Port triggering
From Wikipedia, the free encyclopedia
Port triggering is a specialized form of port forwarding in which outbound traffic on predetermined ports ("triggering ports") causes inbound traffic to specific incoming ports to be dynamically forwarded to the initiating host while the outbound ports are in use. This allows computers behind a NAT-enabled router dynamic hosts on a local network to provide services which would normally require a static host (a host with an unchanging network address). Port triggering triggers an open incoming port when a client on the local network makes an outgoing connection to a predetermined port on a server.
Similar to standard port forwarding, it allows a client to connect to a host behind a NAT router. The disadvantage of port forwarding is that it only allows one client on the network to use a particular service that occupies a particular port. Port triggering is unsuitable for having servers behind a NAT router (you want standard port forwarding) because it relies on the computer to make an outgoing connection before it can receive incoming ones.
As an example of how port triggering operates, when connecting to IRC it's relatively typical to authenticate your username with the Ident protocol. An IRC user is referred to in the format nickname!~username@hostname, where the presence of tilde (~) indicates that a username is unverified.
When connecting to IRC the client computer typically makes an outgoing connection on port 6667 (or any port in the range 6660-7000), and then the IRC client program tells the server its nickname and username. The IRC server then attempts to verify the username given by making a new connection back to the client computer on port 113. Typically, when behind a NAT router the router silently drops this connection because it does not know which computer to send requests on port 113.
In the case of port triggering, you tell the router that when you make a connection out on any port 6660-7000 then it should allow connection in to the computer that made the connection out. This gives it more flexibility than static port forwarding because you do not need to set it up for a specific computer on your network.
