Is it possible to open 2 ports on the same network?
Goto page 1, 2  Next  :||:
Networking/Security Forums -> Networking

Author: Nstal PostPosted: Mon Jan 02, 2006 11:08 pm    Post subject: Is it possible to open 2 ports on the same network?
    ----
If i have two computer on a single router is it possible for them to both have the same port open? For example, let's say i have port 80 open on 192.168.1.100 and i also have it open on 192.168.1.101. Lets say my IP adress to the internet is 67.44.33.22.
Is it possible for an outside computer to be able to distinguish between the two? Or once a port is open on one of my pc's on the network is it impossible to open that port on another computer running on the same network? Thanks

Author: ZapotekLocation: Hellas PostPosted: Mon Jan 02, 2006 11:23 pm    Post subject:
    ----
It is possible.
You just have to set in your NAPT config that the requests for port 80 will be redirected to the PC that you want to be accessible from the net. Smile

Author: RFmax PostPosted: Mon Jan 02, 2006 11:36 pm    Post subject:
    ----
If you are referring to port forwarding then most SOHO routers will only allow one downstream computer to be associated with the public IP addr and port. More sophisticated routers will have a fail over function.

But if you think about what you are asking logically, it would not make sense to have two internal computers receiving port forwarded traffic based on the same port.

Author: ZapotekLocation: Hellas PostPosted: Mon Jan 02, 2006 11:43 pm    Post subject:
    ----
Well, he may want to use one of them as a devel server and the other one as a public server...

The process is very simple through NAPT configuration, really...

Author: RFmax PostPosted: Mon Jan 02, 2006 11:48 pm    Post subject:
    ----
I am not familiar with what you are referring to, could you please explain it. I would appreciate it very much.

Author: ZapotekLocation: Hellas PostPosted: Tue Jan 03, 2006 12:01 am    Post subject:
    ----
Multiple sites are hosted in the same IP address using Virtual Hosts, in Apache at least.

As for NAPT I could start talking but these guys are much better:
http://en.wikipedia.org/wiki/NAPT

Author: zeedoLocation: Scotland PostPosted: Tue Jan 03, 2006 12:31 am    Post subject:
    ----
Zapotek wrote:

Multiple sites are hosted in the same IP address using Virtual Hosts, in Apache at least.


This has nothing to do with NAT, routing or the posters question.


Network Address Translation doesn't help much here either. As with most of these NAT routers you have one IP address with multiple hosts behind it. There is no way for this implementation to allow two unique end points behind the NAT'd IP with the same ports. For this you have to use a router that is not NAT based or use differing ports externally.

You can do
80 on NAT device to 80 on end point2
81 on NAT device to 80 on end point1

You can't do
80 on NAT device to 80 on end point1
80 on NAT device to 80 on end point2

Without differentiating between source addresses, which means some sources can only connect to one end point and some to another. You can't have a single source point access two distinct end points behind a single NAT end point.

The users options are to use differing ports on the NAT device redirecting the end points on the boxes or use unique, public IP's for each interface with a non-NAT router in place.

Author: ZapotekLocation: Hellas PostPosted: Tue Jan 03, 2006 12:38 am    Post subject:
    ----
I know that
Quote:
Multiple sites are hosted in the same IP address using Virtual Hosts, in Apache at least.

has nothing to do with what Nstal asked...
I was replying to jkleinhans...

I think we are a bit confused here...
And I also think I gave a solution to Nstal...
So I'm done here. Smile

Cheers.

Just to st8en things up.

Quote:
Is it possible for an outside computer to be able to distinguish between the two?

No but you can set it up in a way that the requests will go to the server you want, and guess how you can do that.
With NAPT! Razz

Author: larsmhansenLocation: Boston, MA, USA PostPosted: Tue Jan 03, 2006 12:57 am    Post subject:
    ----
No, you can not forward traffic to two internal hosts using the same external IP address and port number, at least not the cheaper home-market routers.

Usually, to do something like this, one would need two external IP address and do a 1-to-1 NAT setup (one external IP address maps to one internal address), then you can forward port 80 for each address.

Or, you can use an alternate port for the second web server, either 81 or 88 are common choices.

Author: zeedoLocation: Scotland PostPosted: Tue Jan 03, 2006 12:57 am    Post subject:
    ----
Zapotek wrote:

And I also think I gave a solution to Nstal...


