Port Forward, NAT for your services - Homenet Howto

Port Forward is a special type of NAT that is used in a router to forward traffic from the Internet to internal hosts, based on the destination Port. Skiptocontent Menu EarliersectionsinthisguidebroughtupNAT,addresstranslation,andhowitletsmultiplecomputersonaLANsharethehomerouter’spublicIPaddress. Ifhowevertheoppositescenarioistakingplace–somethingontheInternetwantstoinitialisethecommunicationtowardacomputerontheinternalLAN–thenthatwouldbeimpossiblewithoutsometypeofspecialsolutionsuchasaPortForward.RememberthatallcomputersonyourLANare“hidden”behindthepublicIPaddressofyourhomerouter. Let’ssayweinstallaWebServeronourhomenetwork,andwewantpeopleontheInternettobeabletobrowsetoourWebServer.Wealsohaveseveralothercomputersonourhomenetwork,andwewantbothourcomputersandtheWebServertosharethesamepublicIPaddressthattherouterhasonitsoutside. WhensomebodyisbrowsingfromtheInternettothepublicIPaddressofthehomerouter,howshouldthatrouterknowthatitshouldpassthetraffictotheWebServer? Theroutercannotdothisautomatically.Instead,youwouldhavetoconfiguretheroutertodowhatwewantittodointhisparticularscenario. Ifyoudonotconfiguretherouterforthisscenario,thenifsomebodyontheInternetisbrowsingtotherouter’spublicIPaddress,therouterwouldn’tknowwhattodowiththetraffic.Theroutercannotfindanymatchingpre-existingsessioninitsmemory,sotherouterdoesn’thaveanyotherchoicebuttodiscardthetraffic. TheresultisthatthepersonontheInternetwhowastryingtobrowsetoourWebServersimplydoesn’tgetanyrepliesback.Theirwebbrowserwilleventuallytimeoutanddisplayanerrorinformationmessage. ThesolutiontothisproblemistocreateaPortForward.YouastheadministratorofthehomerouterwillhavetoinvestigatewhichportsthatthewebserverontheinsideLANwantstolistento.ThenyoumakesurethatanytrafficfromtheInternetthatissenttothoseportsareforwardedintheroutertothecorrectdevice. LuckilythesedaysthereisaneasierandcompletelyautomaticwayofdoingPortForwards.ItishandledbyaprotocolcalledUPnP whichisdescribedinasectionofitsownwithinthisguide.ButworthnotingisthatUPnPwon’talwaysworkcorrectly. SoifyouwouldliketounderstandthetheorybehindhowPortForwardsworkthenthissectionisforyou.IfhoweveryoujustwantthesimplicitythenstartbylookingatthesectionaboutUPnPandcomebacktothissectiononlyifUPnPdidnotworkinyourcase. UnderstandingPortForwards PortForwardsareamongthemostadvancedthingsthatatypicalhomenetworkownerwilldealwith.Sometimesdependingonyourrouteritmightbesimpletoperformtheactualconfigurationinyourrouter.ButtheunderlyingtheorybehindPortForwardsismorecomplex. Firstofall,youhavetoknowwhyPortForwardswouldsometimesbeneeded.YoumustalsohaveheardaboutPortForwardstoevenhaveaclueaboutanyproblemthatcouldbeassociatedwithrunningaserveronyourhomenetwork. OnceyouhavegottenthatfaritisoftenrathersimpleforanexperiencedcomputerusertolookforguidesandtrytofollowthoseguidestoperformaPortForwardintheirhomerouter.Buttheproblemisthatmanyguidesaresimplybadlywritten,andmightevenbewrittenbypeoplewhothemselvesdonothaveaclueabouthowPortForwardsactuallywork. Also,ifyoudon’tknowthetheorybehindtheconfigurationchangethatyouareperformingthenitgetsreallydifficulttotrytotroubleshootwhyitisnotworkingifsomethingdoesn’tgoaccordingtoplan. Allprogramsorservicesthatyoucanconnecttoalwayslistenonaspecificport.AWebServerforexamplealwayslistensforTCPtrafficonport80.SoifweinstallaWebServeronourhomenetworkthenweknowthatitwilllistenfortrafficonport80/TCPbydefault. ThatisalltheinformationweneedtosetupaPortForwardruleinourhomerouter.WecanconfiguretherouterinsuchawaythatifanybodybrowsestothepublicIPaddressoftherouteronport80/TCP,thentherouterwillforwardthattraffictoourinternalLANWebServer.Thatwaywecan“publish”ourinternalWebServertothepublicInternet. AsyoucanseeinthepictureaboveanAddressTranslationisperformedbytherouterontheIPpacketsastheypassthroughthehomerouter.ThedestinationIPaddressistranslatedintheIPpacket. Infact,PortForwardingisactuallyjustaspecialtypeofNATorAddressTranslation.Butsinceitisusedforaspecificpurposeithasgottenitsownname,“PortForward”. ManycomputergamesalsorequirePortForwardstofunction.ThisisoftentrueformultiplayergameswhereoneplayercanstartaGameServerwithinthegameandtheotherplayersconnecttotheGameServer.SincetheGameServerisstartedonacomputerwhichsitsonalocalLANbehindahomerouter,itmightbenecessarytoconfigurethathomerouterwithPortForwardrulestomakeitworkproperly.Otherwise,whenaplayerontheInternetwantstoconnecttothegameserverthehomerouterdoesn’tknowwhereitshouldsendthetraffic. DifferentgameswillrequiredifferentPortForwardrules.MostgameswillactuallyrequiremultiplePortForwardrulesbeforetheystarttowork,andtheremightbeamixofbothUDPandTCPportsthatmustbeforwardedtothecomputerwhichisrunningthegame.Sometimesawholerangeofportsmustbeforwarded. TofigureoutwhichportsthatmustbePortForwardedyouhavetoeithergoogleforthegame’snameandthekeywords“portforward”,oryoucouldtrytofindtheinformationonthehomepageofthegame. Inallhonesty,thegamepublishersareoftenabsolutelyincompetentregardingPortForwards.Theycommonlylistfartoomanyportsthattheytellyoumustbeforwarded,andtheyareoftenconfusedthemselvesastowhichportsareactuallyrequiredtorunthegame.Sotobeonthesafeside,thepublishersoftenlistloadsofportsintheirPortForwardhelparticlesontheirwebsites. Themostcommonmistaketheymakeisthattheycannotdistinguishbetweenoutgoingtraffic(fromthegamingcomputertotheInternet)andincomingtraffic(fromtheInternettothegamingcomputer).Theresultisthattheymightlistallportsinbothdirectionsandtellyoutoforwardallofthem. Unfortunately,thereisnogeneralrulethatcanbeappliedtotheproblemofincompetentgamepublishers.YoucouldtrytoenableUPnPifpossible,butifthatdoesn’tworkthenyoumighthavetosearchtheInternettofindotherswhohavesolvedthepuzzleofmakingacertaingameworkwithPortForwardsandcopywhattheydid. Examplegamerequirements: HereisoneexampleofagamewhichhassomePortForwardrequirementslisted.ThisparticulargameisTitanfallforPC: UDPport8125 TCPportrange25000–25099 TCPportrange30000–30099 UDPportrange25000–25099 UDPportrange30000–30099 Thegamepublisheralsolistsport80/TCPandport443/TCP.However,ports80/TCPand443/TCP(WebServerports)shouldneverhavetobePortForwardedtoyourcomputerunlessyouarerunningaWebServeronyourcomputer.YourgameisnotaWebServer.SoyoucanprobablysafelyassumethatyoudonothavetoPortForwardport80/TCPor443/TCPtoaninternalcomputerunlessyouactuallywanttorunaWebServeronthatcomputer. Whatthegameactually usesthosetwoportsforistoletthegameconnecttothepublisher’sWebServersontheInternettodownloadinformationandupdates.Inotherwords,theyareonlyrequiredforoutgoingtraffictotheInternet. ConfiguringPortForwards HowyouconfigureaPortForwarddependscompletelyonwhatrouteryouhave.Oftenthereisasettingavailableintheroutercalled“PortForward”orsomethingsimilartoit.Butnomatterwhattheexactnameofthefunctionisonyourparticulartypeofhomerouter,themainideaisthatyouhavetofirstpickwhichportsthatshouldbeforwardedtoaninternalcomputer,andthenyouhavetopickwhichinternalcomputerorwhichinternalIPaddressthatthetrafficshouldbeforwardedto. RememberwhenwediscussedearlierintheguidehowyoucanconfigureacomputerwithastaticIPaddress?Whenyouneedtosetupaportforwardruletoyourcomputer,thenitwouldnormallyalsobewisetoconfigurethatcomputerwithastaticIPaddress.Otherwise,yournewportforwardrulewillstopworkingifyourcomputerchangesitsIPaddresslateron. Previouspart: UDPandTCP,twowaysofsendingtraffic Nextpart: UPnP-automaticPortForward CurrentTopicPortsandNATPublicandPrivateIPaddresses Addresstranslation Ports–addressesforprograms UDPandTCP,twowaysofsendingtraffic PortForward UPnP–automaticPortForward Licenseinformation Non-educationalcontentonthiswebsiteis©PetterÖsterlund2019. EducationalcontentisprovidedunderaCreativeCommonsAttribution4.0International(CCBY4.0)license. SeetheDownloads&Licensingpageformoreinformationaboutlicensing Doyoulikethiswebsite? Pleaseconsidermakingadonationifyoufindtheeducationalmaterialonthiswebsiteuseful Thiswebsiteusescookieswithinourwebshop.WealsoparticipateinGoogleAdsense,GoogleAnalyticsandAffiliatePrograms.BycontinuingtousethiswebsiteyouagreetothecontentsofourPrivacyPolicyAcceptPrivacy&CookiesPolicy Close PrivacyOverview Thiswebsiteusescookiestoimproveyourexperiencewhileyounavigatethroughthewebsite.Outofthese,thecookiesthatarecategorizedasnecessaryarestoredonyourbrowserastheyareessentialfortheworkingofbasicfunctionalitiesofthewebsite.Wealsousethird-partycookiesthathelpusanalyzeandunderstandhowyouusethiswebsite.Thesecookieswillbestoredinyourbrowseronlywithyourconsent.Youalsohavetheoptiontoopt-outofthesecookies.Butoptingoutofsomeofthesecookiesmayaffectyourbrowsingexperience. Necessary Necessary AlwaysEnabled Necessarycookiesareabsolutelyessentialforthewebsitetofunctionproperly.Thiscategoryonlyincludescookiesthatensuresbasicfunctionalitiesandsecurityfeaturesofthewebsite.Thesecookiesdonotstoreanypersonalinformation. Non-necessary Non-necessary Anycookiesthatmaynotbeparticularlynecessaryforthewebsitetofunctionandisusedspecificallytocollectuserpersonaldataviaanalytics,ads,otherembeddedcontentsaretermedasnon-necessarycookies.Itismandatorytoprocureuserconsentpriortorunningthesecookiesonyourwebsite. SAVE&ACCEPT