port forward

[Tooma]

U zadnje vrijeme dosta se cesto pojavljuju pitanja vezana uz podesavanje port forwarding-a kako bi dc++ klijenti mogli radit u aktivnom modu.
Da bi razumjeli sto je opce port forwarding najprije treba znat sto je to NAT (Network Adress Translation).

Kada jedno racunalo izlazi na internet preko modema stvar je jednostavna. Ono od ISP-a dobije IP adresu i preko te mu se adrese moze pristupiti (za ovaj primjer uzmimo da je to 83.131.30.143).
Svaki protokol u aplikacijskom sloju oznacen je portom (16-bitni broj, znaci vrijednost izmedju 0 i 65535). Tako kad na primjer otvorite Internet Explorer on zauzima jedan port, recimo 12345. Tom racunalu web stranice salju se na 83.131.30.143:12345.

Problem nastaje kada je na internet spojena mreza od vise racunala koja na internet izlaze preko jedne tocke (gateway-a). Moramo pronac nacin kako ce taj gateway znat kojem racunalu proslijedit paket podataka. Upravo to radi NAT preko portova.
Recimo da je IP adresa mreze odnosno gateway-a s internet strane opet ona ista 83.131.30.143. Ukoliko sada web server salje stranice na 83.131.30.143:12345, web stranicu dobit ce gateway, a to nema bas previse smisla.

Proc cemo put kako te stranice dodju do racunala:
Recimo da radimo na racunalu cija je adresa u lokalnoj mrezi 192.168.1.5. Na njemu je pokrenut IE koji zauzima port 11223. Ukoliko zatrazimo neku web stranicu adresa posiljatelja bit ce 192.168.1.5:11223. Paket s tom adresom posiljatelja salje se web serveru i na putu prema njemu nailazi na gateway. Gateway u paketu mijenja adresu posiljatelja u 83.131.30.143:12345 (12345 uzima proizvoljno) i pamti da sve sto mu dodje na port 12345 prosljedjuje na 192.168.1.5:11223. Sada kad dobije web stranicu proslijedit ce ja na pravo racunalo na pravi port. To je NAT.
Nadam se da nisam zakomplicira.


Sto je onda port forwarding?
Iz predhodnog primjera vidimo da gateway port prema racunalu u lokalnoj mrezi otvara tek kad ovo racunalo nesto zatrazi. Ukoliko zelimo zapoceti komunikaciju sa suprotne strane moramo gatewayu unaprijed reci da sve sto stigne na port koji mi odaberemo ide na odredjeno racunalo u lokalnoj mrezi.



Na Siemensu se515 port forwarding se namista u Advanced Setup/NAT/Virtual Servers
MAC adresu odredjenog racunala dobijete tako da na njemu pokrenete komandni prompt, ukucate "ipconfig /all" bez navodnika. Mac adresa nalazi se u polju Physical Address.
Na slici je primjer konfiguriranja port forwardinga



Za svako racunalo postupak je potrebno ponoviti dvaput, jednom za TCP, jednom za UDP (Protocol kucica).
Za jedno racunalo dovoljno je otvoriti jedan port (isti za TCP i UDP)
Na kraju dodavanja svakog porta kliknuti "Add to the list", a kad se svi portovi otvore kliknuti "Apply"

http://img68.imageshack.us/img68/8888/pforward29nu.jpg

Sada kada smo konfigurirali router treba podesit dc++ klijent. Ja koristim PeerWeb Dc++ v0.41.
Idemo na File/Settings/Connection settings i podesimo sve kako je na slici (ovdje je primjer za racunalo1).
Svoju IP adresu ne mozete dobiti pritiskom na "Get IP Adress" vec je mozete saznati na www.whatismyip.com. Kako taj postupak ne bi morali stalno ponavljati registrirajte se na www.dyndns.org. Tamo cete dobiti alias za svoju ip adresu tipa nesto.dyndns.org. taj alias ukucate u polje Externel/WAN IP i vise ga nije potrebno mijenjati. Promjenu zapisa na dyndns.org radit ce router, a to podesite u Advanced Setup/NAT/Dynamic DNS.

[Tooma]

Malo san zakomplicira ali sigurno ce neke ljude zanimat kako sve to funkcionira, a ne kako samo to podesit

primjedbe, komentari, nadopune su dobrodosli

[Simba-OS]

Jako si ga zakomplicirao. Došao sam do objašnjavanja NAT-a i nisam imao želuca dalje čitati. E jesi ga umuljao sve i svašta "s brda - s dola". Možda da si krenuo od definicije public i private IP adresa.

Bez uvrede.

[LAcy]

Pa nije komplicirano, bas se covjek potrudio.

