This issue may have already been covered but with new Routers and AV suites, it may be something that needs continual updating. I'd like to set a dedicated port on my TP-Link Archer AX3000 router and I also have Norton 360 av suite. First, do I need to set the port in Norton, or is that automatically set? Then, the routers are now calling this Port Triggering, but it's the same thing and I can set the values, but the IN-game settings are only giving me four-digit numbers for ports (5101, 5500, etc.) whereas, my router and most of the ones I've seen usually use five-digit numbers like 52730 as an example. So is that not a problem? And I'm trying to change my router from "Restrictive" to whatever else there is, like "Permissive"? I'm thinking this would give me a better online connection. Is this the case? tx
Port Forwarding
- Thread starter Alphamale1956
- Start date
Why not just let UPnP do the job?
I hear that but I find it hard to believe. Open port is an open port in the router, it's not like you're handcrafting it to be an Artisinal port.
Maybe if you said ED doesn't do the job or your router doesn't do UPnP there might be an issue, but, if you let it do the job and check your router after to see if the port has opened and it is - what's the difference?
VERY basic guide for ED networking
Number of discussions around the forum regarding the P2P networking nature of the game and wanted to give some basic support to other players. (Network engineers, Server admins and general geeks can ignore [yesnod]) Quick basic Network 101: How other games work: Elite Dangerous is different...
THANK YOU, Zieman FOR THAT GREAT RESOURCE...in my old days of playing online, I had used Major Geeks many times but forgot about themVERY basic guide for ED networking
Number of discussions around the forum regarding the P2P networking nature of the game and wanted to give some basic support to other players. (Network engineers, Server admins and general geeks can ignore [yesnod]) Quick basic Network 101: How other games work: Elite Dangerous is different...forums.frontier.co.uk
Deleted member 38366
D
Letting UPnP aka "Universal Plug & Pray" go on default settings invites the usual broken Instancing and additionally can incur lag spikes.
Manual Port Forwarding typically improves Networking and Instancing significantly in ELITE...
I can only recommend it where possible.
Manual Port Forwarding typically improves Networking and Instancing significantly in ELITE...
I can only recommend it where possible.
I can't comment on the in-game effects of using UPnP, but I can say that home routers are notorious for having badly secured UPnP implementations. I much prefer to forward a single port in a predictable fashion than risk some ne'er-do-well convincing my router to throw the home network wide open to all and sundry.
As with many things in life, security is all about relative risk and tradeoffs. And unfortunately there's no such thing as decision-making with perfect information.
So naturally if a router was available that I knew wouldn't have security issues in the future, that fit within my budget, I would buy it. But how does one go about evaluating that? If you look at track records, there are certainly companies that have fewer issues, and have better policies around ongoing maintenance updates. But no companies have perfect records, and policies do change over time - past performance is no guarantee of future results and all that.
Thus one has to assume that security issues will crop up, with unpredictable nature and timing, which may or may not get patches. In that light, UPnP is a much more complex system than a static port forward - it has a larger attack surface, and less deterministic behavior. Moreover, UPnP has a more severe failure mode than static port forwarding, as it can open any port to connect to any device on your network. Furthermore, even if working as designed, UPnP exacerbates the severity of unrelated security problems, because any malicious program (say your phone gets a malicious app, for instance) can start opening ports to try and take advantage of additional vulnerabilities.
In contrast, static port forwarding is permanent, but should only ever give access to either the ED client, or to the code in the Windows network stack that refuses connections to inactive ports. You need to get into the router's management interface to change the forwarding settings. Since flaws in the ED client or the router's admin login system would affect either setup, the tradeoff is between trusting a small piece of code in the Windows network stack that Microsoft knows to be security-critical and is able to patch every Tuesday, or accepting the whole UPnP system and the very infrequent update cadence of my router vendor.
Ok, let me ask this. In order to use Port Triggering (this is better than Port Forwarding because the port only stays open when you're using it with Port Triggering), must I disable UPnP on my router?
See my explanation above of why Port Triggering has prevented eternal open ports
According to the downloadable manual for the router you mentioned, it looks like you can use Port Triggering and UPnP at the same time. However, I'm not aware that the ED client has any awareness of triggering - it uses UPnP for that purpose. And as far as I know, communication with the Frontier login servers goes over SSL, so you can't port trigger by looking for that, since every web browser on the network would set it off. So I really do think your options here are either UPnP or a static port forwarding rule. If you're really concerned and you know you're going to be away from the game for a while, you can always disable the static rule.
Edit to answer some additional points:
Port numbers larger than 1025 are available for any purpose. The valid range goes up to 65535, but there's nothing wrong with using a number between 1025-9999 if you only have a 4-digit entry field.
Nothing "rumour" about it. If you look at the network stats in the game config menus, it shows you the number of packets that have been routed through Frontier's TURN servers during your current session. Those are a form of proxy specifically for use when neither side of a P2P connection has an open port.
Last edited: