Pages: [1]
  Print  
Author Topic: Difference between "Virtual Servers" and "Port Forwarding"  (Read 44342 times)
mahi
Level 1 Member
*
Posts: 4


« on: February 14, 2009, 11:54:49 AM »

Up to now I used a Linux computer to route my Internet connection. Sadly, the machine died and since I wanted to do something about its power consumption I ended up with a D-Link DIR-855... So far I'm quite impressed and satisfied with this unit. However, one thing confuses me... Port forwarding seems to be divided in two parts: "Virtual Servers" and "Port Forwarding".

What is the difference between "Virtual Servers" and "Port Forwarding"? From the online help I can only conclude both are more or less the same. The main difference seems to be the fact that "Virtual Servers" can only forward a single port (with possibility to change the port number) whereas "Port Forwarding" can forward whole ranges (without possibility to change the port number).

So you'd think if you'd only need to forward a single port both "Virtual Servers" and "Port Forwarding" will give the same result. But that's not true in my case... One application, eMule (0.49b), refuses to work correctly with "Port Forwarding" but will work with "Virtual Servers" or a combination of both.

With only "Port Forwarding" eMule connects fine to the ed2k network, but refuses to connect to the kad network (Kademlia). Even bootstrapping with a recent nodes.dat makes no difference.

The ports in eMule:
- TCP: 4562
- UDP: 4572

The "Port Forwarding" rules I made in the D-Link DIR-855:
- Enabled: <yes>
- Name: eMule
- IP Address: 192.168.1.8
- TCP Ports To Open: 4562
- UDP Ports To Open: 4572
- Inbound Filter: <none>
- Schedule: <always>

When I test the ports in eMule, the eMule website shows no problems. All ports are correctly forwared. Everything seems to be set correctly, but the kad network won't work...

Just as an experiment I decided to play with "Virtual Servers". I disabled the earlier created forwarding rules and made two new virtual servers (two because I have to forward two ports and unlike with "Port Forwarding" "Virtual Servers" can do only one).

The "Virtual Servers" rules I made in the D-Link DIR-855:
- Enabled: <yes>
- Name: eMule TCP
- IP Address: 192.168.1.8
- Traffic Type: TCP
- Private Port: 4562
- Public Port: 4562
- Inbound Filter: <none>
- Schedule: <always>

- Enabled: <yes>
- Name: eMule UDP
- IP Address: 192.168.1.8
- Traffic Type: UDP
- Private Port: 4572
- Public Port: 4572
- Inbound Filter: <none>
- Schedule: <always>

From my understanding the above should be identical to the earlier given "Port Forwarding" rule, correct?

However, as soon as I clicked "Save Settings" (even without rebooting) eMule immediatly connected to the kad network. Just to be sure I've switched between the "Virtual Servers" and "Port Forwarding" several times and whenever the "Port Forwarding" rule was active, the kad network died.

Further experiments showed the problem only applies to the UDP port. I can forward the TCP port using "Port Forwarding" or "Virtual Servers" - it doesn't matter, both work. However, the UDP port will only work with "Virtual Servers"...

Rulesed2kkad
Port Forwarding TCP and UDP (TCP and UDP in one rule)yesno
Port Forwarding TCP + Port Forwarding UDPyesno
Virtual Server TCP + Port Forwarding UDPyesno
Port Forwarding TCP + Virtual Server UDPyesyes
Virtual Server TCP + Virtual Server UDPyesyes

Is this a bug in the router's firmware? Or is there a difference between "Port Forwarding" and "Virtual Servers" I do not know of? I see no reason why the "Port Forwarding" shouldn't work in my case. Other applications luke µTorrent all work fine with just "Port Forwarding".

Hardware Version: A2
Firmware Version: 1.12EU
Logged
madhatter
Guest
« Reply #1 on: February 15, 2009, 05:51:17 AM »

Have a look here. I know it says a dir-655 but the principles the same.

http://portforward.com/english/routers/port_forwarding/Dlink/DIR-655/eMule.htm

Logged
mahi
Level 1 Member
*
Posts: 4


« Reply #2 on: February 15, 2009, 06:51:27 AM »

It doesn't work when I use the settings proposed by that page (which are the same as in my first "Port Forwarding" example). I can only make it work when I add the UDP port to the "Virtual Servers" instead of "Port Forwarding".

