The possibility to enable port forwards for any hosts inside the LAN has of cour

Question

The possibility to enable port forwards for any hosts inside the LAN has of course security implications. The problem from my point of view is not that there are bad users, but bad hosts/programs and of course the problem of CSRF.

But for some applications it would be good to have such a thing. Other possibilities like statically forward ports seems also less secure because then the port will be open all the time - also you have to maintain static IP addresses for all internal hosts, that should be reached.

The question is now: is it really necessary to have open ports for certain applications like btsync or some kind of instant messanger? Should a program depend on UPnP or is it possible to live without it? (bad question, i know - because in any case i have to live with bad security or bad application behaviour...)

Explanation / Answer

Any program that supports peer-to-peer communication needs to support some form of NAT traversal in order for two computers, both behind NAT gateways, to communicate with each other. Static port forwarding works, but is too confusing for most people to set up, while hole-punching isn't reliable and may require a trusted third-party server. This pretty much leaves UPnP and similar router-configuration protocols as the only solution.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.