词条 | Port triggering |
释义 |
DescriptionWhen two networks communicate through a NAT-router, the host machines on the internal network behave as if they have the IP address of the NAT-router from the perspective of the host machines on the external network. Without any traffic forwarding rules, it is impossible for a host machine on an external network (host B) to open a connection to a host machine in the internal network (host A). This is because the connection can only be targeted to the IP of the NAT-router, since the internal network is hidden behind NAT. With port triggering, when some host A opens a connection to a host B using a predefined port or ports, then all incoming traffic that the router receives on some predefined port or ports is forwarded to host A. This is the 'triggering' event for the forwarding rule. The forwarding rule is disabled after a period of inactivity.[2] Port triggering is useful for network applications where the client and server roles must be switched for certain tasks, such as authentication for IRC chat and file downloading for FTP file sharing. ExampleAs an example of how port triggering operates, when connecting to IRC (Internet Relay Chat), it's common to authenticate a username with the Ident protocol via port 113. When connecting to IRC, the client computer typically makes an outgoing connection on port 6667 (or any port in the range 6660-7000), causing the IRC server to attempt to verify the username given by making a new connection back to the client computer on port 113. When the computer is behind a NAT, the NAT silently drops this connection because it does not know to which computer behind the NAT it should send the request to connect. These two transport-level connections are necessary for the application-level connection to the IRC server to succeed (see Internet protocol suite). Since the second TCP/IP connection is not possible, the attempted connection to the IRC server will fail. In the case of port triggering, the router is configured so that when an outbound connection is established on any port from 6660 to 7000, it should allow inbound connections to that particular computer on port 113. This gives it more flexibility than static port forwarding because it is not necessary to set it up for a specific address on your network, allowing multiple clients to connect to IRC servers through the NAT-router. Security is also gained, in the sense that the inbound port is not left open when not actively in use. DisadvantagesPort triggering has the disadvantage that it binds the triggered port to a single client at a time. As long as the port is bound to that particular client, port triggering is effectively unavailable to all other clients. In FTP file sharing for example, this means that no two clients can download files from an FTP server running on "active mode" simultaneously. For IRC, even though the authentication step happens very quickly, the port triggering timeout may still prevent other clients from logging into IRC servers. Port triggering is unsuitable for servers behind a NAT router because it relies on the local computer to make an outgoing connection before it can receive incoming ones. On some routers it is possible to have more than one client use port triggering and port forwarding, but not simultaneously. {{clarify|date=October 2015}}See also
References1. ^{{cite web|url=https://www.webopedia.com/TERM/P/port_triggering.html|title=Port Triggering|website=www.webopedia.com}} {{DEFAULTSORT:Port Triggering}}2. ^1 {{cite web|url=https://sbkb.cisco.com/CiscoSB/GetArticle.aspx?docid=43a6b23d2caa4e7fae1b08a2a83253bf_Port_Triggering.xml&pid=2&converted=0|title=Port Triggering on Routers|website=sbkb.cisco.com}} 3. ^{{cite web|url=https://www.linksys.com/us/support-article?articleNum=132863|title=Difference between Port Forwarding and Port Triggering|website=www.linksys.com}} 2 : Routing|Computer network security |
随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。