Port Triggering

Port triggering can be used for dynamic port forwarding configuration. By setting port triggering rules, you can allow inbound traffic to arrive at a specific LAN host, using ports different than those used for the outbound traffic. This is called port triggering since the outbound traffic triggers to which ports inbound traffic is directed.

For example, consider a gaming server that is accessed using UDP protocol on port 2222. The gaming server responds by connecting the user using UDP on port 3333 when starting gaming sessions. In such a case you must use port triggering, since this scenario conflicts with the following default firewall settings:

• The firewall blocks inbound traffic by default.
• The server replies to OpenRG's IP, and the connection is not sent back to your host, since it is not part of a session.

In order to solve this you need to define a Port Triggering entry, which allows inbound traffic on UDP port 3333, only after a LAN host generated traffic to UDP port 2222. This will result in accepting the inbound traffic from the gaming server, and sending it back to the LAN Host which originated the outgoing traffic to UDP port 2222.

Select the 'Port Triggering' tab in the 'Security' management screen. The 'Port Triggering' screen will appear (see figure 6.18). This screen will list all of the port triggering entries.

Figure 6.18: Port Triggering

Let's add an entry for the gaming example above:

1. Click the 'Add' link to add an entry. The 'Edit Service' screen will appear (see figure 6.19).

   Figure 6.19: Adding Port Triggering Rules

   

2. Enter a name for the service (e.g. "game_server"), and click the 'New Trigger Ports' link. The 'Edit Service Server Ports' screen will appear (see figure 6.20).

   Figure 6.20: Edit Service Server Ports

   

3. In the Protocol combo-box, select UDP. The screen will refresh, providing source and destination port options (see figure 6.21).

4. Leave the Source Ports combo-box at its default "Any". In the Destination Ports combo-box, select "Single". The screen will refresh again, providing an additional field in which you should enter "2222" as the destination port.

   Figure 6.21: Edit Service Server Ports

   

5. Click 'OK' to save the settings.

6. Back in the 'Edit Service' screen, click the 'New Opened Ports' link. The 'Edit Service Opened Ports' screen will appear (see figure 6.22).

   Figure 6.22: Edit Service Opened Ports

   

7. Similar to the trigger ports screen, select UDP as the protocol, leave the source port at "Any", and enter a 3333 as the single destination port (see figure 6.23).

   Figure 6.23: Edit Service Opened Ports

   

8. Click 'OK' to save the settings.The 'Edit Service' screen will present your entered information. Click 'OK' again to save the port triggering rule. The 'Port Triggering' screen will now include the new port triggering entry (see figure 6.24).

   Figure 6.24: New Port Triggering Rule

   

You can disable a port triggering rule without having to remove it from the 'Port Triggering' screen.

• To temporarily disable a rule, clear the check box next to the service name.
• To reinstate it at a later time, simply reselect the check box.
• To remove a rule, click the Remove action icon for the service. The service will be permanently removed.

There may be a few default port triggering rules listed when you first access the port triggering screen. Please note that disabling these rules may result in impaired gateway functionality.