PSA-Please Don't Use Port Forwarding for ESO(ZOS shouldn't be telling people to do this)

desciviib14_ESO

Just thought I'd res this to say that this seems to have fixed the problems I was having in PVE. Thanks OP

TheChieftain

Perfect name for this thread: Trigger Warning

I learn new things by playing the devil’s advocate in discussions, being corrected, and using humor.

BigboyCT wrote: »

port forwarding for home PCs is not the safest thing to do since it opens ports to anyone from the outside. (assuming that you don't have a software firewall running on your PC)

Is all this alarm on behalf of people who have (for whatever reason) turned off their firewalls? Or do our routers protect us from dangers that our firewalls cannot? If that is true, then people who have their computers plugged directly into their modems must get their identities stolen all the time. Someone should warn them of all the danger they’re in.

My Asus RT-AC68U wireless router’s user interface has one menu for port triggering and one for port forwarding. The port triggering menu has a dropdown menu for “Well-Known Applications.” There are only two applications on that list, and neither are games. The port forwarding menu has a dropdown menu called “Famous Game List.” There are eight applications on that list, including WOW, Age of Empires, Counterstrike, Warcraft III, Xbox Live, and Playstation 2. It seems this problem is much broader than ESO; ASUS, Blizzard, Ensemble Studios, Valve, Microsoft, and Sony are also in on this conspiracy. Someone should warn their customers of all the danger they’re in.

woodsro wrote: »

not much ZOS can do about that outside of making the ESO Executable use UPnP to dynamically open and close the ports it needs on the router to alleviate those issues.

woodsro wrote: »

those who understand how Network Address Translation works won't blame ZOS for the unknown errors.

I don’t understand how Network Address Translation works, so to me the situation sounds like this; “implementing UPnP” is a way of coding the game so that it is not broken. The developers have willfully chosen not to do this. If a company is charging money for their product, I consider it their obligation to make their product not defective in a major way. When I learn more about Network Address Translation, perhaps I will come to understand how ZOS is blameless, and that the one they call NAT is the true enemy.

woodsro wrote: »

Two Applications can't use the same ports at the same time according to the RFC's(On a Layer 3 device anyways)......Take one router, set up 2 web servers, port forward 80 to both of them, good luck...only 1 of them will work if at all because the router doesn't know which one has priory, the router doesn't have the ability to say "Packets from region A go here, and Packets from Region B go here" its a Layer 3 device, its not supposed to, you would need a device with Layer 7 functionality for something like that. (there are corporate grade network equipment that does come with much Layer 7 functionality)

The only way i know of where you could have multiple applications using the same port (such as port forwarding 2 web servers on the same port) is by having a device that has Layer 7 functionality which are quit expensive and rely on using some sort of proxy to handle those scenarios at the Application Layer(Hence i say Layer 7 functionality)

BigboyCT wrote: »

Port triggering is not really a solution for me either since I have two computers running ESO at the same time. If my first computer gets a hold of the ports, my second computer won't be able to use them.

Here’s the thing I really need help with. I intend to play this game in the same physical location as my friend; my house. When I read BigboyCT’s post, I thought it looked as if port triggering could not do what I needed it to do. This made me say, “YOLO! If port triggering will not allow me to play a game with my friend using the same wireless router, then I will forward my ports, consequences be damned!” But then, I found some sources saying that port forwarding would not let me have two computers playing ESO unhindered over my router either. This website suggests some drastic measures, such as talking to my ISP, or paying for a VPN service.

http://portforward.com/help/alt-to-pf.htm

However, my ASUS router’s user interface might be suggesting that what I want to do is not impossible. My router says, “If you want to specify a Port Range for clients on the same network, enter the Service Name, the Port Range (e.g. 10200:10300), the LAN IP address, and leave the Local Port empty.” I did this. In the Local IP box, I simply input my router’s IP address. When I used port testers to test this, they found the ports “filtered.” Did this not work, or are those tests only set up to test if the port is open to the specific computer I’m testing from (as opposed to the router)? Will this method work, or do I need to purchase corporate grade networking equipment with seven layer dip functionality in order to play ESO with my friend when he comes over with his laptop?