I don't beleive you did, this is a limitation of NAT which has been widely discussed and is entirely correct. It cannot be done with standard NAT or "NAPT" techniques.

I refer you to some discussion of the IETF and some Internet drafts on the usage and limitations to NAT.

http://www3.ietf.org/proceedings/98dec/43rd-ietf-98dec-128.html
http://www3.ietf.org/proceedings/98dec/I-D/draft-ietf-nat-hnat-00.txt
http://www3.ietf.org/proceedings/98dec/I-D/draft-ietf-nat-protocol-issues-01.txt

Also basic TCP/IP says that if my packet has the following information.

Source port 1234
Source IP Address 10.0.0.2
Destination Port 80
Destination 10.0.0.1

I can decide to perform network address translation and forward it to 10.1.0.1 port 80 if I configure my NAT implementation such. However if an identical packet arrives I cannot then determine that this should go to IP address 10.1,0.2 without further changes or flags in the packet, outside of the packets routing information. At present there is no RFC or internet draft addressing such an issue as the solution is to use unique public address to determine an end point.

In short, in order to differentiate end points on a NAT based network we generally need at least one unique IP based identifier, per service. This would require the client, NAT router and server to be configured specifically in order to honour this. At present there is no standard way of accomplishing this employed by the common operatings systems on clients, servers or the NAT routers.

Whilst this is theoretically possible the reason it hasn't been done is that it requires widespread deviation of the RFC's and it's not an elegant enough solution to require an updated, modified or new RFC.

Author: ZapotekLocation: Hellas PostPosted: Tue Jan 03, 2006 1:06 am    Post subject:
    ----
You missunderstood me...
Quote:
can decide to perform network address translation and forward it to 10.1.0.1 port 80 if I configure my NAT implementation such. However if an identical packet arrives I cannot then determine that this should go to IP address 10.1,0.2 without further changes or flags in the packet, outside of the packets routing information. At present there is no RFC or internet draft addressing such an issue as the solution is to use unique public address to determine an end point.

I agree with you and that's what I'm saying...
I never said that you can distinguish 2 same packets and then redirect them to different servers...

I'm just saying that he can forward all the packets with dest port 80 to the machine of his choice... Very Happy

Author: zeedoLocation: Scotland PostPosted: Tue Jan 03, 2006 1:11 am    Post subject:
    ----
Zapotek wrote:

I'm just saying that he can forward all the packets with dest port 80 to the machine of his choice...


He is well aware of that, the question was can he differentiate between the two..

NStal wrote:

For example, let's say i have port 80 open on 192.168.1.100 and i also have it open on 192.168.1.101. Lets say my IP adress to the internet is 67.44.33.22.
Is it possible for an outside computer to be able to distinguish between the two?


to which you replied...

Zapotek wrote:

It is possible.
You just have to set in your NAPT config that the requests for port 80 will be redirected to the PC that you want to be accessible from the net.

(The emphasis of both quotes containing the word "possible" added by me)


He asks if it is possible to which you reply that it is and you cite NAPT as the solution. which I later point out is not the solution without using unique end points on the NAT router. A point you may have been aware of but didn't convey to the original poster and therefore this required clarification.


Last edited by zeedo on Tue Jan 03, 2006 1:20 am; edited 1 time in total

Author: ZapotekLocation: Hellas PostPosted: Tue Jan 03, 2006 1:15 am    Post subject:
    ----
OK then, it's my bad.
Sorry... Embarassed

Author: capiLocation: Portugal PostPosted: Tue Jan 03, 2006 2:14 am    Post subject:
    ----
Ok friends, shall we go back to trying to help the original poster? Smile

Author: ZapotekLocation: Hellas PostPosted: Tue Jan 03, 2006 6:27 am    Post subject:
    ----
You just wrote that?
That's like a paper, I'd create a whole new thread with that in it if I were you...
Nice job, nice nerves... Very Happy

Author: ryansuttonLocation: San Francisco, California PostPosted: Tue Jan 03, 2006 6:32 am    Post subject:
    ----
Zapotek wrote:
You just wrote that?


That's what I was wondering, great work Meds



Networking/Security Forums -> Networking


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Goto page 1, 2  Next  :||:
Page 1 of 2

Powered by phpBB 2.0.x © 2001 phpBB Group