My question isn't how to make it work (because I have it working), but why it doesn't work with "Port Forwarding" while - as far as I know - it should...
Logged
ttmcmurry
Level 4 Member
****
Posts: 438


« Reply #3 on: February 16, 2009, 08:27:14 PM »

Port Forwarding creates a 1:1 relationship between your public IP address and a single private IP address.  For example:

Forward Port 3389 (Microsoft Remote Desktop Protocol RDP) to 192.168.0.198 means:

your.public.ip.address:3389 gets forwarded to 192.168.0.198:3389

But let's assume you have more than one system behind your router you want to access RDP.  If you're simply forwarding 3389 to .198, given the 1:1 nature of port forwarding, then you are limited to only one system you can access.  In comes virtual server.

Virtual server creates 1:many relationship between your public IP address and multiple private addresses.  It can be used in conjunction with Port Forwarding.  Assuming you are still using the port forwarding rule above, and you want to add two more RDP ports forwarded you can do this:

Forward Port 64001 to 192.168.0.197:3389
Forward Port 64002 to 192.168.0.196:3389

You could do the same with FTP servers, Web servers, etc.
Logged
mahi
Level 1 Member
*
Posts: 4


« Reply #4 on: February 16, 2009, 11:15:47 PM »

I see. That's an application I didn't think of yet.

However, I still don't get why "Port Forwarding" goes wrong in my situation. If there's only one "Virtual Server" redirecting my.public.ip.address:4572 (UDP) to 192.168.1.8:4572, it should be the same as "Port Forwarding" rule 4572 (UDP) to 192.168.1.8. But apparantly it isn't. At least not for eMule (other applications seem to work just fine with either "Port Forwarding" or "Virtual Servers"). eMule refuses to connect to the kad network with UDP "Port Forwarding", but works fine with forwarding the UDP port through "Virtual Servers".

This was tested with only the rules mentioned in my first post in the router configuration - so there were no possibly conflicting rules.
Logged
ttmcmurry
Level 4 Member
****
Posts: 438


« Reply #5 on: February 17, 2009, 08:37:21 PM »

There are two solutions.  Pick the second.   Grin

One
If you're going to use it, pick Port Forwarding (first choice) or Virtual Server, not both

Two
eMule is UPnP compatible in v0.49b.  Enable this feature in the DIR-855 and in eMule.  Remove the Port Forwarding rules on the 855 and let UPnP do everything for you.  (Make sure your firewall permits UPnP traffic)
« Last Edit: February 17, 2009, 08:40:05 PM by ttmcmurry » Logged
mahi
Level 1 Member
*
Posts: 4


« Reply #6 on: February 19, 2009, 09:20:47 AM »

If you're going to use it, pick Port Forwarding (first choice) or Virtual Server, not both

I hope you did not misread my post. I'm not trying to use the same port in both "Virtual Servers" and "Port Forwarding". eMule uses two different ports, one for TCP (4562 in my case) and one for UDP (4572 in my case).

You write, pick Port Forwarding (first choice), but that's exactly what I'm trying to point out in this thread. This should work, but it doesn't. The TCP port works fine using "Port Forwarding", but the UDP port refuses to work even though the eMule website port test shows it's forwarded correctly. Whenever I try to use "Port Forwarding" for the UDP port, the Kademlia (kad) network will not work!

However, when I use "Virtual Servers" for the UDP port, it works fine!

The TCP port works fine at both "Virtual Servers" and "Port Forwarding" (obviously not both set at the same time). It's just the UDP port that behaves in a very weird way.

That's why I started this thread in the first place. I can get it to work with "Virtual Servers", but I'd like to know why it doesn't with "Port Forwarding" while all logic says it should. So I'm not seeking help to get something working because it already does. I'm just trying to find an answer to the question why the eMule UDP port does work when using "Virtual Servers" but not with "Port Forwarding"...

So once again, could this be a bug in the router's firmware?


Quote
eMule is UPnP compatible in v0.49b.  Enable this feature in the DIR-855 and in eMule.  Remove the Port Forwarding rules on the 855 and let UPnP do everything for you.  (Make sure your firewall permits UPnP traffic)

I prefer not to use UPnP, but I was intriged to find out whether UPnP would configure eMule using "Virtual Servers" or using "Port Forwarding".

I enabled UPnP in both eMule and the router. eMule connected with the ed2k and kad network from the first time. So whatever the D-Link DIR-855 used, it did work...

