when is port forwarding not port forwarding?

Discussion in 'Wireless Internet' started by Thomas Peel, Feb 23, 2004.

  1. Thomas Peel

    Thomas Peel Guest

    I've been unable to get any success configuring a D-Link 614+ (European
    Rev B) to work with an application that uses UDP over port 3290.

    I've now written some test programs to find out exactly what the router
    is doing, and I've discovered that whenever this router sends a UDP
    packet to the WAN, it substitutes the originator port 3290 with a port
    number up around 60000. This is stopping the application on the server
    side from working. (The other direction from WAN to LAN works
    correctly).
    This happens totally regardless of all the firewall settings, virtual
    server defintions, DMZ etc.

    Now, my understanding was that if you open up a port for a specific IP
    address, this should give you a transparent connection on this port- but
    with this router, it doesn't. It always does NAT on outgoing packets.

    I'm starting to lose all hope of ever getting this router to work
    correctly, but, two questions

    - is there any way to enable port forwarding on outgoing packets?

    - if I buy another router, how can be sure to get the behaviour I need?
    I've read that Linux based routers can do this. What about Wireless LAN
    routers?

    T.
     
    Thomas Peel, Feb 23, 2004
    #1
    1. Advertisements

  2. On Mon, 23 Feb 2004 18:00:40 +0100, Thomas Peel spoketh
    Port forwarding means forwarding traffic received on a specified port on
    the WAN interface on the router to a specific IP address on the LAN
    side. Some routers allows for port translation in the process.

    If the server you are connecting to requires that the source port will
    always be 3290/UDP, then you'll have trouble finding any NAT router or
    firewall appliance that'll work for you. It is very unusual that a
    server requires a specific source port...


    Lars M. Hansen
    www.hansenonline.net
    Remove "bad" from my e-mail address to contact me.
    "If you try to fail, and succeed, which have you done?"
     
    Lars M. Hansen, Feb 23, 2004
    #2
    1. Advertisements

  3. Thomas Peel

    Diederik Guest


    You need some kind of port forwarding when the request comes from the LAN.
    In that case you have to use Port Triggering.
     
    Diederik, Feb 23, 2004
    #3
  4. Thomas Peel

    Thomas Peel Guest

    Thanks for replying

    I've been told by the people operating the server that this is what they
    require. In addition, if I bypass the Dlink and put the client machine
    right on the modem, it work correctly- no port mapping.
     
    Thomas Peel, Feb 23, 2004
    #4
  5. On Mon, 23 Feb 2004 18:26:43 +0100, Thomas Peel spoketh
    Of course... there's no NAT router in between to alter the source port.

    Lars M. Hansen
    www.hansenonline.net
    Remove "bad" from my e-mail address to contact me.
    "If you try to fail, and succeed, which have you done?"
     
    Lars M. Hansen, Feb 23, 2004
    #5
  6. On Mon, 23 Feb 2004 17:20:25 GMT, Diederik spoketh
    Port triggering does nothing to maintain the original source port. You
    can set it to allow inbound connections when outbound traffic on a
    specific port is detected, but the router will still (most likely) alter
    the source port.

    Lars M. Hansen
    www.hansenonline.net
    Remove "bad" from my e-mail address to contact me.
    "If you try to fail, and succeed, which have you done?"
     
    Lars M. Hansen, Feb 23, 2004
    #6
  7. Thomas Peel

    Thomas Peel Guest

    So how can I turn NAT routing off??????
    I realize it's impossible to provide the service to an unlimited number
    of clients behind a NAT router, but I have one single machine on the
    network that needs this service, and I can allocate him a static IP
    address on the LAN.
    What's the problem with just shoving his UDP packets through the router
    unchanged? Why should the router care?
     
    Thomas Peel, Feb 23, 2004
    #7
  8. Thomas Peel

    Thomas Peel Guest

    ......... more exactly, the port numbers unchanged. The router will of
    course substitute the originator IP address.

    Why should the router care?
     
    Thomas Peel, Feb 23, 2004
    #8
  9. On Mon, 23 Feb 2004 19:04:23 +0100, Thomas Peel spoketh
    Well, the short answer seems to be: You can't turn off NAT.

    If I've just read the correct manual (D-link DI614+), there's something
    called "gaming mode", which may work for you. There's absolutely no
    description of what it does, but it is possible that it might maintain
    the source port number, as some games have been known to use specific
    source ports.

    Lars M. Hansen
    www.hansenonline.net
    Remove "bad" from my e-mail address to contact me.
    "If you try to fail, and succeed, which have you done?"
     
    Lars M. Hansen, Feb 23, 2004
    #9
  10. Thomas Peel

    Tom Scales Guest

    That makes no sense. How would a server application know which port to
    listen on.

    For example, Remote Desktop requires a specific port and my Linksys forwads
    the CORRECT port.

    Tom
     
    Tom Scales, Feb 23, 2004
    #10
  11. Thomas Peel

    Thomas Peel Guest

    I tried Gaming Mode. It has no effect, unfortunately, at least not in
    the permutations of settings I tried so far.

    Tom
     
    Thomas Peel, Feb 23, 2004
    #11
  12. On Mon, 23 Feb 2004 13:38:41 -0500, Tom Scales spoketh
    You are probably confusing source port and destination port. When going
    through a NAT router, the destination port (ie 80 for web surfing)
    remains unaltered, while the source port is replaced by the next
    available port in a range predefined by the router.

    So, for instance, when my W2K laptop requests a web page, it's
    connection information may look something like this:
    192.168.33.15:2344 -> 66.66.66.66:80

    However, my router will change the source port, so it'll look like this:
    24.147.200.151:60000 - 66.66.66.66:80

    Now, all return packets from the web server will go to port 60000, the
    NAT router will check it's translation table, and forward those packets
    back to 192.168.33.15:2344

    The problem that Thomas is having, is that the server requires that both
    the source and destination port are specific.

    Lars M. Hansen
    www.hansenonline.net
    Remove "bad" from my e-mail address to contact me.
    "If you try to fail, and succeed, which have you done?"
     
    Lars M. Hansen, Feb 23, 2004
    #12
  13. Thomas Peel

    gary Guest

    It does indeed sound like port triggering is what is needed. On my DI774
    config menu, advanced/applications tab, setup for port triggering allows you
    to specify both the public and private port. YMMV on the 614, I don't know.
    As I read the instructions, both ports can be specified as a list of one or
    more individual addresses or address ranges. If you specify a single entry
    of 3290 in both the public and the private port lists, it should be forced
    to use 3290 in the WAN-side IP datagram.

    I have nothing to test this with, but I'd be interested to know if it really
    is broken or not.
     
    gary, Feb 23, 2004
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.