Question about NAT

[KrisseZ]

Ok se here's the deal... I'm trying out some NAT settings just to map out how the things works and I encountered this little scenario. I have 2 computers in LAN, 192.168.0.2 and 192.168.0.4 and they share a public ip 80.220.193.130. Now I want to use torrent with both of these machines and I do a little port forwarding.

I map 45050-50000 ports to both of these IPs and 192.168.0.2 uses port 45050 for torrent and 192.168.0.4 uses port 50000 for torrent. Only 192.168.0.2 machines torrent works since it's rule was written first.

I don't understand why since while I watched the firewall log, the forwarding was done corretly. I tested this with http://www.utorrent.com/testport?port=45050. Since the forwarding worked I'm a bit puzzled why the computer still says that the there is an error in the network. But when I change the port mappings so that they don't cover each others torrent ports, then it works, which is no wonder as it should work like it.

So is my modems NAT capabilities just poor or is this a common phenomenom? Oh and the 192.168.0.4 is connected via WLAN but I don't think it matters?

[nightkhaos]

That is actually how NAT is designed to work. You cannot assign the same port twice.

[KrisseZ]

That is actually how NAT is designed to work. You cannot assign the same port twice.

Any possible way to achieve such a scenario? Where one global address could be translated into one port used by many machines? for example the port 45050 would be used by 3 different computers.

Btw it worked fine when the computers 192.168.0.2 and 192.168.0.4 used the same port... when they both used 45050 port it worked... problems started when they used different ports but the mappings crossed over each other.

[Splash]

That is actually how NAT is designed to work. You cannot assign the same port twice.

^^This. Do you actually need to open a range that big? Most torrent clients will happily run on a single port.

[Splash]

Btw it worked fine when the computers 192.168.0.2 and 192.168.0.4 used the same port... when they both used 45050 port it worked... problems started when they used different ports but the mappings crossed over each other.

This isn't NAT, this is an open firewall port. Set a single (or a smaller port range per machine, which is forwarded properly) port and all will be fine

[KrisseZ]

This seems like a quite big hassle... Let's say I have 3 computers. All are going to use torrent and dc++ so everyone must have their own port mappings done, then they also need to be able to host games, every game needs it's own port mapping. There's going to be a lot of mapping to do... And if a friends come to visit, he needs to adjust his computer to my mappings or I'm going to have to do a new map each time a friend comes by... Guess there isn't a magic trick to it?

EDIT: For example Civilization IV requires you to forward the 2033,2056,2302-2400,3783,6500,6515,6667,13139,27900,28900,29900,29901 ports and if it can only be forwarded for one pc only? holy **** I'm ****ed : <

[Splash]

This seems like a quite big hassle... Let's say I have 3 computers. All are going to use torrent and dc++ so everyone must have their own port mappings done, then they also need to be able to host games, every game needs it's own port mapping. There's going to be a lot of mapping to do... And if a friends come to visit, he needs to adjust his computer to my mappings or I'm going to have to do a new map each time a friend comes by... Guess there isn't a magic trick to it?

EDIT: For example Civilization IV requires you to forward the 2033,2056,2302-2400,3783,6500,6515,6667,13139,27900,28900,29900,29901 ports and if it can only be forwarded for one pc only? holy **** I'm ****ed : <

If you're struggling your options are either to open the firewall port for your LAN range (bad, mkay?), put all machines in the DMZ (even worse) or enable uPnP (not great, but if you can't be bothered to forward seperate ports per machine then it's sounding like your best option)

[Mblaster]

From my understanding (may or may not be right) port forwarding and NAT are separate things. For example NAT will allow multiple machines on the internal network (sharing an external IP) to play a game (as client) both using the same port (e.g. they both connect to an external game server at 123.7.36.77:7777), where as port forwarding would allow you to run a game server from a machine inside your local network and have it accessed from machines on the external network.

Basically NAT deals with connections initiated by you (or any other internal machine), port forwarding deals with connections initiated by someone outside your network, specifying a single machine for each required port to be forwarded to.

You sure Civilization IV requires them all forwarded? I have never played any game as a client where I need to forward ports. Usually the ports listed need to be open for outgoing connections, but most routers default to having all ports open for outgoing connections anyway. Port forwaring is only required when someone else wants to connect to you without you first sending them any data, like when you are acting as a server, not a client.

[KrisseZ]

Well I don't want to sound lazy but this network will contain 5-6 static computers and +3-5 computers more now and then... so I really would like to obtain maximum dynamics... I know static things are the best but since they just wont cut it in this scenario... I've tried UPnP a while ago and it yielded somewhat proper results...

You spoke of opening a firewall port to my lan range? what do you mean with that? If I do a portforward I will anyways have to do a firewall port rule for the forwarded port. Do you mean a firewall rule for the entire port range?

[KrisseZ]

From my understanding (may or may not be right) port forwarding and NAT are separate things. For example NAT will allow multiple machines on the internal network (sharing an external IP) to play a game (as client) both using the same port (e.g. they both connect to an external game server at 123.7.36.77:7777), where as port forwarding would allow you to run a game server from a machine inside your local network and have it accessed from machines on the external network.

Basically NAT deals with connections initiated by you (or any other internal machine), port forwarding deals with connections initiated by someone outside your network, specifying a single machine for each required port to be forwarded to.