[Simba-OS]

Ma svaka čast za trud. Da bih riječ rekao. : goood :
Ali se malo spetljao sa pošaljiteljima, primateljima. Možda bolje da se koriste izrazi lokalno računalo - server - gateway.
Pa onda:
Paket s tom odlaznom adresom salje se web serveru i na putu prema njemu nailazi na gateway. Gateway u paketu mijenja odredisnu adresu u 83.131.30.143:12345

Što je sad tu odlazna, a što odredišna adresa i što tu NAT zapravo mijenja?
NAT zapravo zamijenjuje private IP adresu lokalnog računala (koja je nedostupna za vanjski svijet) za svoju public IP adresu. Tako udaljeno internet računalo "misli" da je zahtjev došao od našeg gateway-a (što zapravo i jest) i nije svjesno postojanja našeg lokalnog računala, te zahtjevu odgovara prema gateway-u. To je što se tiče NAT-a, a zapravo je tema port forewarding.

Ali da bi se objasnio NAT, prvo treba objasniti razliku između private i public IP adresa, zašto postoji ova podjela i čemu to zapravo služi. Netko tko ovo ne zna sve ovo ostalo mu je ko i nuklearna fizika.

Ah da. Još nešto. Ja sam uvijek mislio da http protokol koristi port 80 (443 i 445 za https), a ne 12345 ili koji već.

[Tooma]

najprije web server radi na portu 80 (po defaultu), web browser zauzme drugi port za svaki otvoreni prozor
port forwarding ne mozes kuzit ako ne znas sto je nat

moja greska za odlaznu i odredisnu adresu - radi se o adresi posiljatelja pa cu to prominit, ali ajde daj probaj razumit da je za ovo gore trebalo ipak odvojit nesto vremena kojeg bas nemam, pogotovo ne za pocimanje od public i private adresa i tako dalje

[BrunoZG]

Jos nisam cito al sam si stavio u bookmark, ak zatreba..)

[Simba-OS]

Tooma, nemoj se ljutiti. Nije mi namjera soliti ti pamet. Štoviše, puno je upita o mrežama, umrežavanju, dijeljenju internet konekcije. Tako da je tvoj tutorijal itekako dobrodošao. S moje strane je samo mala sugestija.
Još jednom, svaka čast na trudu.

[immortal]

Pa meni ne izgleda komplicirano, tekst je OK.

[el.diablo]

..naravno da je O.K. svatko tko ima primjedbu na ovo neka sam zasuče rukave i napiše pa ćemo mi drugi z*j*bavat to je najlakše treba se malo potrudit i zato svima koji imaju primjedbe poruka da rađe ne komentiraju jer je ionako malo onih koji su spremni nizašto zasukati rukave da pomognu onima kome je ta pomoć potrebna, pa umjesto da se komentar nastavi, doradi i proširi počele su analize jeli dobar i kako bi trebao izgledati...samo nama svojstveno na balkanu...

[immortal]

