Linksys → INFO: Port Triggering - What is it?

or...
Everything You Always Wanted to Know About Port Triggering But Were Afraid To Ask...

I have some applications for the newest BEFSR41 Port Triggering function so decided to test what it can and cannot do. I was a little disappointed it wasn't more elaborate but I guess I was expecting more.

All this info was compiled on a BEFSR41 f/w version 1.39.

All Comments, Corrections, Questions and Bitches Welcomed!

What Is Port Triggering?
I think of Port Triggering as a way to dynamically forward ports to a LAN PC that needs them at a particular time. That particular time is when it runs a certain application that performs some event that "triggers" the router. This event must be an outbound access of a particular port range.

What is an example of Port Triggering use?
Connecting to an IRC server that needs an IDENT reply from you.

When you connect to an IRC server you use a port in the range 6660-6670. This connection is an ideal trigger because shortly after connecting the server will try and connect to your IDENT server to get a reply. Your end has to become an IDENT server and popular IRC client programs like mIRC have this server built in. But to make that PC an IDENT server it needs IDENT (port 113) forwarded to it.

I have 3 PCs getting LAN addresses automatically via DHCP so I cannot forward to them, right?"
The beauty of Port Triggering is it's dynamic like DHCP is. "Regular" Port Forwarding is static and should be to a static IP but Port Triggering is not static - it will work with DHCP LAN PC addresses!

Unfortunately, IRC's DCC (Direct-Client-to-Client) file transfer and chat functions needs other forwarded ports so just the IDENT example won't work by itself if you want to use DCC.

How would I set up Port Triggering for mIRC?
Go to the Advanced->Forwarding tab to find the "Port Triggering" button. Fill in this info on line 1:

Application Name: mIRC-IDENT
Trigger Port Range: 6660 - 6670
Incoming Port Range: 113 - 113

Press "Apply" then close the box with the "X". I found version 1.39 to be a bit strange when I hit "Cancel" or "Apply" more than once - I had to reset the router sometimes.

Can't the LinkSys know when mIRC is being run?
Absolutely not. Well, not like a personal firewall can. The LinkSys router is independant of the LAN PC's programs and operating system.

Then what's the "Application Name" do?
It's a reference so you know what the entry is for - what you put in does not affect the function.

So I can run any LAN PC on IRC and it will get IDENT forwarded to it?
Yes, you should be able to BUT... watch out for...

And run 2 PCs at the same time?
I knew you'd ask that! IRC is not a good example because if you try this on 2 PCs at the same time I find ONE AND ONLY ONE PC will get forwarded. This was part of my disappointment.

That's no good! I want to run 2 PCs at the same time on IRC!
What will happen on IRC is if PC#1 connects to an IRC server it will get IDENT fine. If PC#2 shortly comes along and connects to an IRC server PC#1 will still be forwarded IDENT. What's funny about this is PC#2 may connect just fine but it's PC#1's IDENT reply that did it! Fun, huh?

Be careful, this may not always happen because mIRC has an IDENT option "Enable only when connecting" so PC#1, even though it has IDENT forwarded to it may already be connected and not IDENT reply for PC#2.

IRC IDENT is a poor example for wanting to run 2 PCs at the same time using Port Triggering. Many games can make use of Port Triggering but the game would get all screwed up if the right PC didn't get the ports forwarded.

So what good is Port Triggering?
Well, you can't exactly run 2 PCs on Port Triggering at the same time but at least you don't have to change Port Forwarding for each PC when it wants to run IRC or a game that needs Port Triggering.

So when my sister gets done when can I get on with my PC?
You may have to wait up to 2 minutes is what I measured. My testing goes like this:

Once "triggered" the forwarding happens for 2 minutes unless a forwarded packet comes in OR another trigger event happens. Either resets this 2 minute timer. Once the 2 minute timer times out the next PC that triggers the magic event will "take over" the Port Triggering function.

