Skip to main content

How To Forward Ports on Your Router

banner-01
We cover a lot of articles that feature accessing files and features from inside and outside of your network. This usually entails forwarding ports, something that may seem daunting for beginners, but it’s actually pretty simple to do.
There are plenty of projects we’ve covered that use your computer as a server for other devices. When you’re inside of your network, things are great and they work. When you’re trying to access things from outside of your network, things get significantly hairier, so let’s take a look at why that is.

Port Forwarding

From Inside of Your Network
Here’s a map of a simple home network.

As you can see, you’ve got three computers with unique IP addresses all connected to a router. You can easily access the other computers, but when they all access the internet, they go through the router. The router has an IP address that’s relative for you network, but it also has an external IP, one that it uses when interacting with things outside of your network. Whenever these computers make a request towards the internet, they all use the same IP – 127.34.73.214 in our example. Simple requests, such as loading web sites, are automatically handled by the router and are sent to their appropriate places. It’s not too difficult because each computer starts with a unique request, so it’s not hard for the router to figure out where things should go.

Ports and Protocols

Ports help make this process easier. If an IP is like a building’s address, then ports are like the apartment numbers for the residences in the building. Lower numbered ports have specific applications which are standards throughout the computing industry. When you fetch a web page, for example, it uses port 80. The receiving computer’s software knows that port 80 is used for serving http documents, so it listens there and responds accordingly. If you send an http request over a different port – say, 143 – the web server won’t recognize it because it’s not listening there, although something else might be.
Secure shell uses port 22, and VNC is usually done over port 5900. These ports can be changed for different uses, like when you have multiple instances of programs running for different purposes. To avoid interfering with other standard-abiding applications, it’s best to use larger numbers for these alternate configurations. Plex Media Server uses port 32400, for example, and Minecraft servers use 25565 – both numbers that fall into this “fair game” territory.

Each port can be used via either TCP or UDP. TCP, or Transmission Control Protocol, is what’s used most commonly. UDP, or User Datagram Protocol, is less widely used in home applications with one major exception: BitTorrent. Depending on what is listening, it’ll be expecting requests to be made in either one or the other of these protocols.

s can be easily found from someone inside the network by visiting whatismyip.com. This address can also change. One way to avoid this is to get a domain name redirect, so that when you go to http://myreallyawesomedoman.com, it’ll be your home network regardless of its changing IP.

  • Using custom ports may trigger your antivirus or firewall, so you may have to add exceptions on your home computers to allow outside access on whatever ports you specify. This is a security risk to some extent, so be careful and take proper precautions!
    • That being said, if you’re careful and configure things properly, you’ll never have to worry once you’re all set up.

    Router Brands

    Each manufacturer has different software that they use on their routers. We took screenshots of the port forwarding settings from each of the major brands as well as our near and dear DD-WRT. We’re assuming that you know how to access your router and you know the proper username and password. If you don’t, check out your documentation, your router’s label, or your manufacturer’s website.
    Cisco/Linksys

    So in this example, when you’re out and about and using your laptop, you use different ports to make your requests. When you access your home network’s IP address using port 22, your router at home knows that this should go to 192.168.1.100 inside the network. Then, the SSH daemon on your Linux installation will respond. At the same time, you can make a request over port 80, which your router will send to the web server at 192.168.1.150. Or, you can try to remotely control your sister’s laptop with VNC, and your router will connect you to it at 192.168.1.200. Pretty clever, right?

    You can even tell the router to change ports! For example, let’s say you have two web servers.


    When you access your home network via the standard port, 80, you can tell your router to send it to 192.168.1.150. The web server there will be listening at port 80 and will respond accordingly. But, you can tell your router that when you access it via port 10,000, that it should go to another computer, 192.168.1.250, but also at port 80. This way, the second computer doesn’t have to be reconfigured to use a different port, but you can still manage traffic effectively.
    EDIT: Corrected the above image (the orange IP address erroneously read 192.168.1.150 originally).

    Before Configuring Your Router

    There are a few things you need to be aware of when you decide on setting up port forwarding.
    1. If you’re using DHCP, then each device’s IP has the potential to change in the future, and when it does you’ll need to reconfigure your port forwarding settings. For this reason, it’s best to configure your “server” computers with a static IP. Some routers have the ability to “reserve” or “assign” IPs via DHCP that will NOT change in the future, allowing you the best of both worlds, but not all do.
    2. When you access your network externally, you will need to know your router’s external IP address. This can be easily found from someone inside the network by visiting whatismyip.com. This address can also change. One way to avoid this is to get a domain name redirect, so that when you go to http://myreallyawesomedoman.com, it’ll be your home network regardless of its changing IP.
    3. Using custom ports may trigger your antivirus or firewall, so you may have to add exceptions on your home computers to allow outside access on whatever ports you specify. This is a security risk to some extent, so be careful and take proper precautions!
    That being said, if you’re careful and configure things properly, you’ll never have to worry once you’re all set up.

