[ABC home]    [ABC Archives by Issue]   [ABC Archives by Author]  [Search]  [Privacy]

 

ABC Home Page
ABC Home

 
Advertise in ABC

 

Read
Corey's Archives
Corey's Archives

Online classes
at Eclectic Academy
 Instructor led online courses at Eclectic Academy

PowerPoint to Exe
convert PowerPoint presentations to exes

Lock 'n Hide
Folder Security
Hide files and folders in Windows 9X

 

 

ABC ~ All 'Bout Computers
The Online Web-azine for Computer Enthusiasts
-- brought to you by
Visit Linda's Computer Stop
contents page for this issue

My Newest Book
Excel 2003 Study Guide

published by Wiley
get it at Amazon,
at Barnes & Noble,
or at Borders

 


 Support ABC

Linda's Ebooks
 Ebooks on Access, Excel, Outlook, PowerPoint, Publisher, and Word

Linda's CD
 Order Linda's CD and learn all of the Office programs

The Newbie Club
Learn all about computers the easy way

Online classes
at Eclectic Academy
 Instructor led online courses at Eclectic Academy

FrontLook
Add-ins
& Screen Capture

 
 

Corey's Network Corner
~~Corey Seaton

Advanced NAT Configuration  

The following article contains instructions for advanced NAT configuration using port mapping. Port mapping is required for some specific things, such as client computers receiving files via ICQ. It is not necessary to read any further unless you wish to enhance your network with this kind of functionality. 

What is a port, anyway? 

For 2 computers on the Internet to talk to one another, a connection must first be established. To establish a connection, one computer (the client - NOT the same definition as was used for the local network you've already set up!) sends a message to the other computer (the server), requesting a connection. It's like one computer is making a phone call to the other. Also like a phone call, the initial request for a connection is one-way; but once the connection is established, each computer can send and receive information. 

Now extend the phone call analogy to imagine that instead of 2 people talking on the phone, a person from one large company calls a person from another large company. Each company has heaps of phones, but the caller uses just one of their company's phones to call out, and the person receiving the call uses just one of their company's phones to answer. All of the phones in one company share the first few digits of their phone number, but they each have a different extension. 

In an Internet connection, a similar process occurs. Each computer has many "ports", and when a computer sends a connection request, it sends it from a particular "outgoing" port on that computer (i.e. the client) to a particular "incoming" port on the server. Thus the first part of the "phone number" is equivalent to the IP address of the relevant computer, and the "extension" is equivalent to the port number. 

For example, let's say you surf to www.optushome.com.au, which has an IP address of 203.164.1.237. Your computer (the client) sends a connection request from a particular port on your computer (it doesn't matter which) to 203.164.1.237, port 80. Port 80 is the standard port number used for web browsing. The web-server accepts the connection, and sends you the WebPages. Now you have a connection established with that computer (203.164.1.237) and you can request WebPages, files etc and it can send them to you.  

Your computers can continue to talk until one of the computers closes this connection. Your web browser handles all of this, so you don't need to know what's going on underneath the shiny surface. 

Everything you do on the Internet is based on this simple premise - communication between 2 computers is established after one computer requests a connection from the other. Note that the outgoing port is generally unimportant, whereas the incoming port (which is specified by the computer requesting a connection) is very important; as different services are assigned to different ports (e.g. port 80 for WWW). So the client computer could request a connection on a weird port such as 8754, and the server may accept it; but more likely the server will think "8754? What on earth is that for?" and reject the request. 

Some more examples of connections include: 

  • FTP - Your computer (the client) sends a request from any port to port 21 on the server

  • Sending email - Your computer (the client) sends a request from any port to port 25 on the server (the SMTP server)

  • Receiving email - Your computer (the client) sends a request from any port to port 110 on the server (the POP server)

  • Sharing files with Napster - (1) If you are downloading from another user, your computer is the client. Thus your computer sends a request from any port to port 6699 on the computer with the song you're downloading. This incoming port doesn't need to be 6699; it can be anything, and is specified by the Napster preferences on the other computer. However, 6699 is the default. (2) If, on the other hand, another user wants to download a song from you, their computer sends a request from any port to port 6699 (or whichever you've specified in your Napster preferences) on your computer.

  •  Sharing files with ICQ - This is similar to Napster, but ICQ likes to use multiple ports.

So (1) If you are sending a file to another user, your computer is the client - it sends a request from any port to "a port" on the computer that you're sending the file to. I say "a port" because it depends on the ICQ configuration of the person you're sending the file to; it generally has to be within a range, e.g. between 20000 and 20009. (2) If, on the other hand, another user is sending a file to you, their computer sends a request from any port to "a port" (specified in your ICQ preferences) on your computer.  

Did you get all that? :-) You may need to read over it a couple of times to understand exactly what I mean. Anyway, the important thing is this - any computer in your network that is receiving its internet connection via NAT (basically your client computers, and I'm going back to the definition of client that we were using in the rest of the guide) can send connection requests, but can not receive them.