What if my sister and I are on different IRC servers? Will it work then?
No, this is another disappointment my testing showed. I was hoping if different servers were used only the server triggered would be individually forwarded to the individual PC that caused it. But this is not the case.

Is the forwarding produced by Port Triggering only from the triggering server?
No, my testing showed it is a *global* forward. When Port Triggering is forwarding to a PC that PC is fully open on those "Incoming" ports from any host on the internet - the same as *regular* Port Forwarding.

On version 1.39 Port Forwarding doesn't work if SPI is enabled. Same with Port Triggering?
No! Port Triggering works even when SPI is turned on in version 1.39 (and 1.38.5 I suspect, too, but I only tested 1.39).

I want to run some games that connects to a game server but it doesn't work unless I forward certain ports. Will Port Triggering allow me to run that game from any PC?
Possibly. Check support boards for each game or check the "Web Links" ports list above to identify a "Trigger Port Range" which is usually the port(s) you connect to the server with. Then set the "Incoming Port Range" the same as the forwarded ports you needed before.

Keep in mind only one LAN PC can run the same game at any one time.

Can 2 different games be played?
I didn't test this but I do know one thing... if "Trigger Port Range" or "Incoming Port Range" overlaps between the 2 games it would be a fight to see which game works!

Can I run a game server using Port Triggering?
I doubt it. Port Triggering is initiated from a LAN PC, NOT users out on the internet. Port Triggering has very limited value for servers - use Port Forwarding.

Excellent information, and a deserved recommended link. Thanks for spending the time to complete such a comprehensive info post.

Can both be used simultaneously? (Triggering and Forwarding) would be another good question to answer. Some people may need both.

said by JrC384k:

---

Can both be used simultaneously? (Triggering and Forwarding) would be another good question to answer. Some people may need both.

---

Good question! I looked at my original post and thought it was getting a bit long for everything I found.

I only tested with SPI OFF since I need regular forwarding to get mail. The first thing I did was insure my mail wasn't down - a lesson I learned trying SPI for the first time and taking my mail off line for 8 hours since I didn't know SPI killed forwarding .

In this condition I set up triggering to also forward SMTP to see if it would override - IT DOES NOT - nor does it affect the regular forwarding which continued to work.

I think it's proper Forwarding cannot be overridden by Triggering... but that does limit a few fancy functions.

said by Bill_MI:

---

Can I run a game server using Port Triggering?
I doubt it. Port Triggering is initiated from a LAN PC, NOT users out on the internet. Port Triggering has very limited value for servers - use Port Forwarding.

---

I thought it works like this: An inbound (inbound from the internet for example) from ports xxx-xxx opens ports xxx-xxx on all LAN PCs.

Forwarding:
Forward 80-80 TCP to 192.168.1.2 opens port 80 on 192.168.1.2

Triggering:
80-80 triggers opening of 80-80 opens path to port 80 on all machines running servers when triggered (e.g. someone tries to access server).

Also note that I tried to do this while forwarding was also ON.
[text was edited by author 2001-06-23 14:06:19]

[text was edited by author 2001-06-23 14:07:24]

said by JrC384k:

---

I thought it works like this: An inbound (inbound from the internet for example) from ports xxx-xxx opens ports xxx-xxx on all LAN PCs.

---

Except for broadcast functions I've never seen a case of a port forwarding to all LAN PCs. Is this what you mean? It would take one incoming packet generating several (1 addressed to each), right? If it's TCP which PC ack do you use?

I found Forwarding always overrides Triggering - could that be what you see? Please elaborate what happened, I'm curious.

Traditional Port Triggering is only LAN generated although packets from the internet "keeps it going" in this case. One thing I didn't try was if the source port of an incoming access to, say, your HTTP server was in a Trigger Range if your server reply would trigger! Hmmm... I'd call that a bug if it did. See what I mean?...

Say you had the IRC (6660-6670) Trigger.
MSIE(6667) --TCP--> JrCSite(80)
Your server replies:
JrCSite(80) --ACK--> MSIE(6667)

Will your ACK trigger Port 6667? I'd like to test this - not easy!