NobleNerd

Thanks for the information.

That said I have forwarded ports for MMOs for 10+ years with no security issue ever. I will wait and see if ZOS makes an official response about this, but for over 10 years I have never had an issue using port forward in any MMO.

RinaldoGandolphi

TheChieftain wrote: »

Perfect name for this thread: Trigger Warning

I learn new things by playing the devil’s advocate in discussions, being corrected, and using humor.

BigboyCT wrote: »

port forwarding for home PCs is not the safest thing to do since it opens ports to anyone from the outside. (assuming that you don't have a software firewall running on your PC)

Is all this alarm on behalf of people who have (for whatever reason) turned off their firewalls? Or do our routers protect us from dangers that our firewalls cannot? If that is true, then people who have their computers plugged directly into their modems must get their identities stolen all the time. Someone should warn them of all the danger they’re in.

My Asus RT-AC68U wireless router’s user interface has one menu for port triggering and one for port forwarding. The port triggering menu has a dropdown menu for “Well-Known Applications.” There are only two applications on that list, and neither are games. The port forwarding menu has a dropdown menu called “Famous Game List.” There are eight applications on that list, including WOW, Age of Empires, Counterstrike, Warcraft III, Xbox Live, and Playstation 2. It seems this problem is much broader than ESO; ASUS, Blizzard, Ensemble Studios, Valve, Microsoft, and Sony are also in on this conspiracy. Someone should warn their customers of all the danger they’re in.

woodsro wrote: »

not much ZOS can do about that outside of making the ESO Executable use UPnP to dynamically open and close the ports it needs on the router to alleviate those issues.

woodsro wrote: »

those who understand how Network Address Translation works won't blame ZOS for the unknown errors.

I don’t understand how Network Address Translation works, so to me the situation sounds like this; “implementing UPnP” is a way of coding the game so that it is not broken. The developers have willfully chosen not to do this. If a company is charging money for their product, I consider it their obligation to make their product not defective in a major way. When I learn more about Network Address Translation, perhaps I will come to understand how ZOS is blameless, and that the one they call NAT is the true enemy.

woodsro wrote: »

Two Applications can't use the same ports at the same time according to the RFC's(On a Layer 3 device anyways)......Take one router, set up 2 web servers, port forward 80 to both of them, good luck...only 1 of them will work if at all because the router doesn't know which one has priory, the router doesn't have the ability to say "Packets from region A go here, and Packets from Region B go here" its a Layer 3 device, its not supposed to, you would need a device with Layer 7 functionality for something like that. (there are corporate grade network equipment that does come with much Layer 7 functionality)

The only way i know of where you could have multiple applications using the same port (such as port forwarding 2 web servers on the same port) is by having a device that has Layer 7 functionality which are quit expensive and rely on using some sort of proxy to handle those scenarios at the Application Layer(Hence i say Layer 7 functionality)

BigboyCT wrote: »

Port triggering is not really a solution for me either since I have two computers running ESO at the same time. If my first computer gets a hold of the ports, my second computer won't be able to use them.

Here’s the thing I really need help with. I intend to play this game in the same physical location as my friend; my house. When I read BigboyCT’s post, I thought it looked as if port triggering could not do what I needed it to do. This made me say, “YOLO! If port triggering will not allow me to play a game with my friend using the same wireless router, then I will forward my ports, consequences be damned!” But then, I found some sources saying that port forwarding would not let me have two computers playing ESO unhindered over my router either. This website suggests some drastic measures, such as talking to my ISP, or paying for a VPN service.

http://portforward.com/help/alt-to-pf.htm

However, my ASUS router’s user interface might be suggesting that what I want to do is not impossible. My router says, “If you want to specify a Port Range for clients on the same network, enter the Service Name, the Port Range (e.g. 10200:10300), the LAN IP address, and leave the Local Port empty.” I did this. In the Local IP box, I simply input my router’s IP address. When I used port testers to test this, they found the ports “filtered.” Did this not work, or are those tests only set up to test if the port is open to the specific computer I’m testing from (as opposed to the router)? Will this method work, or do I need to purchase corporate grade networking equipment with seven layer dip functionality in order to play ESO with my friend when he comes over with his laptop?

