out a packet on a specific port to a remote host, the router will send it no matter what (by default). If the remote host replies on that same port, the router will realize that you requested the information and will send the packet to the computer that requested it.

 

So if you go to sfn, the router knows to send packets coming from sfn back to your computer. If your sibling is using google, it knows to send the information from google to him/her.

 

Now, if you are running a server then you are not initiating the connections, remote computers are just sending you information. Normally a router would just ignore the data and not pass it on, because it doesn't know what computer to send it to (and it is a security risk). If, however, you forward a specific port to your computer, it will realize that the remote host is trying to make a connection with you and route the data accordingly.

 

So if your program uses different ports for incoming/outgoing, the outgoing information will get there fine. But since the reply is coming back on a different port, the router doesn't know that it needs to get sent to your computer. That is why the incoming port needs to be forwarded.

 

If you look up the differences between active and passive FTP you will get more information and maybe some diagrams to help you understand.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.