Wednesday, June 18, 2008

Router: Port Triggering

Application communication process

Step 1, client software sends a request to Public Service with a specific port number


Step 2:



IRC service verified the sumitted username and password by making connection back to the client NAT router.



If your router does not configure the port triggering, the coming back traffic on port 113 will be dropped. When the NAT router is configured with the port triggering, the IRC service will establish a verification connection to client computer, which is behind the NAT router.

In the case of port triggering, you tell the router that when you make an outbound connection on any port 6660-7000, then it should allow inbound connections to that particular computer. This gives it more flexibility than static port forwarding because you do not need to set it up for a specific address on your network. You also gain security in a sense that that port is not left open when not actively in use.
The disadvantage of port triggering is that it only allows one client on the network to supply a particular service that uses a particular incoming port. Port triggering is unsuitable for putting servers behind a NAT router because it relies on the computer to make an outgoing connection before it can receive incoming ones; servers should use port forwarding.
From client side, the Application
Outgoing Port: trigger port
Reply Port: public port, that should be open during the communication session
For example, dialPad
The client side software uses port 7175, which should be put in the trigger port.
The service sends back traffic on ports, 51200,51201 and 51210, which should be put in the public port.