Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What exactly is Port Forwarding?


  • Please log in to reply
4 replies to this topic

#1 fr4m3s

fr4m3s

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 05 September 2016 - 04:53 PM

I've never quite understood what port forwarding actually is. I understand we port forward certain ports on our routers to alleviate network issues (usually related to a network based application or gaming console). I've also seen CompTIA ask questions about using port forwarding on IP based cameras, but not fully understood why port forwarding would be the solution.

 

"If our firewalls or ACLs aren't implicitly denying traffic on those ports, why would we need to 'forward' them?"

I am commonly asked that question and I get very confused as to what exactly is happening when you forward a port.

 

Any clarification is greatly appreciated.



BC AdBot (Login to Remove)

 


#2 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:11:09 AM

Posted 05 September 2016 - 05:40 PM

The best visual metaphor I have come up with is that of a operator on a old fashion switch board.

 

The switch board is your router's NAT routing table, with inbound and outbound calls being like calls inbound/outbound requests for connections. Your public IP is the phone number for that board, with the different extensions being the different TCP/UDP ports. If someone calls from inside the office asking for "Bob Smith", the operator has to check her public directory (DNS) for their phone number(IP) and route it accordingly. However, if someone calls from outside the office asking for "Fred", the operator needs to know what line or exstention Fred is at that office. This would use a separate private directory that would tell the operator which exstention belongs to which person.  Making a port forwarding rule is like making a entry in that directory. You are telling the router to route any requests for a certian port to a private IP on the LAN. With camera's, you assign a different port to each one, and route that port to the IP of the camera;

 

Internet (68.5.5.5)

 

LAN (192.168.1.2 - 192.168.1.99)

 

Camera 1 (192.168.1.2) Port 8080

 

Camera 2 (192.168.1.3) Port 8081

 

Camera 3 (192.168.1.4) Port 8082

 

You would forward the port (8080) to the IP 192.168.1.2. Someone outside the network would enter 68.5.5.5:8080 into their browser for camera 1, 68.5.5.5:8081 for Camera 2 and so on. Does that make sense? Did you want a more technical answer?


Edited by Trikein, 05 September 2016 - 05:42 PM.


#3 fr4m3s

fr4m3s
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 05 September 2016 - 06:50 PM

Thank you Trikein for that fairly detailed explanation. So if I understand correctly, in the case of someone port forwarding a game on a gaming console, they forward the port the software uses to communicate on the network to basically statically 'create' that line of communication between the host and the router...? Or at least clearly defining it?

 

In the camera scenario, you are assigning ephemeral port numbers to each device in addition to their individual host IP addresses; so any ephemeral port goes?



#4 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:11:09 AM

Posted 05 September 2016 - 07:12 PM

"they forward the port the software uses to communicate on the network to basically statically 'create' that line of communication between the host and the router...?"

 

In a way, yes. The port is not opened or queried when the port forwarding rule is created, that is only done when the router uses the rule based on activity. Think of it like a virtual line.

 

"so any ephemeral port goes?"

 

Not any port. TCP/UCP ports are broken up into two main groups; assigned and unassigned. Anything from port 1 to 49152 could be used by another application. Here is a list.  Some common ports are port 25/110/993/995/465/587 for email and 80/443/53 for websites. Furthermore, some ports may be blocked by your firewall or the ISP. Many ISP block port 80 and 25 to stop people from running websites on consumer accounts. So some ports define a certain kind of internet traffic(80 is HTTP) while others just act as name cards for traffic routes. 


Edited by Trikein, 05 September 2016 - 07:15 PM.


#5 fr4m3s

fr4m3s
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 05 September 2016 - 07:17 PM

Okay that clears things up a lot more for me, thanks again!

 

Yeah I meant the temporary port numbers (ephemeral) vs the 'standard' ports (non-ephemeral) like smtp, pop3, rdp, ssh, smb, etc.but interesting you mention the ISP blocking incoming web and mail traffic...it makes sense but never thought about it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users