What Is Port Forwarding and How to Set It Up On Router
Port forwarding, often called port mapping, allows remote servers and devices on the internet to access your private LAN to connect to other computers or services.
Port forwarding is accomplished by generating a map between the public, wide area network (WAN) Internet protocol (IP) address of a router and the private, local area network (LAN) IP address of a device on the private network.
In this post, we’ll delve further into the concept of port forwarding – how it works, what it’s used for, and how to resolve any potential port forwarding issues.
What is port forwarding?
Port forwarding is a technique on local network routers that redirects connection requests from online devices to particular local network devices. This occurs because the port forwarding rules on your network router match connection attempts to the correct port and IP address of a network device.
Each device on your internal network has its own internal IP address. A local network may have a single public IP address. Port forwarding connects these external requests from A (the external IP and port) to B. (the requested port and local IP address of the device on your network).
To illustrate the utility of this feature, let’s compare your home network to a medieval stronghold. While you can see outside the walls, no one can see inside or penetrate your fortifications; you are safe from attack.
Thanks to integrated network firewalls, the same status applies to your network. You can browse websites and game servers, but other internet users cannot access your gadgets. Your firewall aggressively thwarts any attempts by external connections to gain access to your network.
In certain circumstances, however, this level of security is inappropriate. External connections are required if you want to run a server on your home network (with a Raspberry Pi, for example).
This is where port forwarding comes into play, since it allows you to redirect external requests to certain devices without sacrificing security.
For instance, suppose you are operating a local web server on a device with the internal IP address 192.168.1.12 and the public IP address 80.80.100.110. Requests from the outside to port 80 (80.90.100.110:80) would be permitted, with the traffic redirected to port 80 on 192.168.1.12.
To accomplish this, you will need to establish your network to allow port forwarding and then configure your network router with the necessary port forwarding rules. You may also need to configure additional firewalls on your network, such as the Windows firewall, to permit the traffic.
Port forwarding topology
A “private LAN” could be your home Wi-Fi, business Wi-Fi, or even a coffee shop’s free Wi-Fi. To connect, it usually (but not always) requires a password or other sort of authentication. A process called DHCP assigns your device – laptop, cell phone, tablet, etc. — an IP address on the network once it is joined (Dynamic Host Configuration Protocol). This IP address is exclusive to your device on the network, making it essential for the router to identify the device.
When you wish to connect to the internet — for example, to check your email, visit social networking sites, or utilize cloud file storage — your device sends a connection request to the router, specifying the IP address and port associated with the request. Your device is the connection’s host or origin. The router then reads the request and replaces your device’s IP address and port with its own IP address and an appropriate port. Here is the complete ICANN port registration list, if you’re especially curious. After disguising your host’s IP address with the router’s public IP address, the router forwards the connection request to its intended recipient.
The router must remember how it mapped your device’s IP address and port to its own IP address and port in order to deliver the connection request. Consequently, a Network Address Translation (NAT) table is required. NAT tables store information regarding the maps that are generated during a connection.
Once a request reaches its target, the destination must provide information back to your device in order for you to view it. The destination sends a connection request with the router’s IP address and a specified port to the router. The router checks the NAT table for the specified IP address and port to see if a connection is open. If so, the request is forwarded to the appropriate device on the internal network. Once the connection is closed, its entry in the table is removed.
Why port forwarding?
Port forwarding is a fantastic method for preserving public IP addresses. It can secure servers and clients from unauthorized access, “hide” the available services and servers on a network, and restrict access to and from the network. Port forwarding is transparent to the end user and provides an additional degree of network protection.
Port forwarding is used to prevent unwanted traffic from entering networks. It enables network managers to use a single IP address for all Internet-based exterior interactions while devoting numerous servers with distinct IPs and ports to the internal task. Port forwarding is useful for home network users who want to operate a Web server or a gaming server on the same network.
Port forwarding operates exceptionally well alongside various identity management software. Multi-factor authentication software, single sign-on solutions, and the like add an additional layer of security to the process of granting access to highly sensitive places, such as file servers and databases, by the use of visitors.
On the router, the network administrator can configure a single public IP address to forward requests to the appropriate server on the internal network. By utilizing a single IP address for numerous jobs and deleting all traffic unrelated to the services provided at the firewall, the administrator can conceal the services running on the network from the outside world.
Types of port forwarding
There are multiple forms of port forwarding, each of which serves a distinct purpose. TCP port 22 is used for both local and distant port forwarding via SSH Tunneling.
- Local port forwarding. This type of port forwarding is utilized when you want to use your LAN equipment to retrieve data from a destination to which you do not have access, but an intermediate device does. This enables data to be fetched from a remote location to a local device.
- Remote port forwarding. This type of port forwarding makes your device accessible to remote devices and the internet. In this instance, data is pushed from your device to the remote destination server and then returned to your device via the source port. Using remote forwarding, anyone with internet access or a remote device can access your device.
- Dynamic port forwarding. Dynamic port forwarding is an extension of local port forwarding. Any program on your LAN device can utilize the SSH tunnel to access any distant target port while using only a single port on your end. Dynamic port forwarding functions by forming an intermediary of sorts.
Where is port forwarding implemented?
Backups
While the following examples are by no means exhaustive, they should give you a decent understanding of how port forwarding contributes to efficiency and enhances daily operations for both clients and your business.
It is advantageous to be able to access your backups from anywhere with an internet connection, regardless of whether they are files, servers, or hard disk clones. Port forwarding allows even your most inaccessible backups to be viewed from anywhere with the correct authorization.
Virtual desktops
Not all desktop computers are stored locally. Computer desktops are more effectively stored in cloud environments for large-scale technical implementations, such as hospitals or universities. Port forwarding enables users to access their virtual desktops or VDI from any onsite PC.
