Triggering port is a configuration option on a NAT-enabled router that controls communications between internal and external host machines within the IP network. This is similar to port forwarding because it allows incoming traffic to be forwarded to a particular internal host machine, although the forwarded port is not permanently open and the target internal host machine is dynamically selected.
Video Port triggering
Description
When two networks communicate over a NAT-router, the host machine on the internal network behaves as if they have the IP address of the NAT-router from the host machine's perspective on the external network. Without traffic forwarding rules, it is not possible for a host machine on an external network (host B) to open a connection to the host machine on the internal network (host A). This is because connections can only be targeted to IP from a NAT-router, because the internal network is hidden behind NAT. With trigger ports, when some host A opens a connection to host B using a specified port or port, then all incoming traffic received by the router on some predetermined port or port will be forwarded to host A. This is a 'trigger' event for forwarding rules. A forwarding rule is disabled after a period of inactivity.
Port triggers are useful for network applications where client and server roles should be routed for certain tasks, such as authentication for IRC chat and file downloading for sharing FTP files.
Example
For example how triggering ports operate, when connected to IRC (Internet Relay Chat), usually to authenticate the user name with the Ident protocol through port 113.
When connected to IRC, client computers usually make outgoing connections on port 6667 (or any port in the 6660-7000 range), causing the IRC server to try to verify the given username by creating a new connection back to the client computer on port 113. When the computer is behind NAT, NAT silently dropped this connection because it did not know to the computer behind the NAT that had to send a request to connect. Both transport level connections are required for application-level connection to the IRC server to succeed (see Internet protocol suite). Because a second TCP/IP connection is not possible, the connection attempted to the IRC server will fail.
In the case of a triggering port, the router is configured so that when outgoing connections are made on any port from 6660 to 7000, the router must allow incoming connections to a particular computer on port 113. This gives more flexibility than static port forwarding because you do not need to set it for a specific address in your network, allowing multiple clients to connect to an IRC server via a NAT-router. Security is also obtained, in the sense that the incoming port is not left open when inactive is used.
Losses
The trigger port has a loss because it binds the port that is triggered to one client at a time. As long as the port is tied to a particular client, the port trigger is effectively not available to all other clients. In sharing an FTP file for example, this means no two clients can download files from an FTP server running in "active mode" simultaneously. For IRC, although authentication steps happen very quickly, ports that trigger a timeout may still prevent other clients from logging into the IRC server. The port trigger is not appropriate for the server behind the NAT router as it relies on the local computer to establish an outside connection before it can accept incoming connections. On some routers it is possible to have more than one client using port trigger and port forwarding, but not simultaneously.
Maps Port triggering
See also
- Network Address and Port Translation
- NAT traversal
- Port forwarding
References
Source of the article : Wikipedia
0 Comments