The ramifications of this are easy to determine if you look at the above examples of connections. WWW, FTP, sending email and receiving email work fine, as do downloading in Napster and sending files in ICQ. However, allowing others to download from you in Napster, and receiving files in ICQ, require that your computer can receive a connection request. Thus, none of your client computers can upload in Napster or receive files in ICQ. 

Port Mapping 

Port mapping is a feature of a NAT program that gets around this problem. Normally, any incoming connection requests go straight to the server computer. The server computer has no way of knowing which computer on the home network the connection request was intended for, so by default it takes all such requests. Port mapping is a process whereby you can tell the server computer "please forward any requests for a connection on port x to computer 192.168.0.y". 

For example, let's say you had a client computer, 192.168.0.2, running Napster; and that you wanted people to be able to download your shared songs. Let's say Napster was configured to accept connections on port 6699, the default. You could configure your server to allow this by saying "please forward any requests for a connection on port 6699 to computer 192.168.0.2". If you had another computer, 192.168.0.3, also running Napster, you could configure its version of Napster to accept connections on port 6700. Then you could configure the server to "please forward any requests for a connection on port 6700 to computer 192.168.0.3". 

Port mapping thus allows your client computers to accept connections from other computers on the Internet, which they would have been otherwise unable to do. The most common applications of this are Napster and ICQ, but it is equally applicable to any program that needs the computer to accept connections. 

Mapping Ports on the Server 

For each NAT routing program I'll show you how to set up port mapping by way of 2 examples - Napster (a program that requires a single port) and ICQ (requiring multiple ports). 

Windows 2000/XP Internet Connection Sharing  

To map ports in Windows 2000/XP ICS, open your "Network and Dial-up connections" Control Panel. Right-click on the network card that's connected to the Internet and choose "Properties". Click on the "Sharing" tab. Click on "Settings". Click on the "Services" tab. Here you can add port mappings. 

The first example is Napster - let's say you want the computer 192.168.0.2 to receive connections on port 6699 so that it can share files. You would click "Add...” Call this port map "Napster6699", choose service port number 6699, TCP, and enter 192.168.0.2 as the IP address. Click "OK" to add this port mapping to Windows ICS. If you wanted 192.168.0.3 to receive Napster connections as well, you could do the same thing but with port 7000, and so on.

Now for ICQ. Later you'll need to configure the ICQ program on the client computer and tell it exactly which ports it should use to accept connections. I recommend using ports 20000-20009 for the first computer running ICQ, 20010-20019 for the second one and so on. Thus, to enable ICQ to receive files on the computer 192.168.0.2, add port maps for ports 20000-20009. Click "Add...” Call this port map "ICQ20000", choose service port number 20000, TCP, and enter 192.168.0.2 as the IP address.

Now do the same for ports 20001 to 20009.

You now know how to add port mappings for applications that need to accept connections on 1, or multiple, ports. You should now be able to add port mappings for any other applications that need to accept connections. Good luck! 

However, these port mappings won't work unless the relevant applications on the client computer/s are set up properly. 

Configuring server programs on the client 

Napster and like programs 

The default port for Napster to accept connections on is 6699. It's fine to leave it as 6699 for the first computer running Napster, but for each subsequent computer you should add 1 to the port number. To tell Napster which port to accept connections on, open the File menu and choose "Preferences..." Click on the "Transfer" tab. The bit you're interested in is "Share files with Napster users on TCP port".

ICQ 

Open ICQ on the client computer. Click on the "ICQ" button and choose "Preferences". Open the "Connections" section. Tell ICQ that you have a permanent connection, and to determine your IP address automatically.

Now click on the "Server" tab and tell ICQ that you're using a firewall, but not using a proxy.

You shouldn't need to change anything in the "Firewall" tab.

Now, finally, you get to tell ICQ which port numbers to accept connections on. Click on the "User" tab and choose "Not using Proxy", click "Use the following TCP listen port for incoming event", and enter a port range. ICQ needs to be able to accept connections on several ports to work properly; I recommend using ports 20000-20009 for the first client, 20010-20019 for the second client and so on.

Other Applications That Need To Accept Connections 

As you can see, the exact configuration of each program is different, but the general principles are the same. For each program on each client computer, you need to (1) configure the server computer to map a port or port range to that client computer, and (2) configure the program on the client computer to accept connections on that port or port range.

Corey Seaton is a Systems Support Officer with Queensland Health.  He also moderates an email group on Home Networking. Why don't you join and talk to others who are networking their home PCs?  Networking Help 

Privacy Policy, Disclaimer, and Legal Stuff

Pay Per Click Ads by Pay Per Click Advertising by Kontera

This page was last updated on Tuesday, September 23, 2008 . copyright © 2000 - 2008, Linda F. Johnson, Linda's Computer Stop, ABC ~ All 'Bout Computers. All rights reserved.