Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Port Forwarding


  • Please log in to reply
16 replies to this topic

#1 Bellzemos

Bellzemos

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 22 November 2014 - 09:42 PM

Hello!

I have a few questions about the Port Forwarding and routers in general. I have changed the actual port numbers on the picture below to maintan privacy and security (but this was probably unnecessary, right?).

As you can see on the picture below, the internal and external UDP and TCP ports have the same number in my router settings for Skype. But in Skype, under the Connections, I have a different port number (6677). Should I change and enter the number that I've found under the UPnP settings of my router to make Skype work better?

fotky.png

I am pretty new to networks but it seems to me that even though the UPnP is enabled in my router Skype didn't get set up properly - as the port numbers differ. Or am I wrong?

Also, why is the number after the IP address :5698 and the port's numbers are 56985 (with the additional number 5)? What's the deal here, which port is opened then, 5698 or 56985?

Would my internet connection be (much) more secure if I would disable the UPnP completely and open the ports for Skype manually (if yes - how & do I have to do it for each computer on the network respectively)?

In general, is it true that one should always open only the ports above 6000 (for Skype and such)?

A little off topic: how can I check which Channel is best for my WiFi broadcast? Is there a (free) utility that would find the best possible channel for my wireless network? Or should I leave it on the Auto setting?

Thank you for your help in advance!
 



BC AdBot (Login to Remove)

 


#2 sflatechguy

sflatechguy

  • BC Advisor
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 23 November 2014 - 12:28 PM

Unless you are having issues with Skype, the fact that UPnP is enabled usually eliminates the need for port forwarding and you don't need to change anything and you can ignore anything that looks different. http://www.ehow.com/how_5839712_configure-router-ports-skype.html

 

There are some known vulnerabilities with UPnP, but if you do decide to forward your ports, ONLY open ports that are absolutely essential. It's never a good idea to just leave a range of ports open, unless the application you are using requires that a certain (small) range of ports must be opened. Skype offers two options -- leave all incoming ports above 1024 open (a VERY bad idea), or leave ports 80 and 443 open. The latter is much better, as those ports are pretty much always open by default, and if Skype needs to use other ports, most firewalls are configured to accept incoming traffic on other ports, even if they are normally closed, as long as the packets coming in on those ports are sent in response to or are associated with the traffic on ports 80 and 443.

 

As for how the port numbers are displaying, that's probably just a quirk of the GUI -- it may not be configured to display the full port number in cases like this.

 

As for the best channel to use, unless there are multiple WiFi routers in your home, or you are in an apartment building surrounded by neighbors with WiFi routers, the auto configuration for the channel is fine. There is no "best" channel for WiFi, but you do want to stay off channels that other nearby routers may be using. So if you know another router is using channel 3, you would want to use either channel 1 or channel 5, keeping a "distance" of two channels away from any others that might be in use.



#3 Bellzemos

Bellzemos
  • Topic Starter

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 24 November 2014 - 04:04 PM

Thank you, sflatechguy!

 

So you are suggesting to enable the UPnP and chect the ports 80 and 443 for use in Skype? But the article you linked suggests the opposite, not to use those ports and to disable the UPnP and configure the open port for Skype myself. So what should I do? How big of a security threat is the UPnP feature?

 

As for the best WiFi channel - thank you, I will leave it on Auto since I live in a house and it seems to be working fine anyway.



#4 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 24 November 2014 - 06:12 PM

I have never had to do port forwarding to use Skype. 

 

"which port is opened then, 5698 or 56985?"

 

Don't confuse the description/title with the actual port.  You will notice its only 56985 that is both internal and external port number.

 

Enabling Upnp should be all you need to do for the auto port selection to work

https://support.skype.com/en/faq/FA148/which-ports-need-to-be-open-to-use-skype-for-windows-desktop



#5 sflatechguy

sflatechguy

  • BC Advisor
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 24 November 2014 - 07:44 PM

As Wand3r3r pointed out, just enable UPnP and you don't have to configure anything.

 

As for the risks in using UPnP, there are a few. Just something to be aware of: http://www.howtogeek.com/122487/htg-explains-is-upnp-a-security-risk/



#6 Bellzemos

Bellzemos
  • Topic Starter

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 26 November 2014 - 12:47 PM

Thank you both.

 

So the 5-digit number is the real port number, right?

 

About the UPnP - is it true that the programs which feature UPnP will open a certain port (or ports) when they need them (when that certain program is used) and then close the ports via UPnP after they are closed (when I quit the program)? So, would it be safer to use the UPnP then or to manually open the needed ports and have them opened at all times?



#7 Bellzemos

Bellzemos
  • Topic Starter

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 26 November 2014 - 01:05 PM

PS: I've read a bit more about port forwarding and only now realised that when you open a certain port you only open it for a certain computer on the network. Right? We have 3 computers at home connected (one by cable and two wireless) to the router and if I want to open a port for Skype only on my computer I have to set a static IP for my computer. Could this bring me any trouble (security & convinience-wise)? And how do I do that? Thank you!