Sorry for the delay.

Port forwarding is subject to the same restrictions as triggering. You cna't have two applications using the same port at the same time unless your using a Layer 7 device that has some sort of proxy or handles those connections at the Application Layer.

A router is a Layer 3 device. If you google folkls having issues getting open NAT on multiple Xbox's in the same house at the same time is because you can't have more then 1 device utilizing the same port at the same time, this is why many games use port ranges to fall back on other ports when the prefered ports are in use, hence port ranges

RinaldoGandolphi

NobleNerd wrote: »

Thanks for the information.

That said I have forwarded ports for MMOs for 10+ years with no security issue ever. I will wait and see if ZOS makes an official response about this, but for over 10 years I have never had an issue using port forward in any MMO.

That your aware of. I am not saying this to be snarky either. Any machine you leave ports wide open to the whole internet too will be hacked at some point the longer it is left in that state. when port forwarding, your Router is a layer 3 device, its not going to packet discriminate, if matters not if your playing ESO or not, nor the orgin of the packets, any traffic intended for that port is automatically forwarded to the PC on your LAN you designate. This means a hack in China could send traffic on nd use it to plant a backdoor on your system giving him remote access at any time, one that he could then use to infilitate your entire LAN. scanners like Nmap make it trival to find open ports and services across network addresses.

With port triggering, once traffic stops flowing on those forwarded ports, they are then closed back up. So nothing can get in while your not playing the game. this is what port Triggering was designed for.

Port Forwarding was designed for hosting services to the external internet.

Port Triggering was designed to give acess to Internet services.

If your not hosting a mail serve, web server, ftp server, etc then you shouldn't;'t forward. Port Forwarding for games was designed back in the days of bad security practices, Windows 98/2000 and the ActiveX security nightmares of the past when bad security practices was common place. these became entrenched and there are those of us trying to get these trneds reversed as safe ways exist to do the same thing the end user wants and its much easier now(triggering) that is also much safer.

Good day.

TheChieftain

Thanks for he clarification about multiple users on the same router. That’s a little disappointing, but the game has performed all right for both of us so far anyway when my friend and I play at the same time on the router. If that luck continues, I suppose it won’t be much of an issue.

Sreja_Bone

@woodsro Got to say, wish, I'd found this two days ago. Cleared my character load problems right up and was actually easier than getting port forwarding right on my ASUS router. Cheers man, you rock.

KennyHMNgai

Hi . I have put the eso numbers in for port forwarding/triggering, and have enabled both TCP and UDP, then saved the settings. I checked the values again to make sure they were correct. I enter my password to log into the game, and then a crash report window appears, a window which appeared even before inputting any of those values. Any idea what I can do next ?

KennyHMNgai

.... well, actually, what I did next after doing the above was to run the repair tool from the ESO launcher, and I was able to log into the game; no crash window. So I'm all good now .

Wily_Wizard

Thanks Rinaldo, some really good info here.

I think a good 1st step for most non-techie gamers would be to verify that UPnP is enabled in their router. In most current routers it is on by default. Caution: If your router's firmware is more than 2 years old, then you should NOT have UPnP enabled because a serious security issue was identified, and firmware approximately less than 2 years old should have patched the security flaw.

UPnP is its own protocol and while most of its work is done within your home network, it also facilitates connectivity to the internet via your NAT. Here's a quote from the WIKI:

One solution for NAT traversal, called the Internet Gateway Device Protocol (IGD Protocol), is implemented via UPnP. Many routers and firewalls expose themselves as Internet Gateway Devices, allowing any local UPnP control point to perform a variety of actions, including retrieving the external IP address of the device, enumerate existing port mappings, and add or remove port mappings. By adding a port mapping, a UPnP controller behind the IGD can enable traversal of the IGD from an external address to an internal client.