Dodatak tekstu; lista portova:
1 tcpmux - TCP Port Service Multiplexer
2 compressnet - Management Utility
3 compressnet - Compression Process
5 rje - Remote Job Entry
7 echo
9 discard
11 systat - Active Users
13 daytime
17 qotd - Quote of the Day
18 msp - Message Send Protocol
19 chargen - Character Generator
20 ftp-data - File Transfer [Default Data]
21 ftp - File Transfer [Control]
23 telnet
24 any private mail system
25 smtp - Simple Mail Transfer
27 nsw-fe - NSW User System FE
29 msg-icp
31 msg-auth - MSG Authentication
33 dsp - Display Support Protocol
35 any private printer server
37 time
38 rap - Route Access Protocol
39 rlp - Resource Location Protocol
41 graphics
42 nameserver - Host Name Server
43 nicname - Who Is
44 mpm-flags - MPM FLAGS Protocol
45 mpm - Message Processing Module [recv]
46 mpm - Message Processing Module [default send]
47 ni-ftp
48 auditd - Digital Audit Daemon
49 login - Login Host Protocol
50 re-mail-ck - Remote Mail Checking Protocol
51 la-maint - IMP Logical Address Maintenance
52 xns-time - XNS Time Protocol
53 domain - Domain Name Server
54 xns-ch - XNS Clearinghouse
55 isi-gl - ISI Graphics Language
56 xns-auth - XNS Authentication
57 any private terminal access
58 xns-mail - XNS Mail
59 any private file service
61 ni-mail
62 acas - ACA Services
64 covia - Communications Integrator (CI)
65 tacacs-ds - TACACS-Database Service
67 bootps - Bootstrap Protocol Server
68 bootpc - Bootstrap Protocol Client
69 tftp - Trivial File Transfer
70 gopher
71 netrjs-1 Remote Job Service
72 netrjs-2 Remote Job Service
73 netrjs-3 Remote Job Service
74 netrjs-4 Remote Job Service
75 any private dial out service
76 deos - Distributed External Object Store
77 any private RJE service
78 vettcp
79 finger
80 www-http - World Wide Web HTTP
81 host2-ns - HOSTS2 Name Server
82 xfer - XFER Utility
83 mit-ml-dev
84 ctf - Common Trace Facility
85 mit-ml-dev
86 mfcobol - Micro Focus Cobol
87 any private terminal link
88 kerberos
89 su-mit-tg - SU/MIT Telnet Gateway
90 dnsix - DNSIX Security Attribute Token Map
91 mit-dov - MIT Dover Spooler
92 npp - Network Printing Protocol
93 dcp - Device Control Protocol
94 objcall - Tivoli Object Dispatcher
95 supdup
96 dixie - DIXIE Protocol Specification
97 swift-rvf - Swift Remote Virtual File Protocol
98 tacnews
99 metagram - Metagram Relay
100 newacct - [unauthorized use]
101 hostname - NIC Host Name Server
102 iso-tsap
103 gppitnp - Genesis Point-To-Point Trans Net
104 acr-nema - ACR-NEMA Digital Imag. & Comm. 300
105 csnet-ns - Mailbox Name Nameserver
106 3com-tsmux
107 rtelnet - Remote Telnet Service
108 snagas - SNA Gateway Access Server
109 pop2 - Post Office Protocol - Version 2
110 pop3 - Post Office Protocol - Version 3
111 sunrpc - SUN Remote Procedure Call
112 mcidas - McIDAS Data Transmission Protocol
113 auth - Authentication Service
114 audionews - Audio News Multicast
115 sftp - Simple File Transfer Protocol
116 ansanotify - ANSA REX Notify
117 uucp-path - UUCP Path Service
118 sqlserv - SQL Services
119 nntp - Network News Transfer Protocol
120 cfdptkt
121 erpc - Encore Expedited Remote Pro.Call
122 smakynet
123 ntp - Network Time Protocol
124 ansatrader - ANSA REX Trader
125 locus-map - Locus PC-Interface Net Map Ser
126 unitary - Unisys Unitary Login
127 locus-con - Locus PC-Interface Conn Server
128 gss-xlicen - GSS X License Verification
129 pwdgen - Password Generator Protocol
130 cisco-fna - cisco FNATIVE
131 cisco-tna - cisco TNATIVE
132 cisco-sys - cisco SYSMAINT
133 statsrv - Statistics Service
135 loc-srv - Location Service
136 profile - PROFILE Naming System
137 netbios-ns - NETBIOS Name Service
138 netbios-dgm - NETBIOS Datagram Service
139 netbios-ssn - NETBIOS Session Service
140 emfis-data - EMFIS Data Service
141 emfis-cntl - EMFIS Control Service
142 bl-idm - Britton-Lee IDM
143 imap2 - Interim Mail Access Protocol v2
144 news
145 uaac
146 iso-tp0
147 iso-ip
148 cronus - CRONUS-SUPPORT
149 aed-512 - AED 512 Emulation Service
150 sql-net
151 hems
152 bftp - Background File Transfer Program
153 sgmp
154 netsc-prod
155 netsc-dev
156 sqlsrv - SQL Service
157 knet-cmp - KNET/VM Command/Message Protocol
158 pcmail-srv - PCMail Server
159 nss-routing
160 sgmp-traps
161 snmp - Simple Network Managment Protocol
162 snmptrap - Simple Network Managment Protocol Trap
163 cmip-man - CMIP/TCP Manager
164 cmip-agent - CMIP/TCP Agent
