Earthweb.com Practically Networked Home Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation
Welcome to PractiallyNetworked
Product Reviews

 • Routers
 • Hubs/Switches
 • Wireless Gateway
 • Wireless AP
 • Wireless NIC
 • Network Storage
 • Print Servers
 • Bluetooth Adapters
Troubleshooting
& Tutorials

 • Networking
 • Internet Sharing
 • Security
 • Backgrounders
 • Troubleshooting
    Guides

 • PracNet How To's
User Opinions
Practicallynetworked Glossary

 Find a Network Term  
 
Forums
About
Jobs
Home

  Most Popular Tutorials

• Microsoft Vista Home Networking Setup and Options
The most daunting part of upgrading to Windows Vista may be trying to figure out where in the layers of menus the networking and file-sharing options are hidden.

• Do It Yourself: Roll Your Own Network Cables
It may not be something you do everyday, but having the supplies and know-how to whip up a network cable on the spot can be very handy.

• Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router and by extension, your network is as secure as possible.

  Most Popular Reviews

• Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.

• Iomega StorCenter Network Hard Drive
Iomega's fourth generation StorCenter Network Hard Drive brings many of the features found in higher-end storage devices down to an attractive price.

• MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.



Configure Clients
Secure LAN
Troubleshoot
Special Applications

     -Opening Ports

     -Port List

     -References

Other Info
Summary
Your method may vary...

Go right to the Port lists

There are many ways to share a connection and consequently just about as many ways to open holes in a NAT-based firewall.  Because of this, this section is not an exact how-to guide, but instead is a reference that is intended to save time when you are trying to get your special application to work. 

Let's start with a look at the features and limitations of some popular sharing products.

Sygate will handle many applications that are "special" to other sharing methods, right "out-of-the-box".   It also handles triggered maps, port ranges, and allows you to specify TCP or UDP protocols.  Although a 3 user license costs $40, it's cheap compared to the time you can spend tearing your hair out getting some other programs to work.  You can download a free demo by clicking here.

If ICS is your chosen instrument of torture, you can make mapping ports easier by using Harley Acheson's ICS Configuration, which you can get here.  Also check out the ICS Configuration port map page for ready-to-use map files. ICS can handle port ranges and multiple protocols, but does not support triggered maps.

If you're using Linux "Masq" or "Masquerade" to share your connection, this site has lots of helpful info.

Note that some of the very inexpensive routers do not support port range mapping or triggered maps. They also tend to have a limited number (10-12) of single port mappings and you can't specify TCP or UDP.  So if your favorite application needs mapped port ranges, you'll have to choose another router or use the router's "DMZ" or "Exposed Computer" option for one computer.  Go back to this section for a list of routers that support triggered maps.

If all this just sounds like too much of a hassle, you might want to skip trying to find out what holes to open and just place one computer outside the firewall.  Most NAT routers will allow you to do this through a feature usually called "Exposed Computer" or "DMZ Computer".  Of course, that computer is completely exposed to the Internet, so you'd better lock it down real tight!

How to Do it

Before we get going, here's the warning, one more time.
attentionsml.gif (1034 bytes)Opening holes in your firewall,  can compromise your LAN's security if done incorrectly. Please read this information on Security before proceeding.


The Special Application Ports section below contains a list of applications with information on the ports that they use.  This list is mostly an edited version of Sygate's Apprule.cfg file, with the Sygate specific terminology removed.  

In the list, you'll see OUT, IN, TCP, UDP and numbers.  Here's what they mean:

OUT
This is useful for programs and routers that support triggered maps, such as Sygate
- Triggered maps are not active until a Client computer sends a packet that matches the protocol and port that are specified in the trigger. 
- Triggered maps allow you to have more than one machine use a port mapping, although only one machine at a time can use the mapping. Triggered maps do not include an IP address of the "Target" client (the machine that uses the mapping).

IN  
This is the "hole" that the application needs in the firewall.  You always need to enter this information.

TCP  
Means Transmission Control Protocol, and is one way that applications communicate on the Internet. 

UDP  
Means User Datagram Protocol, and is another way that applications communicate on the Internet. 

Number  
Is the number of the special ports(s) used by the application. There's a reference list of port definitions here if you're curious (WARNING: it's ONE looonng page).


Tips to create your mapped ports
  1. Use a fixed IP address for the computers that are the targets of your port mappings.  
    If you use a DHCP server to assign your Client computer IP addresses, your Port maps will stop working when your Clients obtain different IP addresses from the DHCP server.  
    (Of course, if you assign a fixed IP address, make sure you enter the proper Gateway and DNS information into the Client's TCP/IP properties.)
    (NOTE: If you are using a NAT router that supports triggered maps, you can ignore this step.)
     

  2. Set up the mapping using the IN port and protocol information
    If you see a single number, like this:
                     
      IN      TCP     113 
    that's a single port.  
    If you see two numbers like this:
                      
    IN      TCP     113 120
    it means you need to map a port range from port 113 to 120.
     

  3. Make sure you enter both the TCP and UDP information in separate mapping entries if your router allows you to specify the protocol used.  
    If it doesn't allow you to specify TCP or UDP, then enter separate mappings for both the TCP and UDP table entries, but only if they are different port numbers.

    Example 1
    The application port information looks like this:
    IN      UDP     1140    1234
    IN      TCP     1140    1234
    Your router doesn't let you specify TCP or UDP, so you make one mapping for port range 1140 to 1234.

    Example 2
    The application port information looks like this:
    IN      UDP     51200   51201
    IN      TCP     51210
    Your router doesn't let you specify TCP or UDP, but the port ranges are different, so you make two mappings: one for port range 51200 to 51201; the other for port 51210.
     

  4. If your router doesn't support triggered maps 
    (most don't) first don't enter the
    OUT information.  However, if the application doesn't work, try adding the OUT  information to your mapping.
     

  5. If you don't find your application's information in the list below
    consult the application's Help files or Web site FAQ.  The information is usually in a section about Firewalls, or Proxies.
     

  6. To access your mapped application, remember to use the IP address assigned by your ISP.
    Don't use the private, non-routable address that your router assigns (example: 192.168.0.X).  The ISP-assigned address might be assigned dynamically and could change from time to time, which can make it difficult to connect to your special application.  You can use a Dynamic DNS service to prevent this.

That's it!  Have fun and be sure to let us know if you have any tips to share!

Go to the Port lists


References and to learn more


Earthwebnews.com Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation


Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums