How does port triggering work?

Discussion in 'Network Routers' started by mike, Feb 26, 2010.

  1. mike

    mike Guest

    I'm using a voip application (cqphone) that requires me to forward ports.
    Port forwarding works, but only for one computer. I'd like to use that
    application on multiple wireless computers, but only one at a time.
    The router is a Westell 327W.
    If I set port triggering, the first use of cqphone on one computer works.
    But if I turn off the application on one computer and on on the second
    machine, the ports do not get forwarded. Resetting the router
    lets me use the program from any one computer.
    I expected the ports to get re-forwarded when the application
    addresses the trigger port from a different computer. This does not
    appear to be the case.

    How do I get the ports un-triggered or re-triggered or whatever
    it takes to make the applications work on any single computer?
    Resetting the router is not an option.

    Thanks, mike
     
    mike, Feb 26, 2010
    #1
    1. Advertisements

  2. mike

    Char Jackson Guest

    To my knowledge, your behavioral description is exactly what I would
    expect. When you manually forward ports, you have to select *one* LAN
    IP address as the destination. Likewise, when you use port triggering,
    which I think of as 'auto port forwarding', the first LAN IP to
    trigger the forwarding will be recognized as the destination IP. I
    have never seen a feature where a second LAN IP can take over as the
    destination IP.

    I'll watch this thread to see if I'm missing anything. Hopefully I'm
    completely wrong.

    Alternatively, a quick google search reveals that port forwarding
    generally isn't necessary for the cqphone and its related video app.
    Apparently your case is one of the exceptions, unfortunately. I assume
    you've tried it without any forwarding at all and it didn't work.
     
    Char Jackson, Feb 26, 2010
    #2
    1. Advertisements

  3. mike

    mike Guest

    Depends on what you mean by "take over". If the first computer is no longer
    using the port, why shouldn't the second one be able to trigger it?
    Yes, it would cause conflicts if you tried to use both at the same
    time, but I'm not. Having to reset the modem to get the port back
    seems like the wrong thing to do.
    That's odd. What I've read says you need to forward 24960-24962.
    If I don't, it don't work, and neither does it work for anybody I talk with.

    If you plug your computer directly into a modem without a router, you
    don't have anything to forward and it should work fine. That should
    work for anybody on dialup or the stock router-less modem you get with DSL.ON a related topic, what's UPNP?
    I managed to get skype to work on different machines without explicit
    port forwarding by turning on
    upnp, but that didn't help cqphone.
     
    mike, Feb 27, 2010
    #3
  4. mike

    Char Jackson Guest

    I suspect the problem is that there may not be a mechanism in your
    router for releasing the current forwarding rule, and it likely can't
    be retriggered until it has been released.

    I think you need something like this, although this exact solution
    likely won't work with your hardware:
    http://pages.cs.wisc.edu/~sschang/firewall/dpf/basic.htm
    Also click the next page, "How DPF Works".
    Thanks for confirming that you're one of the exceptions that requires
    port forwarding. Bummer.
    This is a stretch, but if by chance your ISP allows you to use
    multiple IP's, then you could connect each PC directly (via a switch)
    to the DSL modem. That would solve the cqphone issue, but you'd have
    to rebuild the LAN, for example by adding a second NIC to each PC.
    That's not very elegant.
    http://en.wikipedia.org/wiki/Upnp
    It looks like UPNP has some of what you're looking for, but I think it
    has to be explicitly supported in order to work. Not sure...
     
    Char Jackson, Feb 27, 2010
    #4
  5. This may or may not be of help but two things come to mind with regards to
    your problem.

    1. Is your router using the latest version of it's operating software?
    Possibly a software upgrade might alleviate your problem.

    2. From reading the CQPhone web site "Problems" sectopm. they state "Tests
    with popular home type routers (LinkSys, Netgear, Belkin) show there is no
    need to configure ports for these routers." With that in mind, you might
    want to try placing your Westel in it's "Bridging" mode (basically turning
    off all of it's router and PPPo? functions) and adding an external router,
    like a Linksys, in series with the Westel. The external router would be
    configured to provide the PPPoE or A data to the ISP and you would then use
    the router functions of the Linksys to run your network. Check your Westel
    router prior to acquiring an external router to make sure your link is using
    PPPoE or PPPoA as not all routers support both options. Qwest in my local
    area has people on both PPPoE and PPPoA with them migrating over to PPPoE
    when Qwest forces a software upgrade into the router they own or replaces a
    bad box. It sure surprised me when I replaced a bad box that had been using
    PPPoA and the new one came up as PPPoE and actually worked.

    True you have to get your hands on a compatible box to test with but they
    can be purchased new on TigerDirect or Newegg for around $15. or less so if
    you choose eBay don't pay too much for a used one. Small used computer
    shops have been known to acquire them from time to time and sell them at
    give-a-way prices. Just be sure to plug it in at their place in case they
    have the wrong power transformer. (quite common on used equipment that use
    transformers)

    If your ISP is like mine they most likely not support your use of bridging
    but they won't actively stop you either. It adds another layer of confusion
    (your external router) that they have not scripted into the troubleshooting
    manual they provide to the foreign nationals at the help desk.
     