Each time I started eMule I saw following lines appear in the log:

Code:
UPnP added entry 255.255.255.255 <-> 79.21.49.50:4572 <-> 192.168.1.8:4572 UDP timeout:-1 'eMule_UDP'
UPnP added entry 255.255.255.255 <-> 79.21.49.50:4562 <-> 192.168.1.8:4562 TCP timeout:-1 'eMule_TCP'

I wasn't sure what was meant by this, "Virtual Servers" or using "Port Forwarding". So I did some further testing. I manually added 4 new rules: 2 "Virtual Servers" on the eMule TCP and UDP ports and 2 "Port Forwarding" on the very same eMule TCP and UDP ports. Before you ask how this is possible, all 4 rules were not enabled! I was just hoping these disabled rules would cause a conflict or at least interaction with UPnP trying to configure eMule.

And it did... Once I started eMule I got following entries in the log:

Code:
UPnP changed VIRTUAL SERVER entry 255.255.255.255 <-> 79.21.49.50:4572 <-> 192.168.1.8:4572 UDP to enabled
UPnP changed VIRTUAL SERVER entry 255.255.255.255 <-> 79.21.49.50:4562 <-> 192.168.1.8:4562 TCP to enabled

UPnP simply took over the existing disabled rules and enabled those. So now I'm certain, UPnP and the DIR-855 configured eMule using "Virtual Servers" and not "Port Forwarding". That probably explains why it works.

But all this UPnP stuff is rather a side quest. I doesn't answer my main question: Why does "Port Forwarding" not work for the eMule UDP port?
Logged
ttmcmurry
Level 4 Member
****
Posts: 438


« Reply #7 on: February 21, 2009, 02:12:42 PM »

I think the point i was trying to convey got lost in the technical details.  You should use either UPnP or some sort of Port Forward/Virtual Server setting. 

The reason why UPnP was invented was so you, the user, wouldn't have to go into your router and make those kinds of changes; the application does it for you.  Personally I use uTorrent with UPnP enabled and I've never had to worry about port forwarding -- and one of the additional benefits is being able to use port randomization inside your Torrent client software.   Make sure your security/firewall product permits UPnP traffic!

Remember this rule of thumb:  for a specific application you cannot use UPnP alongside PF/VS settings.  If you simply switched on UPnP while still having your PF/VS settings active, you can get strange results.

To answer your question, if you're going with PF/VS make sure port randomization isn't enabled in eMule and double-check the port setting in eMule is the same that you're entering into the router. 

« Last Edit: February 21, 2009, 02:15:33 PM by ttmcmurry » Logged
jdanecki
Level 1 Member
*
Posts: 1


« Reply #8 on: September 19, 2009, 12:21:40 PM »

I would like to confirm mahi's problem with difference between "virtual server" and "port forwarding" with KADemila. I have experienced exactly the same behavior with emule.
I'm really interested what is the real difference between those 2 methods of forwarding ports (I'm dreaming: being able to check iptables commands would be enough Smiley
Because apart from problems with KADemila I still see no point in making 2 such similar functions.
Logged
jysnmat
Level 1 Member
*
Posts: 17


« Reply #9 on: October 14, 2009, 10:50:01 AM »

The difference between Port Forwarding and Virtual Server is that Port forwarding merely opens the port up to the selected client or computer. Basically the computer has to be connected and listening on that port in order for it to work as any incoming connection to that port can still be pick up by any other client on the network if the port is not in use at the moment the connection comes in with the exception that is blocked or firewalled for them. If there is an incoming connection to that port that is forwarded and no client is listening for that port the router will just block or disregarded as it does not know what client to connect thee incoming connection. Torrent downloading uses a lot incoming connection to one port and so it can confuse the router. Virtual server opens up the port and fowards any incoming connections to that port to the client specified only. This means that no other client on the network has access to that port at all since it only accessible by the client specified, and thus the reason why it works better than port forwarding in terms of use for torrenting or any app that is listening on a specific port without sending out data until a connections is made. Basically the Router knows that all incoming connection to the specified port go to the specified client and so the router does not get confused.

The reason why these two option exist on the router at the same time is simple. If the Router just had Virtual Server option available, than as you add more port to a client the other clients will have less port available to them. The more ports you add the less ports are available for other clients. With Port forwarding this is not an issue as the port is still available as long as is not in use. It is recommended you try port forwarding first before trying Virtual Server since it will make the port specified useless to other clients on the network.
« Last Edit: October 14, 2009, 11:28:24 AM by jysnmat » Logged
Pages: [1]
  Print  
 
Jump to:  

Theme by webtechnica.com.