when is port forwarding not port forwarding?

I've been unable to get any success configuring a D-Link 614+ (European
Rev B) to work with an application that uses UDP over port 3290.

I've now written some test programs to find out exactly what the router
is doing, and I've discovered that whenever this router sends a UDP
packet to the WAN, it substitutes the originator port 3290 with a port
number up around 60000. This is stopping the application on the server
side from working. (The other direction from WAN to LAN works
correctly).
This happens totally regardless of all the firewall settings, virtual
server defintions, DMZ etc.

Now, my understanding was that if you open up a port for a specific IP
address, this should give you a transparent connection on this port- but
with this router, it doesn't. It always does NAT on outgoing packets.

I'm starting to lose all hope of ever getting this router to work
correctly, but, two questions

- is there any way to enable port forwarding on outgoing packets?

- if I buy another router, how can be sure to get the behaviour I need?
I've read that Linux based routers can do this. What about Wireless LAN
routers?

T.

On Mon, 23 Feb 2004 18:00:40 +0100, Thomas Peel spoketh

>I've been unable to get any success configuring a D-Link 614+ (European
>Rev B) to work with an application that uses UDP over port 3290.
>
>I've now written some test programs to find out exactly what the router
>is doing, and I've discovered that whenever this router sends a UDP
>packet to the WAN, it substitutes the originator port 3290 with a port
>number up around 60000. This is stopping the application on the server
>side from working. (The other direction from WAN to LAN works
>correctly).
>This happens totally regardless of all the firewall settings, virtual
>server defintions, DMZ etc.
>
> Now, my understanding was that if you open up a port for a specific IP
>address, this should give you a transparent connection on this port- but
>with this router, it doesn't. It always does NAT on outgoing packets.
>
>I'm starting to lose all hope of ever getting this router to work
>correctly, but, two questions
>
>- is there any way to enable port forwarding on outgoing packets?
>
>- if I buy another router, how can be sure to get the behaviour I need?
>I've read that Linux based routers can do this. What about Wireless LAN
>routers?
>
>T.

Port forwarding means forwarding traffic received on a specified port on
the WAN interface on the router to a specific IP address on the LAN
side. Some routers allows for port translation in the process.

If the server you are connecting to requires that the source port will
always be 3290/UDP, then you'll have trouble finding any NAT router or
firewall appliance that'll work for you. It is very unusual that a
server requires a specific source port...


Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"

Lars M. Hansen wrote:
>
> Port forwarding means forwarding traffic received on a specified port on
> the WAN interface on the router to a specific IP address on the LAN
> side. Some routers allows for port translation in the process.
>
> If the server you are connecting to requires that the source port will
> always be 3290/UDP, then you'll have trouble finding any NAT router or
> firewall appliance that'll work for you. It is very unusual that a
> server requires a specific source port...
>
>
> Lars M. Hansen
> www.hansenonline.net
> Remove "bad" from my e-mail address to contact me.
> "If you try to fail, and succeed, which have you done?"


You need some kind of port forwarding when the request comes from the LAN.
In that case you have to use Port Triggering.

--
Diederik

"Lars M. Hansen" schrieb:
>
> On Mon, 23 Feb 2004 18:00:40 +0100, Thomas Peel spoketh
>
> >I've been unable to get any success configuring a D-Link 614+ (European
> >Rev B) to work with an application that uses UDP over port 3290.
> >
> >I've now written some test programs to find out exactly what the router
> >is doing, and I've discovered that whenever this router sends a UDP
> >packet to the WAN, it substitutes the originator port 3290 with a port
> >number up around 60000. This is stopping the application on the server
> >side from working. (The other direction from WAN to LAN works
> >correctly).
> >This happens totally regardless of all the firewall settings, virtual
> >server defintions, DMZ etc.
> >
> > Now, my understanding was that if you open up a port for a specific IP
> >address, this should give you a transparent connection on this port- but
> >with this router, it doesn't. It always does NAT on outgoing packets.
> >
> >I'm starting to lose all hope of ever getting this router to work
> >correctly, but, two questions
> >
> >- is there any way to enable port forwarding on outgoing packets?
> >
> >- if I buy another router, how can be sure to get the behaviour I need?
> >I've read that Linux based routers can do this. What about Wireless LAN
> >routers?
> >
> >T.
>
> Port forwarding means forwarding traffic received on a specified port on
> the WAN interface on the router to a specific IP address on the LAN
> side. Some routers allows for port translation in the process.
>
> If the server you are connecting to requires that the source port will
> always be 3290/UDP, then you'll have trouble finding any NAT router or
> firewall appliance that'll work for you. It is very unusual that a
> server requires a specific source port...
>
> Lars M. Hansen
> www.hansenonline.net
> Remove "bad" from my e-mail address to contact me.
> "If you try to fail, and succeed, which have you done?"

Thanks for replying

I've been told by the people operating the server that this is what they
require. In addition, if I bypass the Dlink and put the client machine
right on the modem, it work correctly- no port mapping.

