Need help understanding routers and port forwarding!

Ghost

Senior member
Dec 13, 1999
297
1
81
I have a basic question about port forwarding through a router. Some info, I?m running DSL through a Zyxel P640 series router. My system is Windows XP Pro.

With this router, I have two basic choices for port forwarding. I can either forward all ports, or, I can manually configure and forward up to 8 ports individually.

The problem is, I?m a gamer, and use a variety of applications that require certain ?ports? to be open. To ?host? a Warcraft III game, I need to open a certain ?port? to use other apps like ICQ, Roger Wilco, etc, I generally have to open a port or ports to have full functionality.

My router, doesn?t allow a ?range of ports? to be specified.

Now the part I?m confused about is this. As an example, I can launch and play Warcraft III without opening any other ports. I can connect and play with other folks on-line and it works great. Only when I want to ?host? a game, do I have to open a port. If I don?t, people can?t connect to my ?hosted? game.

Why? I?m assuming when I connect to other people?s games, data is being transferred via a TCP or UDP connection. But why don?t I have to open a port for that? Is it because I initiated the connection? And connections initiated on my end are expecting a response back, and therefore don?t block it?

If that?s true, do I only have to open a port when someone else is trying to initiate a connection to my system?

Also, by default, for most routers, are there certain ports that are left open by default? Perhaps 80 for http? Or are all ports closed by default? And how do I find which ones are closed?

I don?t know if this is related or not, but my router has ?packet filtering? enabled by default. Initially, I thought maybe the packet filtering was blocking the data. When I reviewed the default settings, it looks like it only blocks certain NetBIOS and FTP data. So packet filtering isn?t what the root cause of this is, is it?

I guess, in a nutshell, I don?t understand why I need to open ports for some types of activity and not others. For example, I don?t have to open a port to ?message? people in ICQ, but I do have to open a port to ?transfer files?

Any help or links to good reference material would be greatly appreciated.

Thanks
Text
 

Jeff7

Lifer
Jan 4, 2001
41,596
19
81
Why? I?m assuming when I connect to other people?s games, data is being transferred via a TCP or UDP connection. But why don?t I have to open a port for that? Is it because I initiated the connection? And connections initiated on my end are expecting a response back, and therefore don?t block it?

This sounds close - when you initiate the connection, the router expects a response. But when you host, the router suddenly sees unsolicited incoming packets, so it rejects them. You'll probably need to configure the router to allow passage of all data on the port that the specific game uses.
This is an assumption on my part: it'll probably be UDP, because what I understand of UDP vs TCP, UDP just sends the data and doesn't care if it gets to the destination or not. TCP awaits an acknowledgment from the receiving end that the data arrived safely. Then it sends more. This could degrade ping times too much. That's an assumption though based on my level of knowledge. The 4 Cisco courses I took didn't teach us much about how router functionality affected gaming.;)
 
Apr 9, 2003
32
0
0
yes, jeff7 is right, your game has a particular port that will need to be forwarded and that should be in the documentation of the game. you may consider setting up a box in a DMZ if you have a second box. a DMZ actually forwards all ports at once and leaves that box kinda hangin out there on the internet with all the doors open but won't let anyone get past it to your internal network. the DMZ option is probably overkill for hosting a game, but it is an option...your router's documentation will tell you how to do it and you can turn it on while hosting the game, then turn it off afterwards. just be aware that your box is wide open if you place it in the DMZ.
 

kt

Diamond Member
Apr 1, 2000
6,029
1,344
136
You only need to open up the port that the game initiate the connection with. Once the initial connection is made, the host and client computers will be able to communicate on any ports thru the firewall because all subsequent packets are marked. The router will see that the packets are marked as being solicited traffic and allow it thru the firewall. The router is probably setup to allow all outgoing traffic and block all incoming traffic unless they are solicited traffic. That's why when you initiate a WC3 game connection but not host a WC3 game. Because the initial connection from client computers is not marked as solicited traffic, so the initiating connection packets never make it to your hosting computer unless you open up the port that is used to make the initial connection.
 

skyking

Lifer
Nov 21, 2001
22,525
5,565
146
You may be able to forward a range just by using this syntax:
2300-2400

Then again, mebbie not. I do not have one of those in front of me to play with.