    Router Brands

    Each manufacturer has different software that they use on their routers. We took screenshots of the port forwarding settings from each of the major brands as well as our near and dear DD-WRT. We’re assuming that you know how to access your router and you know the proper username and password. If you don’t, check out your documentation, your router’s label, or your manufacturer’s website.
    Cisco/Linksys

    You’ll see port forwarding under Applications and Gaming. Under “Single Port Forwarding,” you can add individual ports to specific IPs. Under “Port Range Forwarding,” you can easily forward whole ranges of ports at a time.

    DLink

    On DLink’s routers, you’ll find your port forwarding settings in the Advanced section, under the Port Forwarding tab.

    Netgear

    Netgear’s routers have a side menu. Look under Advanced and click on “Port Forwarding / Port Triggering.” If you use the Smart Wizard, you’ll also get the opportunity to configure port forwarding there.

    DD-WRT
     
    DD-WRT and similar third-party router firmwares will usually have port forwarding as a tab under the NAT/Quality of Service section. Remember, clicking “Save” in DD-WRT saves your changes but doesn’t apply them immediately, so be sure to hit “Apply Settings,” too.

    Basic Instructions


    Regardless of what software is on your router, you’ll be required to enter the same type of information. First, you’ll see a text field where you can type in the name of the application or service. Next, you’ll see which incoming port your router should watch for. Then, you’ll be able to choose which protocol to watch for. A little online research should be able to tell you which one, but if you’re not sure you can choose both. You’ll need to choose which IP address is the destination for this port’s requests. Lastly, you’ll be able to choose which port the request should be targeted to on the destination IP.

    Many firmwares will allow you to save many rules but selectively enable them as needed. If yours does it, be sure to check the “Enable” column’s boxes for all the rules you want active.

    Now, if you want to check and be sure your router’s port is open and functioning, there are plenty of tools you can use to help you determine this. My favorite, however, is a web-based tool – the You Get Signal Port Forwarding Tester.

    All you have to do is enter your port number in the box. Your external IP should be provided already, but if not, just click the “Use Current IP” link, then hit the “Check” button. This will check if your router has the port open and if it’s getting to a place on your network that can handle it.

    If everything’s good, you’ll see a green flag icon and a message that says that your port is open. Ultimately, though, you can try to access your forwarded service by using your external IP address. For example, to check to see if your SSH server is properly forwarded, try to connect to it using the IP reported on whatismyip.com and the proper port.
    Labels:

    Comments

    Post a Comment

    Popular posts from this blog

    Session Messenger----Best Secure Messaging App

      Session is fundamentally different than most other secure messaging services. Conversations in Session are secured using  client-side E2E encryption . Only the sender and the recipient of a message can read it. But Session goes beyond providing message security. Session also  protects the identities  of its users. It makes your communications private and anonymous, as well as secure. Session can do this because it  connects users  through a  Tor -like network of thousands of  Service Nodes . Service Nodes are servers that pass messages back and forth through the network as well as provide additional services. The  onion request  system that Session uses to protect messages ensures that no Service Node in the network ever knows both a message’s origin (your IP address) and destination (the recipient’s IP address). This allows you to  hide your IP  by default. Session takes a number of additional steps to protect your identity: No phone number is required for registration No email is r
    Post a Comment
    Read more

    Tiny 11 - A Lightweight Windows 11 that can run on 2GB RAM and requires less harddisk space.

      In terms of Windows 11, its   system requirements   are high since this system requires at least 4GB RAM, 64GB storage space, enabled TPM & Secure Boot, a high CPU (1 GHz or faster with 2 or more cores on a compatible 64-bit processor), etc. compared to any old Windows operating systems. If you have an old or lower-end PC, Windows 11 is not a good option to install since many issues like random crashes, blue screen errors, etc. could appear on the unsupported hardware. Overview of Tiny11 If you want to run Windows 11 on your old computer with low RAM and disk space, Tiny11 appears in public. It is a project from NTDev and Tiny11 is a Windows 11 tiny edition. This edition is based on Windows 11 Pro 22H2 and includes everything you need for a comfortable computing experience since this tool doesn’t have the bloat and clutter of a standard Windows installation. Tiny11 Requirements In terms of Tiny11 requirements, a scant 8GB of storage and just 2GB of RAM are required and Windows 11
    Post a Comment
    Read more

    Linuxfx 10 : A Windows-Like Linux Distro

    The idea of Linuxfx is to make it easier for people who are migrating from Windows 7. People who are dissatisfied with the lack of security and stability of Windows 10 are also fit for Linuxfx. LinuxFX Desktop : Apart from Windows-like looks, Linuxfx also has more to offer which a regular user will definitely admire. So, let’s get along with me to know more about Windows alternative Linuxfx. As usual, I started by downloading the ISO image of Linuxfx from the official site  here . Then, instead of dual-booting, I decided to install it on my VirtualBox to play safely. After finishing the basic configuration, as soon as I booted it, I noticed a Windows logo and system integrity check. That’s quite surprising because every Linux distro puts their own or OEM logo on that place. But I think Linuxfx wants to make migrating users feel like home from the beginning. Entering the boot menu, Linuxfx redirected and logged in to a live session. Whoah! it can also detect the system I’m using — anoth
    Post a Comment
    Read more