Special? What's special?
A "special application" is one that doesn't work with the default settings of your Internet sharing method. Depending on the sharing method you use and the applications you run, you can have a lot of "specials" or none at all. To narrow things down a bit, here are some rules of thumb:
Since the way of the world seems to be leaning toward NAT based sharing, we'll be focusing on that method.
A note for Wingate and other proxy users
Proxy-based sharing requires setting up a UDP or TCP mapping service for each Special Application. The basic information on how to do this with the original Wingate (2.X) or Wingate 3.X's Standard or Pro's Proxy Service can be found in Wingate Knowledge Base Article 1057. A how-to for setting up a Dialpad mapping can be found in Article 1556. You can also click here to get a listing of Wingate Knowledge Base Articles that deal with port mapping.
Note that you can't map ports with Wingate 3.X Home or when using Wingate 3.X's WRP method.
For other proxy programs, the approach is the same as with Wingate,
but the details of doing the mapping will be different. Consult
your program's Help or FAQ pages.
NAT routers have a natural firewall that rejects any unsolicited data that tries to travel from the Internet to a computer on your LAN. Basically, if you didn't ask for the data, it isn't gonna get past the firewall. A few examples may help:
Just another hole in the wall
So what do you want to do if you want to receive data originating from the Internet? The answer goes by many names, i.e. port mapping, port forwarding, DMZ, application rules, etc. But they all boil down to opening holes in the firewall so that unrequested data can come into selected computers on your LAN.
Notice that I said unrequested data. In light of all the media articles about Internet security, that might make you want to stop right here and leave that firewall intact! However, it is possible to be secure and have your favorite applications work, but it takes some work and you have to be careful to do things right.
Opening holes in your firewall, can compromise your LAN's security if done incorrectly. Please read this information on Security before proceeding.
Rule #3 "Open only the ports you need" is the most relevant
to the subject of opening special application ports, so keep it in mind
when you're deciding whether you really need to open that firewall hole.
Port mapping through a firewall isn't a substitute for having a computer connected directly to the Internet. Another rule of thumb may help:
Only one computer inside the firewall can use a specific inbound port at a time.
If all Internet applications used only one unique port, there wouldn't be much confusion about how all this port mapping stuff works. But, not all applications work that way. Many applications (messaging and gaming applications in particular) use multiple ports and groups of ports, and are generally the hardest to get working behind a firewall. Other applications, like MS Netmeeting are pretty much impossible to get working behind a firewall because they use multiple ports, port ranges, dynamically assigned ports, and special protocols. For these applications, you'll just have to place the computer that you want to run the application on outside the firewall, either physically, or via your router's "DMZ" or "Exposed Computer" feature.Pull the trigger
Some routers try to get around this "one port per customer" limitation by using "triggered" maps. Triggered maps work by having the router watch outgoing data for a specific port number and protocol. When the router sees a match, it remembers the IP address of the computer that sent the matching data. When the requested data wants to come back in through the firewall, the router uses the port mapping rules that are linked to the trigger, and the IP address of the computer that "pulled" the trigger, to get the data back to the proper computer.
These triggered events can be timed so that they erase the port mapping as soon as they are done with the data transfer, so that the port map can be triggered by another Client computer. This gives the illusion that multiple computers can use the same port mapping at the same time, but the computers are really just taking turns using the mapping.Two important limitations of triggered maps!
Routers that have this "triggered map" capability include:
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|