You sure Civilization IV requires them all forwarded? I have never played any game as a client where I need to forward ports. Usually the ports listed need to be open for outgoing connections, but most routers default to having all ports open for outgoing connections anyway. Port forwaring is only required when someone else wants to connect to you without you first sending them any data, like when you are acting as a server, not a client.

Playing Civ 4 as a client doesn't need any forwarding but hosting a game needs all of those ports open. Atleast according to portforward.com. And in my household there are more players than me and other computers will also need to be able to host a game.

What comes to NAT and port forwarding you are partially right... Port forwarding is a feature of a NAT so there for a part of NAT.

[Mblaster]

Playing Civ 4 as a client doesn't need any forwarding but hosting a game needs all of those ports open. Atleast according to portforward.com. And in my household there are more players than me and other computers will also need to be able to host a game.

What comes to NAT and port forwarding you are partially right... Port forwarding is a feature of a NAT so there for a part of NAT.

Ah right, wasn't expecting you to have multiple PCs hosting games for external players (a LAN game would not require port forwarding). Would it not be easier to just get the same PC to host the game each time, then you can forward the ports once and leave it done? Never played Civ4 but in most games it makes no difference who hosts it.

[KrisseZ]

Hell no I ain't letting my bros on my computer They need to be able to share their own games with their friends perioid. I think I'm finally coming to the conclusion of making a hybrid network with UPnP and manual port forwardings for things that doesn't work with UPnP. I've been doing a lot of researching on NAT traversal techniques and UPnP seems to be the most suited... pure port forwarding would also be nice but It would require a long list of rules

Then again I still got the problem that if I'm to host ftp servers with many different pcs how will they translate? I mean ain't ftp hosted on port 21? with two computers hosting same time... I wonder how it will work out... don't think it will be very successful

The more I research networking the more incomplete it seems... Simply using a global ip would be nice but then again I wouldn't be able to use the lan... or I could... but what about the other 7 computers? I don't have that many global addresses If I had, then this would be easy.

[Mblaster]

The more I research networking the more incomplete it seems... Simply using a global ip would be nice but then again I wouldn't be able to use the lan... or I could... but what about the other 7 computers? I don't have that many global addresses If I had, then this would be easy.

Well, once the migration to IPv6 is complete you can have an external IP for all your PC's, and every other electronical device in your house with plenty to spare

[Lee H]

Who is your ISP?

See if you can ask them for a set of IP addresses (usually you get 5) so that each PC gets their own unique 'external' IP address. Usually there is an additional cost for this.

I did this when I lived at home with my parents and Carlh when we were on Nildram before they got took over and it made everything like this go away overnight.

If you also have a domain name then you can also setup the reverse DNS so you can get a nice address.

For example I had ferguson.mydomain.co.uk set as the router and then Giggs.mydomain.co.uk, Solksjaer.mydomain.co.uk and Keane.mydomain.co.uk setup for the PC's.

I hope this information helps.

[Splash]

Hell no I ain't letting my bros on my computer They need to be able to share their own games with their friends perioid. I think I'm finally coming to the conclusion of making a hybrid network with UPnP and manual port forwardings for things that doesn't work with UPnP. I've been doing a lot of researching on NAT traversal techniques and UPnP seems to be the most suited... pure port forwarding would also be nice but It would require a long list of rules

Then again I still got the problem that if I'm to host ftp servers with many different pcs how will they translate? I mean ain't ftp hosted on port 21? with two computers hosting same time... I wonder how it will work out... don't think it will be very successful

The more I research networking the more incomplete it seems... Simply using a global ip would be nice but then again I wouldn't be able to use the lan... or I could... but what about the other 7 computers? I don't have that many global addresses If I had, then this would be easy.

If you want to host more than one service on one port you have a few options - either buy more ip addresses and dedicate an ip to each host, publish on a non-standard port (while 21 is the default for FTP there's nothing to stop you hosting it on a seperate port), publish the applications through something like ISA Server using different hostnames but the same ip or simply consolidate all your machines that are doing the same job (you must be the only person I know who would have 2 seperate machines hosting ftp servers on a home connection ) so it's not an issue any more: why pay for 2 lots of electrickery when you could only pay for one?

[KrisseZ]

If you want to host more than one service on one port you have a few options - either buy more ip addresses and dedicate an ip to each host, publish on a non-standard port (while 21 is the default for FTP there's nothing to stop you hosting it on a seperate port), publish the applications through something like ISA Server using different hostnames but the same ip or simply consolidate all your machines that are doing the same job (you must be the only person I know who would have 2 seperate machines hosting ftp servers on a home connection ) so it's not an issue any more: why pay for 2 lots of electrickery when you could only pay for one?

I'm more ears to aquiring more global ip addresses, infanct Iäm not sure but I think I have more than one... Ok so here's how I'd like my scenario but I'm not sure which device could do this for me...

192.168.0.1 Modem
192.168.0.2 WLAN
192.168.0.3 NAS -> Global IP4
192.168.0.4 My Computer -> Global IP1
192.168.0.5 Server 1 -> Global IP2
192.168.0.6 Server 2 -> Global IP3
192.168.0.7 Living room -> Global IP4
192.168.0.8 Media PC -> Global IP4
192.168.0.9
---------- randoms -> Global IP4
192.168.0.20

I know ZyXELs might be able to do this but I'm still not sure... anyone know what this thenicque is called and what devices are able to do this? do I need a firewall unit and does this require something special from the modem... Please show me the light cause this is finally the way I would be satisfied with the network.