21 July 2020

What Is Port Forwarding? Everything You Need to Know


router-modem

Port forwarding sounds far more complicated than it is. It’s just like receiving a stack of letters in your mailbox then handing each one out to the relevant family members. You’ll often come across the term port forwarding for gaming, but that’s not all it’s used for.

If your Xbox won’t connect to the game server, or you can’t access your security cameras when away from home, it’s probably because you need to set up port forwarding.

Here we’ll explain exactly what these ports are, why they need to be forwarded, and how to set up port forwarding on a typical router.

What Are Ports?

You may already know what IP addresses are. Every device on your network (smartphones, computers, consoles, or anything else plugged into the router or connected to Wi-Fi) is given an IP address. But there are actually two types of IP address: public and private.

Anything connected to the internet has a public IP address so that messages can be routed. Just as your home has a street address so you can get mail. If you’re curious about what your public IP address is, the easiest way to find out is to just ask Google!

what is my ip

Private IPs are only used on internal networks. These are like numbers in an apartment block. On their own, they’re only useful once you’re inside. You couldn’t send a letter from anywhere in the world to “Apartment 603”.

It’s the same when you access a website: you’re asking for some data to be sent back to your device. In order to do that, the webserver needs to be given both your public and private IP address. The data is sent back from the website, first to your router with the public IP, then to your device with a private IP.

This is pretty easy when we’re just talking about browsing the web, but what happens when you start to request different kinds of data—like email, or where the enemy has moved in a multiplayer game? How does your computer know which application the data should be given to? It wouldn’t be particularly useful to send your latest emails to Call of Duty.

That’s where ports come in.

mailboxes
Your public IP makes sure your internet traffic comes back to your house. The private IP gets it to your device. But ports tell it which application it was intended for.

Ports are like mail sorting tubes inside your computer. When a data packet comes into your device, the operating system has a look at the port number it’s destined for. Each port corresponds to a different application, and there are 65536 ports available to use.

The first 1024 of these numbered ports are standardized. For example, unsecured web traffic requests go through port 80; secured websites use port 443. Emails over POP3 use port 110, while outgoing SMTP emails connect on 25. You can view the full list of standard ports on Wikipedia.

Anything beyond port number 1024 is basically a free for all: games, peer-to-peer filesharing, security camera video streams, etc. These apps can pick the port number they wish to use. The easiest way for them to do this is a technology called Universal Plug and Plug (UPnP).

UPnP to the Rescue

Most ports are blocked by default on routers. This is an essential security feature which prevents malicious requests from reaching services that might be running on your home network. But this can also cause problems for any application that needs information sent back to it from the internet; the router will simply block it as a security feature.

In order to allow data to be sent from the public internet to an internal computer, your device must therefore tell the router to forward on all messages that arrive on a particular port.

UPnP was invented to automate this process. Applications can request a port to be opened and the router will automatically set up the required port forwarding rules. Some people consider this to be a security flaw though, since any malware that finds itself installed on your computer is trusted by the router. It would then be able to open up ports for its own nefarious purposes, such as allowing remote control of your machine.

If you’ve disabled UPnP because you consider it dangerous, you’ll have to set up these port forwarding rules manually for every application that needs them. Even if you haven’t disabled UPnP, sometimes it just doesn’t work right. So let’s take a look at how you can manually create port forwarding rules.

Manual Port Forwarding

There are a few things you’ll need to know before attempting to manually set up port forwarding:

  1. How to access your router admin page. Typically, this means typing in the gateway address of your network (commonly 192.168.0.1, 192.168.1.1, or 10.0.0.1). If you’re unsure, check this list of guides by manufacturer.
  2. Which port, or range of ports, need to be forwarded.
  3. The IP address of the computer or device. How to find the IP address of your computer in Windows 10.

Some applications will also specify whether to send UDP or TCP packets; these are just different kinds of network traffic and not all applications use both types. If in doubt, just set the rule for both—there won’t be any adverse effects.

Once you have this information, open up the router configuration page. Exactly where you’ll find the port forwarding section will vary according to your router model, but it’ll likely be under Security, as it is on this Virgin Media SuperHub.

virgin media superhub

On my Zyxel LTE router, it’s found under the section labeled “NAT”.

zxyel router port forwarding

Regardless of which router you have, you’ll probably need to give your rule an arbitrary name, then type in the port range that you wish to forward. You may find an option to select “Service” for predefined ports, but you can skip that if you’ve gathered the information above.

If it’s just one port, you may need to either enter the same port for both the start and end, or just fill in the start. Again, select both the UDP and TCP protocols if you’re unsure, and then fill in the address of the machine you want it forwarded to.

Port forwarding rules

Note that some routers may allow you to enter a different destination port to what you’ve entered as the source. For services like gaming, you’ll want to ensure you enter the same number.

Does Port Forwarding Help?

If you’ve disabled UPnP because of security concerns, you’ll almost certainly need to manually open up some ports. I’d recommend keeping UPnP enabled though, and saving yourself the bother. If you practice sensible security on your home devices, there should be no need to disable UPnP. Setting up port forwarding manually might be easy, but it’s tedious if you need to do lots of times.

You should also know that your internal IP can change, meaning you’ll need to update the port forwarding rules every time that happens!

When Port Forwarding Won’t Help: Double-NAT

Remember those IP addresses? Port forwarding will only help if you actually have a unique public IP address. In some cases, your IP address will be shared with any number of other users. Effectively, you have another layer of routing outside of your control, before you reach the wider internet. This is called a Double-NAT.

This is commonplace in college dormitories and some apartment complexes where your internet options are limited. Port forwarding won’t help in this case because the ports will still be blocked on that other router which you can’t control, so the packets will never reach your own router. Unfortunately, it’s not always possible to fix a double-NAT situation.

You might even have caused a double-NAT issue yourself by adding another router to your network. For instance, if you use added Google Wi-Fi, alongside an existing ISP-provided router. If you can configure both routers, the one closest to the public side (usually the one provided by your ISP) should be switched to Bridge mode. This disables all routing features, including any built-in Wi-Fi, effectively turning it into a simple modem.

Some ISP-provided routers don’t let you do this. If that’s not possible, you may also want to try setting up a DMZ (demilitarized zone) pointing to your other router. That’s outside the scope of this guide, but essentially means “trust everything and forward it all onto this other device to deal with”.

Summary: Port Forwarding Pros and Cons

Pros:

  • May fix game connection issues if you’ve disabled UPnP.
  • Manual configuration on a per-application basis is more secure than allowing everything through.

Cons:

  • Port forwarding rules must be reconfigured if your private IP changes.
  • Won’t fix a Double-NAT connection issue.
  • Needs to be manually added for every application that needs it.

Hopefully, we’ve explained what port forwarding is, why you might need to use it, and how to set it up. For a broader look at the topic of network structures and devices, view our complete beginner’s guide to home networking.

Read the full article: What Is Port Forwarding? Everything You Need to Know


Read Full Article

No comments:

Post a Comment