165 xns-courier - Xerox
166 s-net - Sirius Systems
167 namp
168 rsvd
169 send
170 print-srv - Network PostScript
171 multiplex - Network Innovations Multiplex
172 cl/1 - Network Innocations CL/1
173 xyplex-mux - Xyplex
174 mailq
175 vmnet
176 genrad-mux
177 xdmcp - X Display Manager Control Protocol
178 nextstep - NextStep Window Server
179 bgp - Border Gateway Protocol
180 ris - Intergraph
181 unify
182 audit - Unisys Audit SITP
183 ocbinder
184 ocserver
185 remote-kis
186 kis - KIS Protocol
187 aci - Application Communication Interface
188 mumps - Plus Five's MUMPS
189 qft - Queued File Transport
190 gacp - Gateway Access Protocol
191 prospero - Prospero Directory Service
192 osu-nms - OSU Network Monitoring System
193 srmp - Spider Remote Monitoring Protocol
194 irc - Internet Relay Chat
195 dn6-nlm-aud - DNSIX Network Level Module Audit
196 dn6-nlm-red - DNSIX Session Mgt Module Audit Redir
197 dls - Directory Location Service
198 dls-mon - Directory Location Service Monitor
199 smux
200 src - IBM System Resource Controller
201 at-rtmp - AppleTalk Routing Maintenance
202 at-nbp - AppleTalk Name Binding
203 at-3 - AppleTalk Unused
204 at-echo - AppleTalk Echo
205 at-5 - AppleTalk Unused
206 at-zis - AppleTalk Zone Information
207 at-7 - AppleTalk Unused
208 at-8 - AppleTalk Unused
209 tam - Trivial Mail Authentication Protocol
210 z39.50
211 914c/g - Texas Instruments 914C/G Terminal
212 anet - ATEXSSTR
213 ipx
214 vmpwscs - VM PWSCS
215 softpc - Insignia Solutions
216 atls - Access Technology License Server
217 dbase - dBASE Unix
218 mpp - Netix Message Posting Protocol
219 uarps - Unisys ARPs
220 imap3 - Interactive Mail Access Protocol v3
221 fln-spx - Berkeley rlogind with SPX auth
222 rsh-spx - Berkeley rshd with SPX auth
223 cdc - Certificate Distribution Center
243 sur-meas - Surveet Measurement
245 link
246 dsp3270 - Display Systems Protocol
344 pdap - Prospero Data Access Protocol
345 pawserv - Perf Analysis Workbench
346 zserv - Zebra server
347 fatserv - Fatmen Server
348 csi-sgwp - Cabletron Management Protocol
371 clearcase
372 ulistserv - Unix Listserv
373 legent-1 - Legent Corporation
374 legent-2 - Legent Corporation
375 hassle
376 nip - Amiga Envoy Network Inquiry Proto
377 tnETOS - NEC Corporation
378 dsETOS - NEC Corporation
379 is99c - TIA/EIA/IS-99 modem client
380 is99s - TIA/EIA/IS-99 modem server
381 hp-collector - hp performance data collector
382 hp-managed-node - hp performance data managed node
383 hp-alarm-mgr - hp performance data alarm manager
384 arns - A Remote Network Server System
385 ibm-app - IBM Application
386 asa - ASA Message Router Object Def.
387 aurp - AppleTalk Update-Based Routing Pro.
388 unidata-ldm - Unidata LDM Version 4
389 ldap - Lightweight Directory Acess Protocol
390 uis
391 synotics-relay - SynOptics SNMP Relay Port
392 synotics-broker - SynOptics Port Broker Port
393 dis - Data Interpretation System
394 embl-ndt - EMBL Nucleic Data Transfer
395 NETscout Control Protocol
396 netware-ip - Novell Netware over IP
397 mptn - Multi Protocol Trans. Net.
398 kryptolan
400 work-sol - Worksation Solutions
401 ups - Uninteruptible Power Supply
402 genie - Genie Protocol
403 decap
404 nced
407 timbuktu
408 prm-sm - Prospero Resource Manager Sys. Man.
409 prm-nm - Prospero Resource Manager Node Man.
410 decladebug - DECLadebug Remote Debug Protcol
411 rmt - Remote MT Protocol
412 synoptics-trap - Trap Convetion Port
413 smsp
414 infoseek
415 bnet
416 silverplatter
417 onmux
418 hyper-g
419 ariel1
420 smpte
421 ariel2
422 ariel3
423 opc-job-start - IBM Operations Planning and Control Start
424 opc-job-track - IBM Operations Planning and Control Track
425 icad-el - ICAD
426 smartsdp
427 svrloc - Server Location
428 ocs_cmu
429 ocs_amu
430 utmpsd
431 utmpcd
432 iasd
433 nnsp
434 mobileip-agent
435 mobileip-mn
436 dna-cml
437 comscm
438 dsfgw
439 dasp
440 sgcp
441 decvms-sysmgt
442 cvc_hostd
443 https
444 snpp - Simple Network Paging Protocol
445 microsoft-ds
446 ddm-rdb
447 ddm-dfm
448 ddm-byte
449 as-servermap - AS Server Mapper
450 tserver
497 retrospect - Retrospect Backup software
515 printer - spooler
517 talk
518 ntalk
525 timed - timeserver
526 tempo - newdate
548 AppleShare IP Server
3000 First Class Server
5500 Hotline Server
5501 Hotline Server
8080 http

[Pomo]

Zašto ovo nije stiki?

[alimilano]

....ma ovo je odlično...hvala....i stvarno bi trebao biti sticky.