What UPnP does, in a manner of speaking, is automates port triggering. The difference is that it tries to do it in real time, so if all devices have a valid implementation of UPnP, then it should be able to manage the port leases in a manner that allows more than one gamer to play behind the same network. ESO should be reserving a large number of ports, but only uses a few of those ports for 1 gamer. when a 2nd gamer comes along, it should allocate the next range of ports and manage them separately from the 1st gamer's ports. I noticed some people in this post are forwarding ports to one gaming PC and wondering why the 2nd gaming PC still works. Theoretically UPnP should manage that and give the 1st range of available ports to the 2nd PC.

In theory UPnP is a good thing, automation is always nice and it makes life easy for people that don't want a degree in networking just to play their game or stream video from a device on their network. However, today, its still possible that all implementations of UPnP don't play well together. In this respect, it's possible that a different router or different firmware may fix any UPnP problems you are having. HOWEVER, all routers are not created equal, and some of them do not have powerful enough CPU's to handle a lot of UPnP calculations, NAT translations, packet sorting, and all other aspects of networking simultaneously. If you are trying to force a $30 Linksys/Netgear router to manage a whole house full of internet requests, video streaming, and gaming at the same time, its going to buffer as much data as it can(which causes latency), then its going to start dropping packets, which can cause severe stuttering(and disconnects) in games and audio/video streams.

You usually get what you pay for in routers, and the newer high speed routers mostly have powerful CPU's that can handle just about any scenario, even in the most demanding households. The caveat is that they will also have the latest version of UPnP, which should make gaming both pain free and secure. Theoretically, *clears his throat* *evil laugh*

Sreja_Bone

...And I spoke too soon. Shortly after a good clear day of playing, the error <<1>> one crashes on load screens came back, each one followed by hanging at "requesting character load " again. Still, good info though.
Back to the troubleshooting for me .

kaithuzar

There's some decent general info here, but don't get it confused thinking that port forwarding in any way shape or form is going to "fix existing in game issues". That's false.
Also, understand that when hosting a server on port 80 & setting up port forwarding to send all traffic coming in on port 80 to the webserver; the webserver handles multiple port 80 requests. The thing to remember is that there are both a src (source) & a dst (destination) port number in any connection. So while an end user is sending traffic to a webserver, the end user may have a random src port of 3999 the dst port will still be 80 & the webserver can have multiple port 80 connections.
I do feel this thread kind of derailed from "how do I get my connection to download faster" into a "port forwarding w/o proper setup is a security risk".

So how do you get the connection to download faster? I didn't see an answer here, let me know if I missed it.
The basic thing I know to do is:
1) Make sure dns settings are correct, you can also config static entries in etc hosts file
2) Keep networking/phone cables AWAY from power cables
3) Don't use wifi
4) Buy a Linux router from me (not ddwrt, an actual mini-pc running a full blown distro)

blackcom90

Sorry, if i ask but is possible that some router doesn't support this option?
For example i have an asus DSL-NT12E and i can't find anywhere the triggering option... in that case is possible to port forward and defend from attack?

vwaskarb16_ESO

I will say Rinaldo is wrong about port sharing, yes you can't do it on TCP connections, but you can on UDP multiple times...

I know he said this last year, but just in case people are reading and learning :P

Also if you leave a port open, that doesn't guarantee you will be hacked anyway, an exploit has to exist for the peep to go through that port to target that exploit, if you have none then an open port means nothing.

JMadFour

Ok so I am going to bring this thread back up, sorry. But I have a question I could not find the answer to, as all of the answers I am finding are for the PC Version.

on this page:

https://help.elderscrollsonline.com/app/answers/detail/a_id/30107/kw/port triggering

it says I need to Trigger the following Ports:

PlayStation 4 Ports:

TCP Ports 10040 through 10060
UDP Ports 50000 through 60000

however, when I go into my Modem (I am running 24mbps Bonded ADSL at the moment), I cannot input both sets of Ports. I put in the TCP Ports and that goes fine, and then when I try to put in the UDP ports, the router does not accept it. It goes through its "please wait while the Modem updates", and then..nothing. No matter what, I only have the TCP Ports.

so how do I get both sets of Ports set up correctly in the Port Triggering Menu? Do I NEED both sets of ports?

