Saturday, 22 November 2014

What is Port-Forwarding?

What is Port Forwarding? Port forwarding is a method of making a computer on your network accessible to computers on the Internet, even... thumbnail 1 summary

What is Port Forwarding?


Port forwarding is a method of making a computer on your network accessible to computers on the Internet, even though you are behind a router.
It is commonly used for hosting game servers, peer to peer downloading, and voice over IP type applications. There are many other reasons you may need to forward a port, this is not an exhaustive list.

What are Ports?


Ports are virtual pathways on which information on the Internet travel. There are 65,536 ports to choose from. A good analogy is to think of ports like extensions on a phone sytstem.

What are some commonly used ports?


Every program on your computer that uses the internet is programmed to send its packets through specific ports. Sometimes the ports are selected arbitrarily by the programmers of the software, but other times programmers will use a more standard port depending on the functionality of the software. Here are a few examples of industry standard uses for common ports:
  • HTML pages: port 80
  • FTP file transferring: port 21
  • POP3 email: port 110
  • MSN Messenger: port 6901 and ports 6891-6900

Now that you have a basic understanding of port forwarding, let's dive a bit deeper
  1. Every device on the internet has at least one IP address.

  2. Every IP address is divided up into many ports. When one computer sends data to another computer, it sends it from a port on an IP address to a port on an IP address.

  3. A port can only be used by one program at a time.

With that out of the way, we should talk about NAT. NAT, or Network Address Translation, is a technology that allows each device on your network to have its own IP address.
While each device in your network has its own IP address, from the outside, every request coming out of all of those devices appears to be coming from the single publicly visible IP address assigned to you by your Internet Service Provider.
Lets say you want to browse the web. We suggest port forwarding. For instance, when you click on this link to our site, whythehack.blogspot.in, the request doesn't go straight out to the Internet. Instead, the request goes to your router, which makes a note of which internal device is requesting the information, then sends that request out to the Internet. When our web server responds, your router will know exactly which device to relay that response back to.
It works exactly the same in reverse! When a computer on the Internet requests, for example, a web page from your IP address, your router needs to figure out which internal device is a web server so the request can be filled. NAT can handle such requests in certain circumstances. For the rest, you need to know about port forwarding.
Luckily, you have almost all the information you need already. What if your router just doesn't know which internal device has a web server running? All you need to do is tell it: "Router, please send any requests for web pages to my server." That's what you'd say if this were Star Trek, but we're not quite there yet, so for now you need to sign in to your router's configuration utility and tell it which services are running on which internal devices.
For example ... Have an FTP server running on an internal computer with IP address 192.168.1.123? Tell your router to FORWARD all requests that come in on port 21 to 192.168.1.123. Need your internal web server to be accessible to the public? Forward port 80.
Sure, you can get complicated if you want, but for the most part it's just that easy.
Oh, you want to complicate things? Have TWO web servers running? Well, port forwarding can still come to the rescue. See, while each of your internal web servers might be answering on port 80 (192.168.0.2:80, 192.168.0.3:80), you can still make them both accessible on the Internet.
A diagram for how to forward two ports to two different computers
Say your public IP address is 20.1.1.1. You can make up a forwarding rule in your router that says that all requests to http://20.1.1.1:80 should be forwarded to 192.168.0.2:80, and all requests to http://20.1.1.1:8080 should be forwarded to 192.168.0.3:80! No need to pick and choose. That works when we have the easy ability to change the port that is requested as in the example above. A bigger problem arises when you can't change the requested port, perhaps because you're using an application that won't allow you to specify an alternate port. Remember #3 way up above? It says that a port can only be used by one program at a time, so if we want to have two web servers, we can't have them BOTH answer on 20.1.1.1:80. The router wouldn't know which internal device to forward the request to! This is a reasonably big pitfall for those new to port forwarding.