    GlowingBlueMist, Feb 27, 2010
    #5
  6. GlowingBlueMist wrote:
    << snip >>
    Ok for those who are unable to translate, the misspelled word "sectopm"
    should have read "section" in the following section.

    2. From reading the CQPhone web site "Problems" sectopm. they state "Tests
    with popular home type routers (LinkSys, Netgear, Belkin) show there is no
    need to configure ports for these routers."

    << snip >>
     
    GlowingBlueMist, Feb 27, 2010
    #6
  7. mike

    mike Guest

    I ran this configuration initially. I can't remember what I didn't like
    about it, but I went back to the 327W.

    I currently have a D-link DI-624 on a separate subnet with it's wan port
    plugged into the westel. The D-link wireless port is unsecured for
    testing and
    allows me to surf the web with some isolation from my primary secured
    subnet. Comes in handy for old PDA's that don't support WPA. I don't
    expect the subnet isolation is very secure, but I only power it up when
    I need it.

    I tried to access cqphone thru the second router without port forwarding.
    It didn't work. I don't understand
    how the double NAT process works to know if I should expect it to work
    at all.
    Check your Westel
    Years ago, when I first signed up with Verizon DSL, I had a lot of
    hassle with PPPoE and passwords and such. Now, I just plug in the phone
    line, wait for it to figure out that it has a new modem then it just works.
    I have half a dozen routers. I don't remember any of them working with
    cqphone
    without port forwarding, but it's been a long time...
    The person I talk with most on cqphone is adamant that he never needed to
    forward ports. Every time he calls me up and says it quit working,
    we go in and forward the ports to make it work again.

    I don't understand how we could expect it to work without port forwarding.
    For outgoing calls, the computer sends data to the router. The router
    has only one place to send it, out the modem. That works.
    But for incoming calls, the incoming data sees several computers. Without
    forwarding, how does the router know which computer to ring?
     
    mike, Feb 27, 2010
    #7
  8. I'm sure others will tell you if I'm wrong (and I admit to being long
    winded) but here is my take on your problem.

    Since your DSL ISP actively tries to sell VOIP service, I don't expect them
    to admit a problem exists with their router or assist you in fixing this
    problem. I would not put it past some ISP's to actually cripple the
    software in the routers just to cause users to give up on a freeware or 3rd
    party VOIP application., especially after trying to fight your way through
    their first 3 levels of tech support hell.

    For most personal routers, the 4 or so physical ports , and wireless if it
    exists, are nothing more than a (dumb) bridge wired directly to the built in
    one port router or DSL modem/router. Inbound data from the router is copied
    to all 4 ports via the bridge. Only the PC that is looking for the inbound
    data in question is expected to respond. Your CQPhone application is
    listening to port 24960 for inbound calls. When the program hears the
    inbound "call" it then goes through the necessary procedures to verify the
    inbound call. Then the program starts to use 46960-25962 according to the
    call requirements.

    True industrial routers don't use a bridge but have actual individual
    Ethernet ports so that data can be routed directly to them using complicated
    port and route tables. Some built in firewalls figure that if an IP device
    starts using specific ports that those ports will continue to be used by
    that IP. Hence they work for the first call but then will not allow a
    second computer to later accept or properly make a call. Power cycling that
    kind of router clears the stored routing and port assignments and again
    allows the "first" PC that makes a connection to "own" the ports it uses. I
    suspect your Westel software has this type of firewall.

    One thing that can confuse things is if you have the CQPhone program
    actually running on more than one computer at a time with this type of
    router. The programs all hear the inbound call and all try to answer. The
    problem is only the first that makes it to through the router stakes it's
    claim on the needed outbound ports, which the router's firewall then later
    refuses to properly release.

    Other routers take a more caviler approach to individual port usage. They
    allow one computer (IP) to make use of a port or group of ports but when the
    computer drops the call it releases them for use by the next, or same,
    computer for the next call. That is why some small routers work just fine
    while others need to be power cycled.

    Since your Westel is already refusing to allow ports to be dynamically be
    reassigned after use by another computer (IP address) adding a second router
    behind it while the internal firewall is still active does nothing to "fix"
    the problem. In fact it makes it impossible to determine if the second
    router also has the same kind of internal firewall.

    After switching the Westel to bridging mode (turning off the built in
    firewall among other things) or replacing it with another DSL modem/router
    that has the more user friendly firewall will you be able to accept or make
    individual outbound calls on more than one computer with out the reboot
    issue. As for which router models have firewalls that actually release
    ports after use is anyone's guess. I'd go on the CQPhone forums and ask
    other users which exact model router (and software release) they are using
    that is allowing consecutive calls be made on individual PC's of attached to
    the router. Note I said consecutive and not simultaneous. With out an
    actual industrial style router with true individual Ethernet ports (and
    increased complexity of configuration) you only have one set of ports for
    use at a time regardless of the IP address on the PC handling the call. It
    would be up to the application program to determine the ports were already
    in use and to switch to alternate ports, which CQPhone appears not to be
    setup to do.