I have been trying to test my theories using port scans. Will a port scan trigger a port? I went under that assumption when doing my testing.

I think I have everything backwards. What triggers what?

An inbound triggers and outbound

or

An outbound triggers an inbound

said by JrC384k:

---

I think I have everything backwards. What triggers what?

An inbound triggers and outbound

or

An outbound triggers an inbound

---

An outbound trigger port range will open inbound port range.

CrazyM

Thanks. That explains why everything isn't working right. I was all backwards. So say I set port 80 to trigger oh say 8000. Every time any LAN computer makes an outbound on 80 (like accessing the web), it will open the router's 8000 for inbound connections to the PC that opened 80?

thanks bill, ident working on both computers behind befsr41 with 1.39

=)

said by STeWxQQ:

---

thanks bill, ident working on both computers behind befsr41 with 1.39

---

Great! I didn't elaborate as much as I could have about IRC but I think you'll find if you set IDENT to be on at all times on both and static-forward a different DCC port range for each computer IRC will fully function (DCC and all).

Of course, you're never truly assured WHICH computer really answers IDENT... but on most IRC it doesn't matter.

said by JrC384k:

---

So say I set port 80 to trigger oh say 8000. Every time any LAN computer makes an outbound on 80 (like accessing the web), it will open the router's 8000 for inbound connections to the PC that opened 80?

---

Yeppers! That's the way it appears to (and should) work.

Very good information.

Some updated info pertaining to port triggering:

1) Can there be multiple active incoming ports?
Yes, As long as the trigger port(s) and incoming port(s) are different.
Take ICQ and the MS Gaming Zone for example:

ICQ 99a/b 4000-4000 9000-9099
ICQ 2000a/b 5190-5190 9100-9199
The Zone 28800-28800 2300-2400

All of the above will work simultaneously.
The above allows direct file transfers for ICQ 99 and 2000, and allows connection to a host on the Gaming Zone.

Although, using the same trigger port for multiple entries appears to forward the first rule only and not the rest.

2) Can 2 different games be played?
If any of the ports used by a particular game are being forwarded, or triggered, the answer is no.
If any of the ports used by a particular game are not being forwarded, or triggered, the answer is yes.

I have personally witnessed Quake 3 and Counter Strike successfully working from 2 PCs behind the router. Even if it's the same or different server on the Internet. I tested Quake 3, Counter Strike, and a mixture of both at the same time.

Dude,

You obviously got it going on with this port forwarding and triggering thing so I'll ask you in lamens english because my pea sized brain has a hard time figerin out wat ur sayin..(Thats a compliment by the way)

Say I want to set up a server with one computer and play on that server with another computer via a BEFSR41 router and 2 syslink etherfast 10/100 lan cards (LNE100TX Ver.5) One on each computer. How do I make it so that the server recieves all the bandwidth capability of my dsl and the 2nd computer just plays through the router like a LAN game or is it doing that already. It seems that the pings stay relatively low for a bit and then everyones ping sky rockets into the thousands. Is this due to a masterserver pinging me to see what jives with my computer... and if so is it possible to limit its bandwidth... OY! Do I sound confused or what..

I think I see what you mean...

On the LinkSys LAN you have a server machine and a client machine. The LinkSys forwards some port(s) to the server machine to be a server for players on the net. Right so far?

The client machine has to address the server somehow. Can it be set to go to the LAN instead of WAN address? This way, the LinkSys isn't translating (taking CPU bandwidth).

But not being a gamer there's probably something I'm missing. Like - does the client have to go to some master server to get the address so this addressing is not possible? If it gets your server address on the net it would have no idea what the LAN address is. With me?

Here's some additional info for gidcon and Bill.

Client PC on LAN:
Make it connect to the private LAN IP address of the server, thus bypassing the router.

Client PCs from Internet:
Tell them to connect to the WAN IP of the Linksys router.
The real world IP the Linksys router has on the Internet.

