D-Link Xtreme N (Platinum Products) > DIR-655

port vs application forwarding (related to VPNs)

(1/2) > >>

jet321:
I'm trying to get get my vpn connection at home to be reliable, and
from talking with others, suspect it is a port forwarding issue.

I was wondering if someone could explain the difference between
application forwarding and port forwarding. 

My thinking is the main difference is with port forwarding you
can forward the port to a specific machine, while for application
forwarding, it just passes it in.  Additionally, seems like with
application forwarding, you could change the port between each
side of the router, which port forwarding wouldn't do.

Is this correct? 

The VPN issue is with Microsoft's Remote Access software dropping
me periodically, which from talking with co-workers occured to them
when they did not have the correct ports being forwarded.  So I'm trying
to verify that on my setup.

Thanks
John

DRT-1000:
An application rule is used to open single or multiple ports on your router when the router senses data sent to the Internet on a "trigger" port or port range. An application rule applies to all computers on your internal network.

Port Forwarding.
Multiple connections are required by some applications, such as internet games, video conferencing, Internet telephony, and others. These applications have difficulties working through NAT (Network Address Translation). This section is used to open multiple ports or a range of ports in your router and redirect data through those ports to a single PC on your network. You can enter ports in various formats:

Virtual Server.
The Virtual Server option gives Internet users access to services on your LAN. This feature is useful for hosting online services such as FTP, Web, or game servers. For each Virtual Server, you define a public port on your router for redirection to an internal LAN IP Address and LAN port.

jet321:
Yes, I read the help page, but to me that is still a bit unclear,
and doesn't really answer my question. :-(

Like I said, there seems to be no real difference between
application forwarding and port forwarding other than:
  1) port forwarding targets a single computer
      while application forwarding doesn't. 
       - for that matter, can the IP address in port
         forwarding be wild carded?
  2) There's the trigger that potentially allows remapping
      of a port to a different port.  In this case I don't care
      about that so they are set to the same value.

Assuming you can wild card port forwarding, I see no real
difference between the two if configured as I described in
#2.

Virtual server is closer to the definition of port forwarding
since it too will target s specific IP address, not what I want
to do with a VPN.  Or rather not how I want to configure my
network.

Is there any other difference between them? 

John

From reading the help menus, there seems to be no real
difference in the outcome between the two.  If I open a port
with an application rule, how is this different than port forwarding
other than

DRT-1000:
Port forwarding is OPEN, Application rules should close after or when not in use.

Port forwarding Rules do not change depending on the computer requesting the port. If you want two computers to use RDP and have a rule for TCP 3389 to one, then you have to actually edit the registry of the other PC to use say 3390 as a RDP port. Ports can only be forwarded to one PC at a time.

Oh, and Application rules will only work for outbound traffic. The PC must be on the local side of the NAT processor or the incoming traffic will get dropped because the port is not opened. Another Huge difference from Port forward and App rules. Virtual server rules are also always open, but you can route the External and internal ports instead of just 3000 --> 3000.

cdnfreak:
Jet, you will likely prefer the method of forwarding using the Server mode from a connection reliability standpoint. You do not want to forward the vpn using a specific port to more then one machine as that will cause problems with your connectivity.

Essentially what you are trying to achieve is a dmz on 1 port from the outside connection to your computer inside the network.

I noticed that you mentioned that you don't want to use port forwarding to one computer and that you would prefer the idea of application forwarding. Are you attempting to use more than one pc for connection?

Navigation

[0] Message Index

[#] Next page

Go to full version