On Mon, 23 Feb 2004 18:26:43 +0100, Thomas Peel spoketh

>
>Thanks for replying
>
>I've been told by the people operating the server that this is what they
>require. In addition, if I bypass the Dlink and put the client machine
>right on the modem, it work correctly- no port mapping.

Of course... there's no NAT router in between to alter the source port.

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"

On Mon, 23 Feb 2004 17:20:25 GMT, Diederik spoketh

>
>You need some kind of port forwarding when the request comes from the LAN.
> In that case you have to use Port Triggering.

Port triggering does nothing to maintain the original source port. You
can set it to allow inbound connections when outbound traffic on a
specific port is detected, but the router will still (most likely) alter
the source port.

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"

"Lars M. Hansen" schrieb:
>
> On Mon, 23 Feb 2004 18:26:43 +0100, Thomas Peel spoketh
>
> >
> >Thanks for replying
> >
> >I've been told by the people operating the server that this is what they
> >require. In addition, if I bypass the Dlink and put the client machine
> >right on the modem, it work correctly- no port mapping.
>
> Of course... there's no NAT router in between to alter the source port.

So how can I turn NAT routing off??????
I realize it's impossible to provide the service to an unlimited number
of clients behind a NAT router, but I have one single machine on the
network that needs this service, and I can allocate him a static IP
address on the LAN.
What's the problem with just shoving his UDP packets through the router
unchanged? Why should the router care?


>
> Lars M. Hansen
> www.hansenonline.net
> Remove "bad" from my e-mail address to contact me.
> "If you try to fail, and succeed, which have you done?"

Thomas Peel schrieb:
>
> "Lars M. Hansen" schrieb:
> >
> > On Mon, 23 Feb 2004 18:26:43 +0100, Thomas Peel spoketh
> >
> > >
> > >Thanks for replying
> > >
> > >I've been told by the people operating the server that this is what they
> > >require. In addition, if I bypass the Dlink and put the client machine
> > >right on the modem, it work correctly- no port mapping.
> >
> > Of course... there's no NAT router in between to alter the source port.
>
> So how can I turn NAT routing off??????
> I realize it's impossible to provide the service to an unlimited number
> of clients behind a NAT router, but I have one single machine on the
> network that needs this service, and I can allocate him a static IP
> address on the LAN.
> What's the problem with just shoving his UDP packets through the router
> unchanged?
......... more exactly, the port numbers unchanged. The router will of
course substitute the originator IP address.

Why should the router care?
>
> >
> > Lars M. Hansen
> > www.hansenonline.net
> > Remove "bad" from my e-mail address to contact me.
> > "If you try to fail, and succeed, which have you done?"

On Mon, 23 Feb 2004 19:04:23 +0100, Thomas Peel spoketh

>
>So how can I turn NAT routing off??????
>I realize it's impossible to provide the service to an unlimited number
>of clients behind a NAT router, but I have one single machine on the
>network that needs this service, and I can allocate him a static IP
>address on the LAN.
>What's the problem with just shoving his UDP packets through the router
>unchanged? Why should the router care?
>

Well, the short answer seems to be: You can't turn off NAT.

If I've just read the correct manual (D-link DI614+), there's something
called "gaming mode", which may work for you. There's absolutely no
description of what it does, but it is possible that it might maintain
the source port number, as some games have been known to use specific
source ports.

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"

That makes no sense. How would a server application know which port to
listen on.

For example, Remote Desktop requires a specific port and my Linksys forwads
the CORRECT port.

Tom
"Lars M. Hansen" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Mon, 23 Feb 2004 18:00:40 +0100, Thomas Peel spoketh
>
> >I've been unable to get any success configuring a D-Link 614+ (European
> >Rev B) to work with an application that uses UDP over port 3290.
> >
> >I've now written some test programs to find out exactly what the router
> >is doing, and I've discovered that whenever this router sends a UDP
> >packet to the WAN, it substitutes the originator port 3290 with a port
> >number up around 60000. This is stopping the application on the server
> >side from working. (The other direction from WAN to LAN works
> >correctly).
> >This happens totally regardless of all the firewall settings, virtual
> >server defintions, DMZ etc.
> >
> > Now, my understanding was that if you open up a port for a specific IP
> >address, this should give you a transparent connection on this port- but
> >with this router, it doesn't. It always does NAT on outgoing packets.
> >
> >I'm starting to lose all hope of ever getting this router to work
> >correctly, but, two questions
> >
> >- is there any way to enable port forwarding on outgoing packets?
> >
> >- if I buy another router, how can be sure to get the behaviour I need?
> >I've read that Linux based routers can do this. What about Wireless LAN
> >routers?
> >
> >T.
>
> Port forwarding means forwarding traffic received on a specified port on
> the WAN interface on the router to a specific IP address on the LAN
> side. Some routers allows for port translation in the process.
>
> If the server you are connecting to requires that the source port will
> always be 3290/UDP, then you'll have trouble finding any NAT router or
> firewall appliance that'll work for you. It is very unusual that a
> server requires a specific source port...
>
>
> Lars M. Hansen
> www.hansenonline.net
> Remove "bad" from my e-mail address to contact me.
> "If you try to fail, and succeed, which have you done?"