#8 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 26 November 2014 - 01:43 PM

Again you don't need to forward ports with Skype.  Why make this hard on yourself?  Skype randomly chooses ports.  Let it do its thing.

 

"would it be safer to use the UPnP then or to manually open the needed ports and have them opened at all times?"

 

No it would not be safer.  Port forwarding is referred to as opening pin holes in your firewall.  Upnp is great for programs but then think about that for a second.  If its great for good programs its also great for bad programs like malware.

 

"when you open a certain port you only open it for a certain computer on the network. Right?"

That is correct. Most programs will allow you to change the listener port like RDP does with 3389 as default but you can change the listeners to 3390, 3391, etc.  You set a static ip address so the router forwarding always goes to the correct machine/ip address.

 

 

"And how do I do that?"

There is this really cool thing with the internet.  Open up any web search engine and type: "How do I set a static ip on my computer"  Low and behold you will have many answers to choose from.



#9 sflatechguy

sflatechguy

  • BC Advisor
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 26 November 2014 - 02:04 PM

 

About the UPnP - is it true that the programs which feature UPnP will open a certain port (or ports) when they need them (when that certain program is used) and then close the ports via UPnP after they are closed (when I quit the program)? So, would it be safer to use the UPnP then or to manually open the needed ports and have them opened at all times?

 

Yes, that is basically how UPnP works. Whether it is safer or not than port forwarding is another question.

 

 

PS: I've read a bit more about port forwarding and only now realised that when you open a certain port you only open it for a certain computer on the network. Right? We have 3 computers at home connected (one by cable and two wireless) to the router and if I want to open a port for Skype only on my computer I have to set a static IP for my computer. Could this bring me any trouble (security & convinience-wise)? And how do I do that? Thank you!

 

To set a static IP address for your computer, follow these steps: http://www.howtogeek.com/howto/19249/how-to-assign-a-static-ip-address-in-xp-vista-or-windows-7/

Then, in the router, forward those ports to the IP address you set for the computer.

Although it's probably just easier to let UPnP configure all that automatically.

 



#10 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 26 November 2014 - 03:34 PM

That article left out one very important step.  You must first logon to your router and note what the dhcp scope [range of ip addresses] is.  If from .2 to .254 you will need to modify the scope to something more reasonable like .2 to .100.  Then you would assign a number NOT in the dhcp scope.  Otherwise you will end up with ip conflicts when the static ip you assigned was also assigned to a different device via dhcp.



#11 Bellzemos

Bellzemos
  • Topic Starter

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 27 November 2014 - 03:54 PM

Why forward prots for Skype? Because I read that opening a port for Skype would drastically increase the audio and video quality when calling someone. I want to try it, if it's bogus - or if it's true - I'll report it here.

When setting a static IP - is it possible that this could mess things up (security and/or convenience-wise)? Do I have to set static IPs to all the computers which are connected to the router then? Or just to the one which will have a Skype port open?

I don't really understand all the DHCP stuff you mentioned in your last post. How do I set this so it won't mess thing up?

Thank you both for your help!
 



#12 sflatechguy

sflatechguy

  • BC Advisor
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 27 November 2014 - 07:44 PM

Setting up port forwarding for Skype would only improve the call quality if both parties were using port forwarding. If the other person on Skype is using UPnP, there won't be any noticeable improvement in call quality.

 

Setting up a static IP address shouldn't create any security issues. You would only need to set up a static address on the computer you want to forward ports to. The other computers can be set to DHCP to get their IP addresses. If you do decide to set up a static Ip address for the computer that will be using Skype, go into the router and set the DHCP range of addresses. For example if your local network address is 192.168.1.0, and the default gateway address is 192.168.1.1, set the DHCP range to between 192.168.1.2 and 192.168.1.50. Then set your static IP address to anything above .50, like 192.168.1.52.



#13 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 28 November 2014 - 12:59 AM

No you don't have to set static IPs for all computers. Unless you reset your router you probably wouldn't have to make the Skype PC static. 

 

On your router - Click DHCP...DHCP Settings. On that page the DHCP server should be Enabled, there should be Start IP Address, Stop IP Address, Address Lease Time. Default Gateway (optional), other stuff you shouldn't mess with or care about and then Primary and Secondary DNS or at least that is what I see on a couple of TP-Link routers. Yours may be different.

 

That is what he was talking about. 


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#14 Bellzemos

Bellzemos
  • Topic Starter

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 01 December 2014 - 07:12 PM

Setting up port forwarding for Skype would only improve the call quality if both parties were using port forwarding. If the other person on Skype is using UPnP, there won't be any noticeable improvement in call quality.

 

Are you 100% sure about that?



#15 sflatechguy

sflatechguy

  • BC Advisor
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 02 December 2014 - 08:02 PM

Yes, I'm sure. :)

There are a number of factors that will affect Skype call quality, many of which aren't under your control -- the quality of your connection to your ISP, the quality of your ISP's connection to the rest of the Internet, the quality of the connection of the person you are talking to, etc.

In general, connecting your computer via Ethernet is a better route than trying to Skype over a WiFi connection. The choice between port forwarding and UPnP results in a minimal difference at best.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users