For the masterserver, you should try to figure out how to disable that feature.
Take Quake3 for example,
A dedicated server that does not talk to the masterserver:
quake3.exe +set dedicated 1
Setting dedicated to 2 will make the server stay in constant communication with the masterserver.

Make any sense?

Good Info, Frosty! I did a little bit with this but probably goofed... and incorrectly concluded 1-trigger-at-a-time. But you've proved this is not true under the right cases. Good Job!

Thanks
Glad to make a contribution to the community

Hey thanks! I've only had my linky 4-porter for two weeks and was wondering how to use Port Triggering. I've setup the Quicktime player successfully.

App name: Quicktime
Trigger Port Range: 554
Incoming Port Range: 6970-6999

-H

[/QUOTE]

said by FR0STY:

---

I have personally witnessed Quake 3 and Counter Strike successfully working from 2 PCs behind the router. Even if it's the same or different server on the Internet. I tested Quake 3, Counter Strike, and a mixture of both at the same time.

---

OK, confused me here... LOL

Say for Eg. HL.EXE XXXXX~XXXXX 27015~27016
(anyone know the xxxxx values, I would love to know)

In this instance, could two people play on the same internet server? I mean the incoming ports would be the same, correct? (The servers are set to come in on port 27015 in most cases)

Would the second system be able to access the same server that the first one was on (Or any server that was set to use port 27015 for incoming to the client for that matter)?

two separate PCs using the same trigger port will still work provided they use different range of port.

MstrBlstr,
Ok, here's what I know and have witnessed. I host LAN parties for my friends and I from time to time. I had no port forwarding or triggering rules in the Linksys. One person was playing HalfLife CS while another was playing Quake3 on the Internet. Now, another person joined a different Q3 server and both could still play. I could connect and play on either of the Q3 servers the other 2 were connected to.

Amazingly, Q3 worked fine for all 3 of us.

No one else tried to play CS, so I don't know if CS would work like Q3 did. For CS, I have heard the user has to use a different port on the client side, but the clients still have to connect to whatever port the server is using.

Plus, everyone (8 people) had ICQ 2000b running. All of us were actively online, and sending messages to each other. Other people that were on the Internet and not at the LAN party could send and receive messages from us too. No direct file transfers though because of no ports being forwarded.

azacamis,
Really?

Which firmware are you using? I cannot seem to make it work using the same trigger and different incoming ports with f/w 1.39 and 1.40.1.

I've tried the following:

28800-28800 ---> 2300-2400
28800-28800 ---> 47624-47624

The 2nd rule never gets forwarded to the same PC.
I have to add a real port forward rule.
If I make the 2nd rule #1, and make the 1st rule #2, then the 2300-2400 doesn't work..

I'll try again, if I finally get it to work, I'll update my above post.

Thanks

[text was edited by author 2001-10-10 20:37:31]

I find the same...

6660-6670 triggers 113 (mIRC IDENT)
6660-6670 triggers 50000-50005 (mIRC DCC)

...will NOT trigger both. But if the first line is "busy" (triggered) can another LAN PC get the 2nd one? THAT could be the case!
[text was edited by author 2001-10-10 10:43:08]

frosty, I hope that is not a typo but you cannot forward those ports to the same PC

Which ports?

Bill,
Good theory, but who knows?

Do you think it's possible to trigger another incoming range from the incoming ports of another rule?

Rule #1
28800-28800 ---> 2300-2400

Rule #2
2300-2400 -----> 47624-47624

Hmmmm....

[text was edited by author 2001-10-10 20:40:10]

bump... LOL

said by FR0STY:

---

Do you think it's possible to trigger another incoming range from the incoming ports of another rule?

Rule #1
28800-28800 ---> 2300-2400

Rule #2
2300-2400 -----> 47624-47624

---

This one I'm pretty sure of - only an outbound packet can trigger anything. If you find otherwise, it's probably another bug for the list.