D-Link Wireless Routers for Home and Small Business > Archive
Difference between "Virtual Servers" and "Port Forwarding"
ttmcmurry:
There are two solutions. Pick the second. ;D
One
If you're going to use it, pick Port Forwarding (first choice) or Virtual Server, not both
Two
eMule is UPnP compatible in v0.49b. Enable this feature in the DIR-855 and in eMule. Remove the Port Forwarding rules on the 855 and let UPnP do everything for you. (Make sure your firewall permits UPnP traffic)
mahi:
--- Quote from: ttmcmurry on February 17, 2009, 08:37:21 PM ---If you're going to use it, pick Port Forwarding (first choice) or Virtual Server, not both
--- End quote ---
I hope you did not misread my post. I'm not trying to use the same port in both "Virtual Servers" and "Port Forwarding". eMule uses two different ports, one for TCP (4562 in my case) and one for UDP (4572 in my case).
You write, pick Port Forwarding (first choice), but that's exactly what I'm trying to point out in this thread. This should work, but it doesn't. The TCP port works fine using "Port Forwarding", but the UDP port refuses to work even though the eMule website port test shows it's forwarded correctly. Whenever I try to use "Port Forwarding" for the UDP port, the Kademlia (kad) network will not work!
However, when I use "Virtual Servers" for the UDP port, it works fine!
The TCP port works fine at both "Virtual Servers" and "Port Forwarding" (obviously not both set at the same time). It's just the UDP port that behaves in a very weird way.
That's why I started this thread in the first place. I can get it to work with "Virtual Servers", but I'd like to know why it doesn't with "Port Forwarding" while all logic says it should. So I'm not seeking help to get something working because it already does. I'm just trying to find an answer to the question why the eMule UDP port does work when using "Virtual Servers" but not with "Port Forwarding"...
So once again, could this be a bug in the router's firmware?
--- Quote ---eMule is UPnP compatible in v0.49b. Enable this feature in the DIR-855 and in eMule. Remove the Port Forwarding rules on the 855 and let UPnP do everything for you. (Make sure your firewall permits UPnP traffic)
--- End quote ---
I prefer not to use UPnP, but I was intriged to find out whether UPnP would configure eMule using "Virtual Servers" or using "Port Forwarding".
I enabled UPnP in both eMule and the router. eMule connected with the ed2k and kad network from the first time. So whatever the D-Link DIR-855 used, it did work...
Each time I started eMule I saw following lines appear in the log:
--- Code: ---UPnP added entry 255.255.255.255 <-> 79.21.49.50:4572 <-> 192.168.1.8:4572 UDP timeout:-1 'eMule_UDP'
UPnP added entry 255.255.255.255 <-> 79.21.49.50:4562 <-> 192.168.1.8:4562 TCP timeout:-1 'eMule_TCP'
--- End code ---
I wasn't sure what was meant by this, "Virtual Servers" or using "Port Forwarding". So I did some further testing. I manually added 4 new rules: 2 "Virtual Servers" on the eMule TCP and UDP ports and 2 "Port Forwarding" on the very same eMule TCP and UDP ports. Before you ask how this is possible, all 4 rules were not enabled! I was just hoping these disabled rules would cause a conflict or at least interaction with UPnP trying to configure eMule.
And it did... Once I started eMule I got following entries in the log:
--- Code: ---UPnP changed VIRTUAL SERVER entry 255.255.255.255 <-> 79.21.49.50:4572 <-> 192.168.1.8:4572 UDP to enabled
UPnP changed VIRTUAL SERVER entry 255.255.255.255 <-> 79.21.49.50:4562 <-> 192.168.1.8:4562 TCP to enabled
--- End code ---
UPnP simply took over the existing disabled rules and enabled those. So now I'm certain, UPnP and the DIR-855 configured eMule using "Virtual Servers" and not "Port Forwarding". That probably explains why it works.
But all this UPnP stuff is rather a side quest. I doesn't answer my main question: Why does "Port Forwarding" not work for the eMule UDP port?
ttmcmurry:
I think the point i was trying to convey got lost in the technical details. You should use either UPnP or some sort of Port Forward/Virtual Server setting.
The reason why UPnP was invented was so you, the user, wouldn't have to go into your router and make those kinds of changes; the application does it for you. Personally I use uTorrent with UPnP enabled and I've never had to worry about port forwarding -- and one of the additional benefits is being able to use port randomization inside your Torrent client software. Make sure your security/firewall product permits UPnP traffic!
Remember this rule of thumb: for a specific application you cannot use UPnP alongside PF/VS settings. If you simply switched on UPnP while still having your PF/VS settings active, you can get strange results.
To answer your question, if you're going with PF/VS make sure port randomization isn't enabled in eMule and double-check the port setting in eMule is the same that you're entering into the router.
jdanecki:
I would like to confirm mahi's problem with difference between "virtual server" and "port forwarding" with KADemila. I have experienced exactly the same behavior with emule.
I'm really interested what is the real difference between those 2 methods of forwarding ports (I'm dreaming: being able to check iptables commands would be enough :)
Because apart from problems with KADemila I still see no point in making 2 such similar functions.
jysnmat:
The difference between Port Forwarding and Virtual Server is that Port forwarding merely opens the port up to the selected client or computer. Basically the computer has to be connected and listening on that port in order for it to work as any incoming connection to that port can still be pick up by any other client on the network if the port is not in use at the moment the connection comes in with the exception that is blocked or firewalled for them. If there is an incoming connection to that port that is forwarded and no client is listening for that port the router will just block or disregarded as it does not know what client to connect thee incoming connection. Torrent downloading uses a lot incoming connection to one port and so it can confuse the router. Virtual server opens up the port and fowards any incoming connections to that port to the client specified only. This means that no other client on the network has access to that port at all since it only accessible by the client specified, and thus the reason why it works better than port forwarding in terms of use for torrenting or any app that is listening on a specific port without sending out data until a connections is made. Basically the Router knows that all incoming connection to the specified port go to the specified client and so the router does not get confused.
The reason why these two option exist on the router at the same time is simple. If the Router just had Virtual Server option available, than as you add more port to a client the other clients will have less port available to them. The more ports you add the less ports are available for other clients. With Port forwarding this is not an issue as the port is still available as long as is not in use. It is recommended you try port forwarding first before trying Virtual Server since it will make the port specified useless to other clients on the network.
* All incoming traffic passing the NAT is denied access if the state full table does not have internal IP request
* Virtual Server are for Listening to traffic request
* Port Forwarding is for directing traffic that has already been allowed
Navigation
[0] Message Index
[*] Previous page
Go to full version