Elincon

Can anyone -please- give some example of how to trigger forward this game?
Trigger Start Port
Trigger End Port
Target Start Port
Target End Port

I filled in:
• Start Port: 24100
• End Port: 24131
but there are target and trigger, what goes where??

[Problem solved broken onboard network card] But... I would still like to know how to do that or is nothing filled in at the target (I went from the Realtek to the onboard Intel and I don't seem to have any dc's anymore)

_________________________
I'm having a regular disconnects and I don't know if it is my ISP or something between the router/modem and my computer. I'm not on WiFi, my cable is short towards the wall, the download is 24.5MB/s upload 2.2MB/s ping 8ms, Windows 7 Ultimate, Ubee routermodem, re-installed Windows like 6 months ago, played with firewall settings off/low/medium/high with Block Fragmented IP Packets, Port Scan Detection, IP Flood Detection on and off.

I even closed the entire Wi-Fi network except for I'm forced to be a hotspot which they say is not of influence to my connection, like everyone from this provider.
Many times in the game I just quit instantly, game closes and I'm out. I need to fill in my password but I think the packages are still hanging and I need to wait a while before login in.

When I ping outside websites while gaming, on the exact time I'm getting disconnected I get request time-outs, suggesting me that it is an OS problem or ISP problem. I've never had this, does this game flood my own OS or something that it forces a disconnect between the router/modem and my Windows machine?!


I've called them on the phone today finally after trying to live with it and see if it's not my end but my hopes are running out and luckily I read this thing about forwarding and triggering so I want to do the right thing. I have to try as much as I can before handing in all the results and ask for a failure-mechanic to measure my line. Although the testing from the company testing my modem from there; it was all working fine. It's these damn disconnects for 5 - 15 seconds that kill me!
(also today I had something new that was like I'm freezing and suddenly my group is fighting and everything goes very fast and back to normal) Aug-12-2015
_______________________________

Thanks in advance!

Jade1986

So, I am slightly confused, what ports do I open for the EU servers? I did this for my xbox one time, but I really might as well have been reading Chinese through half of this thread....

Whatzituyah

So in the end should I stick with the Upnp calculation in my router or to put every thing that needs port forwarding/triggering into the router is what all this boils down too? Which should I use Upnp seems more convinient but not always reliable should I try to do some sort of balance between them have upnp on but have some port triggering variables for the things it does not work well with?

Gorrox

@RinaldoGandolphi , I'm using a Huawei HG532F router, and it does have a dedicated Port Triggering menu, but when attempting to forward Port 80 (as mentioned here: https://help.elderscrollsonline.com/app/answers/detail/a_id/1133/~/what-ports-do-i-need-to-open-to-access-the-game?),
the page gives me an error saying "The trigger port can not be 80"
Is this a problem, or part of some default settings and I should simply ignore triggering that port (the rest were added fine)

Also my port triggering page doesn't ask for a destination internal IP, I will assume this is standard?

RinaldoGandolphi

That is probably part of the default settings you should safely be able to ignore that for that port.

It varies my model, if you're doesn't ask for an internal ip it means the router will automatically route the packets to the device using the trigger ports

Gorrox

RinaldoGandolphi wrote: »

That is probably part of the default settings you should safely be able to ignore that for that port.

It varies my model, if you're doesn't ask for an internal ip it means the router will automatically route the packets to the device using the trigger ports

Thanks.

I was talking to a friend of mine and he says that with port forwarding, only the service linked to the port would be vulnerable to attack, no the rest of the system?

Nestor

Gorrox wrote: »

Thanks.

I was talking to a friend of mine and he says that with port forwarding, only the service linked to the port would be vulnerable to attack, no the rest of the system?