    I've gone through similar witch hunts on other routers trying to clear
    problems for the users that I used to support. Most times it was an actual
    PC firewall problem but I did run into a few that were router specific. An
    example is the VOIP company called NetTalk. On their forums they actually
    have a list of routers that work rather than (block) their device so people
    can locate one that will work properly. Their main competitor tries to hide
    that kind of problem making it difficult to troubleshoot.
    http://forum.nettalk.com/viewtopic.php?f=8&t=169. Information of this kind
    really helps when trying to get a customer's device to work if there are
    problems with the installation.
     
    GlowingBlueMist, Feb 27, 2010
    #8
  9. mike

    mike Guest

    I was hoping there was a standard that determined how this works.
    Silly me...

    I'd go on the CQPhone forums and ask
    The Westell 327W has one feature that I really like. It allows me to
    forward
    a port to a hostname. I have one main computer plus a dozen or so
    others for special purposes that are mostly off. Most of those have
    swappable hard drives.
    Forwarding to a hostname greatly simplifies talking to those machines,
    independently of which wireless card or disk is currently installed.

    I tried to configure the firewall on the westell.
    The syntax/semantics of the rules were confusing enough, but there
    are complex interactions between the rules that appear to be
    largely undocumented. And there doesn't appear to be any way to
    tell if the router blocked something without logging into the router and
    examining
    logs.

    I gave up and turned it off. Comodo firewall on the computer lets me make
    decisions on the fly and make them temporary or permanent. I just have
    to have faith it's doing what I expect.

    Thanks for the inputs. Looks like the effort to make it better is gonna
    be much greater than the benefit.

    mikr
     
    mike, Feb 27, 2010
    #9
  10. One last thought is to assign your second router a fixed IP on it's WAN side
    above the DHCP settings of your Westel and then tell the Westel to put the
    second router's IP address into the DMZ as if it was a computer server. Let
    the second router do it's NAT, DHCP and what knot. With luck it's port
    handling and firewall is more friendly to devices attached to it. Having it
    as a DMZ device should eliminate the Westel as the port handling boss of the
    devices attached to the second router. Not sure if this would hurt your
    hostname use of the Westel as you have it configured.

    Oh well, another day and other problem... Good luck.
     
    GlowingBlueMist, Feb 27, 2010
    #10
  11. mike

    mike Guest

    I think I did that once, but I didn't like the fact that the unsecured
    subnet
    was the same as my (formerly) secure subnet. I messed around with
    subnet masks. I could
    make the other subnet invisible, but IRRC, I could still access the other
    subnet.
    Using a different IP address range seems to have fixed that issue.
    But I don't think the router will let me DMZ to a different IP
    address range???
    I'll have to try it again.
    Thanks, mike

    Let
     
    mike, Feb 27, 2010
    #11
  12. mike

    Char Jackson Guest

    What GlowingBlueMist is suggesting won't have any effect on your
    subnets. You can, and certainly should, continue to use different
    subnets on the two sides of the second router.
    The Westell router, (if it has the DMZ capability at all, I didn't
    check), will allow you to set any valid LAN IP as the DMZ IP. You
    can't specify an invalid IP as the DMZ IP because, well, it would be
    invalid! I doubt that the Westell GUI will allow you to set an invalid
    DMZ IP, but if they do, it will be the same as setting no DMZ IP at
    all.
     
    Char Jackson, Feb 28, 2010
    #12
  13. mike

    Char Jackson Guest

    Since you dared...:)
    That sounds plausible, unfortunately.
    Actually, the 4-port NAT routers that I'm familiar with contain a
    single 5-port switch. Using VLAN tags internally, the WAN port is on
    one VLAN while the 4 LAN ports are on a different VLAN. Since there is
    indeed a switch involved, I can't think of a scenario where a data
    packet arriving on the WAN interface would be copied to all 4 LAN
    ports. Instead, if the router's routing table has no entry in its
    routing table matching that packet's tuple, it will simply discard the
    packet. And if it does have a matching entry in the routing table, it
    will forward the packet to the single node listed in the table.
    If it's running on multiple computers on the LAN, only one (or none)
    of the computers will see the incoming call, depending on how the port
    forwarding is set up. I can't think of a scenario where more than one
    computer would see the incoming call, assuming a switched network
    rather than a hub, but these days hubs are rare.
    I believe your references to "industrial" versus non-industrial are
    really references to NAT routers versus non-NAT. It's a moot point,
    however, since it's quite unlikely that the OP is able to turn off NAT
    and acquire a routed IP for each computer. If he could, though, his
    CQPhone problems would be completely solved, including the ability to
    make multiple simultaneous calls.
     
    Char Jackson, Feb 28, 2010
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.