How long do triggered ports stay open? Can we control this?

[Deleted member 27741]

Hello, I have been enjoying using port triggering on my N66U. I was wondering how port triggers work.

Do they stay open for a specific (set) amount of time?

Is the length of time they stay open affected by activity on the port?

Can variables like these be changed, and if so, how?

 

[Deleted member 27741]

For anyone that is interested it looks like port forwards will stay open for 10 minutes of inactivity. Activity on the port will reset the 10 minute window. I have found no way to adjust the inactivity window yet.

 

[john9527]

As far as I can tell, triggered forwards are dynamic using the iptables TRIGGER chain and there is no time constant associated with them. But I'm definitely not an iptables expert.

How are you measuring the 10 minute window?

 

[Deleted member 27741]

I measure the window something like this. Confirm port is closed. Open port trigger with psping and connect to remote computer with vncviewer (confirming port is indeed open). Vncviewer stops working after 10 minutes of inactivity (usually crashes which is a pain). Check port again, port is closed.

p.s.- I also interpret the triggered ports as you do, which is why I am wondering about this 10 minute window I am seeing. Where is it coming from?!

 

[john9527]

My first guess would be a this is expected if the tool stops after 10 min (the crash is another question)....

How does the tool know a port is open without accessing it? In which case it would be triggered and opened again. Maybe I'm missing something as I'm not familiar with vncviewer.

 

[Deleted member 27741]

I don't think it is the program.

I have a remote computer which is making a reverse connection to my computer. The vncviewer listens on the port (as set and previously opened with psping by me) and a connection is made when the remote computer reverse connection connects.

Hmmm... I will have to delve deeper with a program that we are both sure about.

 

[john9527]

It just seems that this would be difficult to measure with any program....to see if a port is open I don't see how you would do it without accessing it. Access = trigger.....wash, rinse, repeat

 

[Deleted member 27741]

Indeed! This is why I am trying to figure it out.

If the port is triggered, a program must be listening for a port checker to list the port as open (I think this may be port 101 but just triggering the port isn't enough for a web port checker to realize it is open).

My current testing says that the port closes after 10 minutes regardless of program activity on the port. Not optimal if that is indeed the case.

 

[Calisro]

I'm guessing it uses conntrack timeouts. Triggering usually requires data to continuously come in on the triggered port to keep the related port(s) open

 

[john9527]

I haven't looked at the code, but I don't think it uses conntrack. My guess is that it's just a special case of standard forwarding that dynamically sets the local address.

 

[Calisro]

Something would still need to track connections though to keep triggered ports open and shut them down on idle. If not ipfilter, then something.

 

[Deleted member 27741]

Gentlemen, we have a mystery on our hands.

 

[john9527]

Something would still need to track connections though to keep triggered ports open and shut them down on idle. If not ipfilter, then something.

Oh wait....hands disconnected from brain on my end

Yes, the standard tcp/udp conntrack timeouts as defined in Tools/Other Settings......Just like any other connection.

 

[Deleted member 27741]

Oh wait....hands disconnected from brain on my end

Yes, the standard tcp/udp conntrack timeouts as defined in Tools/Other Settings......Just like any other connection.

I need to be educated here. None of the values on my router are currently 10 minutes?

TCP connections limit Default: 300000
TCP Timeout: Established Default: 1200
TCP Timeout: syn_sent Default: 120
TCP Timeout: syn_recv Default: 60
TCP Timeout: fin_wait Default: 120
TCP Timeout: time_wait Default: 120
TCP Timeout: close Default: 10
TCP Timeout: close_wait Default: 60
TCP Timeout: last_ack Default: 30
UDP Timeout: Assured Default: 180
UDP Timeout: Unreplied Default: 30

 

[Deleted member 27741]

Also, other than upping the timeouts, can I change some setting (on router or program) to automatically detect the port is being used and reset the timeout?

Perhaps turn up keepalive packets or something of the sort to keep the connection up? I have a hard time believing port triggers would be this hard to keep alive .

 

[Calisro]

The app would need to keep it alive. The triggering port... Not the triggered port.

In your case you initiated it with psping. if you keep pspinging then it should stay alive.

 

[Calisro]

btw, when a port closes, it wouldn't snipe your current connection. New connections cant come through but established ones stay. try it with ssh. It'll stay open. I wonder if you're hitting some other issue or if vnc is reconnecting for some reason.

 

[john9527]

I wonder if yiy're hitting some other issue or if vnc is reconnecting for some reason.

I think we've come full circle....where I'm not sure your measurement technique.

Perhaps turn up keepalive packets or something of the sort to keep the connection up? I have a hard time believing port triggers would be this hard to keep alive .

But that brings up the next question....why do you want to keep it alive? Port triggers by definition need to go away. If you want a static destination, what not use a standard port forward?

What am I missing?

 

[Deleted member 27741]

Sending a keepalive from vnc viewer to the port did not work. I will try looping the psping to see if that helps. It may be an application issue.

I want it to stay alive as long as my program is up and I am working with it. I understand your trepidation about vnc. Have either of you guys tested port triggering to see how long it stays up?

 

[Calisro]

I have not but I can tell you that if a connection is established, it will stay even if you delete tge fwding rule (which is what port triggering does). I bet its a vnc config item.