@Gorrox

It all depends really. First thing, Port Forwarding is supposed to forward packets destined for a particular port to a particular internal IP address, so only that device on that IP would see the traffic. Port Triggering opens up traffic flow for any packets destined for that port to the internal network. Then it gets even more confusing as not all manufacturers are consistent on exactly what these things do. If your asked to input an internal IP address with your Port Configuration, you have Forwarding, no IP address required, you have Triggering.

As for vulnerabilities, that also depends. In this case, it is the game that is using these ports, so that should be the only application that is listening on these ports. Windows won't be listening, and that is where the risk really is. I suppose a hacker could try to gain entree into your network by spoofing the ports, but the risk of that is small. Why is it a small risk? Your not a Bank or a Defense Contractor or some other entity that a hacker would want to try a focused attack on. The ones who go after end users at homes and such do so through emails and email attachments. If they are attempting an IP hack to gain access to the network, they do so by only trying IPs that respond to Pings, so turning off ICMP goes farther to protect you as it makes you invisible to most network attacks and intrusion attempts that would be directed at you.

So, you want to be safe on your network, don't respond to any emails that come from people you don't know or ask for personal information, especially information that they should already know, like your bank account number (as your bank would never send you an email asking for your account number)

Gorrox

@Nestor Thanks! That's a pretty nice summary.
Which ports would Windows typically be listening to?

Nestor

@Gorrox

Depends on each system really, here is how to suss it out

http://support.kaspersky.com/us/general/windows/101

For more details and options to the Netstat command

http://helpdeskgeek.com/windows-7/use-netstat-to-see-listening-ports-and-pid-in-windows/

http://www.howtogeek.com/howto/28609/how-can-i-tell-what-is-listening-on-a-tcpip-port-in-windows/?PageSpeed=noscript

janicek989

RinaldoGandolphi wrote: »

The first port in the range is the trigger port

So put port 24300 in the trigger port then put port 24300 in the start port at the bottom and 24331 at the other spot under inbound connections. Your telling your router that outbound traffic on port 24300 will temp forward the inbound port range entered below.

I know this is a few years old but I'm trying to figure out some basic networking stuff. I am unable to put in a range of ports to start a trigger also. What you're saying here is that the first port in the range will always be the initiating port for a trigger? I've looked at the ports that eso uses, and each time I log in, both the local and remote ports change and I would be unable to put in the full range of ports to start the trigger with, and I also don't know if I'm supposed to use the local or the remote ports.

Crapgame

I've been away from the game a long time but when I logged in this week, I was unable to do anything without being kicked with an error message "An error has occurred. Please wait a few minutes and try again" which would boot me all the way out to the login screen. This happened about 50 times. (I'm hard headed)

Googling taught me it might be a port issue but before I did any of that, I opened my VPN and connected through there. Problem solved. Not a single error.

This leads me to beleive that it is indeed a port issue and I'm keen to try the port triggering suggestion to fix it. (For the curious, my VPN is useful but it slows me down so I don't have it up all the time.)

I've attached a pic of what I think my configuration should look like. Someone please look it over and give me a thumbs up.

Thank you in advance!

Crapgame

UPDATE: Those settings did NOT work. Received the same boot and error. Went back to the VPN and it was smooth. Any insight @RinaldoGandolphi ?

RinaldoGandolphi

Hi,

It looks like your settings are slightly off

See example below

Trigger port range should be 24100-24100

Forwarded port range should be 24100-24131

This tells your router, “hey traffic is going out on port 24100 so temporarily port forward ports 24100-24131”

The range for the triggerd port should be one port and the forward range should be the port range you wish to forward.

Also, don’t port trigger port 80 or 443 as it can cause issues with other connected devices and will already have outbound traiffic using those ports already.

Crapgame

@RinaldoGandolphi Thanks for continuing your support of this issue.

I adjusted my settings according to your directions but encountered the same issue. (I wasn't even able to make the initial login this time)

In an effort to troubleshoot, I went back to the VPN and ESO works fine. Without the VPN, I can't seem to run the game at all.

frozywozy

2 years later, still nothing in the knowledge base of TESO about port triggering.

https://help.elderscrollsonline.com/app/answers/list/kw/port triggering/p/1