What is really port triggering?

I've read many messages on usenet and I still don't get what port
triggering is about. I have a LinkSys BEFSR41. I do understand port
forwarding:

computer 1 on LAN A --> Internet --> firewall (LinkSys) --> computer 2
on LAN B

Suppose computer 2 runs a http server, the firewall will have port 80
forwarded to computer 2 so computer 1 can connect and surf the pages
on computer 2. That's port forwarding.

Now suppose computer 2 wants to *ftp* a file, I don't need to setup
anything other than Stateful Packet Inspection (SPI) and the router
will 'remember' to send the ftp traffic back to computer 2 when the
ftp server, somewhere on the internet, replies.

So what do I really need port triggering for if SPI can always
remember which of my computers initiated a connection? Why do I need
port triggering for CUSeeME and not for other services like ftp or
http?

Thanks,
-Rim

On 6 Oct 2003 04:27:27 -0700, Rim spoketh

>I've read many messages on usenet and I still don't get what port
>triggering is about. I have a LinkSys BEFSR41. I do understand port
>forwarding:
>
>computer 1 on LAN A --> Internet --> firewall (LinkSys) --> computer 2
>on LAN B
>
>Suppose computer 2 runs a http server, the firewall will have port 80
>forwarded to computer 2 so computer 1 can connect and surf the pages
>on computer 2. That's port forwarding.
>
>Now suppose computer 2 wants to *ftp* a file, I don't need to setup
>anything other than Stateful Packet Inspection (SPI) and the router
>will 'remember' to send the ftp traffic back to computer 2 when the
>ftp server, somewhere on the internet, replies.
>
>So what do I really need port triggering for if SPI can always
>remember which of my computers initiated a connection? Why do I need
>port triggering for CUSeeME and not for other services like ftp or
>http?
>
>Thanks,
>-Rim

Port triggering is conditional, dynamic port forwarding. If certain
conditions are met (the trigger), then the specified port(s) will be
opened for inbound connections to the computer that initiated the
outbound connection.

On the befsr41 series of routers, SPI breaks all port forwards and port
triggers, in addition to making the router very unstable (possibly due
to lack of memory).


Lars M. Hansen
www.hansenonline.net

(E-Mail Removed) (Rim) wrote in news:6f03c4a5.0310060327.7a3227b0
@posting.google.com:

>>I've read many messages on usenet and I still don't get what port
>>triggering is about. I have a LinkSys BEFSR41. I do understand port
>>forwarding:
>>
>>computer 1 on LAN A --> Internet --> firewall (LinkSys) --> computer 2
>>on LAN B
>>
>>Suppose computer 2 runs a http server, the firewall will have port 80
>>forwarded to computer 2 so computer 1 can connect and surf the pages
>>on computer 2. That's port forwarding.

Port forwarding means to me is that port(s) are forwarded to an
IP/machine, because an application at the IP/machine needs the ports
open. This also means that no other IP/machine can share the ports being
forwarded. Port forwarding is static.

>>
>>Now suppose computer 2 wants to *ftp* a file, I don't need to setup
>>anything other than Stateful Packet Inspection (SPI) and the router
>>will 'remember' to send the ftp traffic back to computer 2 when the
>>ftp server, somewhere on the internet, replies.
>>
>>So what do I really need port triggering for if SPI can always
>>remember which of my computers initiated a connection? Why do I need
>>port triggering for CUSeeME and not for other services like ftp or
>>http?
>>

As per an application basis such as a Internet game being played by
multiple IP(s)/machines on your network, port triggering allows multiple
machines running the same application using the same ports to share the
ports. The application triggers the router to open the ports and the
router forwards the traffic to the machine that solicited the inbound
traffic. Port triggering is dynamic. Port triggering is also used for an
application such as AOL or MSN Voice Chat.

To me, the main purpose of SPI on the router is to ensure that for every
inbound packet to the router, there was a corresponding outbound packet
sent from a machine behind the router, otherwise, the inbound packet is
dropped by the router -- state fullness.

The router doesn't need SPI to know from what machine packets came from
and to what machine the packets are to go to on the inbound.

Duane