CCTV and security
Port forwarding enables remote monitoring of your network. You may effortlessly access your private security feeds from any place, be they commercial or domestic.
Game servers
Port forwarding is not limited to businesses only. Who says we can’t enjoy ourselves? Examine search engine auto-completion for “port forwarding”
Indeed, you are reading accurately. Gaming is one of the most common use of port forwarding. There, port forwarding benefits the hosting of private game servers.
While this feature is primarily intended for private games or maps among a group of friends, businesses can also use it to hold charity benefit games or tournaments.
How to use port forwarding safely
- Use robust passwords and the most recent security upgrades.
- Take the essential safeguards for computer security.
- Ensure that your security firewall is active.
- Utilize a secure VPN connection
Why You Should Not Utilize UPnP (Automatic Port Forwarding)
Setting up port forwarding on a local network is simple for advanced users, but might pose a variety of challenges for beginners. To address this issue, network device manufacturers developed UPnP, an automated mechanism for port forwarding (or Universal Plug and Play).
The concept of UPnP was (and remains) to allow internet-based applications and devices to automatically create port forwarding rules on your router to allow external traffic. UPnP may automatically open ports and pass traffic for a device operating a game server, eliminating the need to manually configure access in your router’s configuration.
The idea is brilliant, but the implementation is either incorrect or exceedingly hazardous. UPnP is a malware’s dream, as it automatically assumes that all network applications and services are secure. The UPnP hacks website highlights the number of vulnerabilities still commonly present in network routers.
In terms of security, it is advisable to err on the side of caution. Instead of jeopardizing the security of your network, avoid utilizing UPnP for automatic port forwarding (and, where possible, disable it entirely). Instead, you should set manual port forwarding rules solely for trusted applications and services with no known vulnerabilities.
How to Configure Port Forwarding for a Network
If you wish to manually configure port forwarding and are avoiding UPnP, you can typically do it through the online administration page of your router. If you are unsure how to get this information, it is typically located on the bottom of your router or in the documentation handbook.
Using the default gateway address for your router, you can access its administration page. This is normally 192.168.0.1 or a similar address; enter it into the address bar of your web browser. Additionally, you must authenticate using the username and password provided with your router (e.g. admin).
Using DHCP Reservation to Configure Static IP Addresses.
The vast majority of local networks utilize dynamic IP allocation to assign temporary IP addresses to connecting devices. After a specified period of time, the IP address is refreshed. These temporary IP addresses may be re-used or recycled, and your device may be issued a different local IP address.
Nonetheless, port forwarding necessitates that the IP address of all local devices remain unchanged. You can manually assign a static IP address, however most network routers allow you to assign a static IP address allocation to specific devices using DHCP reservation on the router’s settings page.
Unfortunately, each router manufacturer is unique, and the processes illustrated in the screenshots below (created with a TP-Link router) may not correspond to your router. If so, you may need to consult your router’s documentation for further assistance.
Access the web management page of your network router using a web browser and enter the router’s administrator login and password. After logging in, navigate to your router’s DHCP settings.
You may be able to check for local devices that are already connected (to autofill the appropriate allocation rule) or you may be required to provide the MAC address of the device to which you intend to allocate a static IP. Create the rule using the specific MAC address and the desired IP address, and then save the entry.
Generating a New Port Forwarding Rule
Create the port forwarding rule if your device has a static IP (established manually or reserved in your DHCP allocation settings). The conditions for this differ. Various TP-Link routers refer to this feature as Virtual Servers, although Cisco routers use the standard term (Port Forwarding).
Create a new port forwarding rule in the appropriate menu of your router’s administrative page. The rule will require the external port (or set of ports) to which you want external users to connect. This port is associated with your external IP address (e.g. port 80 for public IP 80.80.30.10).
You must also identify the internal port to which you want to redirect traffic from the external port. This could be the same port or a different port (to conceal the purpose of the traffic). You must also enter the static IP address for your local device (for example, 192.168.0.10) and the port protocol (e.g. TCP or UDP).
You may be able to select a service type to automatically populate the appropriate rule data, depending on your router (e.g. HTTP for port 80 or HTTPS for port 443). Once the rule has been configured, save it to apply the change.
Extra steps
Your network router should implement the updated firewall rules automatically. Any attempts from the outside to connect to the opened port should be redirected to the internal device using the rule you specified; however, you may need to create additional rules for services that use multiple ports or port ranges.
You may also need to apply additional firewall rules to your PC or Mac’s software firewall (including Windows Firewall) in order to allow the traffic to pass. Typically, Windows Firewall will not permit external connections, therefore you may need to adjust this in the Windows Settings menu.
If Windows Firewall is causing you trouble, you can temporarily disable it to investigate. Due to the security dangers, we recommend that you re-enable Windows Firewall once you’ve resolved the issue, as it provides additional protection against potential hacking attempts.
Protecting Your Private Network
You now know how to configure port forwarding, but remember the risks. Each port you expose increases the number of holes in your router’s firewall that port scanning software can exploit. If you need to open ports for certain applications or services, be sure to restrict them to specific ports rather than expansive port ranges that could be exploited.
If you are concerned about the security of your home network, you can increase network protection by installing a third-party firewall. This could be a software firewall placed on your PC or Mac, or a 24/7 hardware firewall tied to your network router, such as the Firewalla Gold, to protect all of your devices simultaneously.
Port forwarding maps external IP addresses and ports to internal IP addresses and ports, enabling Internet-based access to internal services.
It is configured on residential routers and is required because residential routers employ NAT, which isolates the home network from the Internet.
Comments are closed.