Port forwarding is a problem with network address translation. If you wish to accept inbound connections through your WiFi network, you’ll need to be familiar with this method. Fortunately, it’s simple to install, completely legal, and will not harm your router. However, knowing what port forwarding is and why you may need it requires some explanation, so bear with me as I walk you through the port forwarding technique.
IP addresses that are unique
IP addresses are a critical component of the internet. The Internet Protocol, or IP, defines the procedures that make the Internet function. A unique IP address is required. As a result, each device connected to the internet needs its own unique IP address. However, the same need for uniqueness applies per “address space,” so addresses inside a private network need to be unique only within that address space.
The gateway links your network to the internet. This is a unique kind of router that serves the same purpose as your WiFi hub.
The machines on your network retain their own address space in this situation, while the router serves as a representation on the internet. The router has a unique IP address on the private network and another unique IP address on the internet. Thus, a single IP address on the internet reflects a collection of devices located behind the private network’s gateway.
Translation of network addresses
If computers A, B, and C all have the same IP address, how does anybody from the outside know how to send messages to the appropriate device? They do not; only the gateway is aware of this. This is an excellent security feature that significantly reduces the likelihood of hackers just transmitting malware over the internet. However, it prohibits other torrenters from accessing your computer in search of a piece of a file, which means no one will connect to the gaming server you set up.
Network address translation (NAT) is used by gateways to determine which inbound messages are meant for which machine on the network. Do you recall computers A, B, and C? Each of them is connected to the internet and communicating with distant computers X, Y, and Z. All incoming connection requests must go via the gateway.
To begin, a message is received by the gateway from computer A and is directed to computer Z. “Right,” the gateway replies, “I understand that if I receive a response from computer Z, I must forward it to computer A because no one else on this network is communicating with Z.” I’ll keep it in mind.”
Following that, computer B wants to establish a connection with distant computer X, while computer C wishes to establish a connection with remote computer Y. Additionally, the gateway records such activities.
The gateway gets replies from X, Y, and Z and determines their destination based on its notes. This is the NAT in action. A, B, and C communicate with X, Y, and Z. Everyone is content… till B wants to link to Z, which is already connected to A. When Z sends an answer, does it go to A or B?
The gateway knows precisely where to transmit that message from Z since I omitted a critical component of NAT’s description: port numbers.
What is the definition of a port number?
The term “port” is perplexing in networking since it may refer to one of two things. Certain individuals refer to the holes in a computer into which cables are plugged as ports – “USB port,” “COM Port 1.” Ports utilized for network address translation have nothing to do with those plug holes.
A network port is a protocol’s identification. A protocol is a collection of rules or a standard that communication programs must follow to function properly.
When you install new software on your computer that communicates through a network or the internet, one of the applications in the suite is referred to as a daemon. This is software that loops indefinitely and does not terminate until the computer is turned off. It examines incoming traffic for messages with a particular number on each pass through the loop. This is the port’s identification number.
The port number is a daemon’s address. When the daemon detects its address on an incoming packet, it forwards it to the related program. Thus, while Skype is operating, its daemon will monitor all incoming traffic on port 23399; your browser’s daemon will monitor HTTP traffic on port 80. In a data packet traveling over a network or the internet, the complete address is the IP address followed by a port number.
NAT port numbers
Individual machines are identified by port numbers in network address translation systems. Do you recall that when A sent a message to Z, the gateway kept track of that correspondence? It created a note on the usage of the port number.
This is a simplification, but it will suffice for the time being. When A sends a message to Z, the gateway includes a port number as part of the return address in the header of the outgoing packet. The gateway creates an entry in a network address translation table with the following formula: A = IP address>:port number>. When B sends a message to Z, the gateway creates a new NAT entry with a different port number in the NAT table.
For example, A’s IP address is 192.168.0.7, while B’s IP address is 192.168.0.12. 81.100.210.104 is the gateway’s internet-wide IP address. The packets from A and B include their return addresses, but when they travel through the gateway, the packets from A get the address 81.100.210.104:52108, while the packets from B receive the address 81.100.210.104:52109. Gateway records the following in its NAT table:
| Home Network | Internet |
|---|---|
| 192.168.0.7 | 81.100.210.104:52108 |
| 192.168.0.1 | 81.100.210.104:52109 |
The network gateway receives all traffic flowing over the internet with the IP address 81.100.210.104. When a packet comes to the gateway, it examines the address and determines that it is 81.100.210.104:52108, then checks the NAT table and passes the message to 192.168.0.7, which is machine A.
Translation of port addresses
Every computer understands that a complete address consists of an IP address followed by a port number. Servers take advantage of this system and are accessed through incoming connection requests. Bear in mind that the daemon for a program that sends a connection request is searching for a particular port number, which must be included in the return address. When the browser on machine A makes a request to a Web server for a Web page. It specifies 192.168.0.7:80 as its return address.
A single address cannot include two port numbers. Thus, if the gateway omitted the 80 to produce the address 81.100.210.104:52108, the packet will reach the correct computer but will not pass through the computer to the browser, since the daemon will only accept packets addressed to port 80.
Port address translation is the answer to this issue (PAT). When the gateway processes an outgoing message, it adds the source address’s IP address and port number to the NAT table, followed by its IP address and port number to reflect that combination. As a result, the NAT table is a PAT table, and it will include entries like as:
| Home Network | Internet |
|---|---|
| 192.168.0.7:80 | 81.100.210.104:52108 |
| 192.168.0.7:21 | 81.100.210.104:52100 |
| 192.168.0.7:110 | 81.100.210.104:52110 |
| 192.168.0.12:80 | 81.100.210.104:52111 |
| 192.168.0.7:23399 | 81.100.210.104:52112 |
The Internet Assigned Names Authority (IANA) assigns port numbers that are often used by protocols (IANA). These ports cannot be used for any other purpose, which means that port 21 is always reserved for FTP and port 110 is always reserved for the email system, POP3. However, hundreds of port numbers remain unutilized. The port numbers 49152–65535 are referred to as dynamic ports, and they may be utilized by NAT systems.
Address translation management
Although there are over 15,000 possible port numbers for address translation in the dynamic range, those numbers will eventually run out. On all but the tiniest networks, it would be impossible to maintain a permanent translation of addresses.
When one of the computers on the network attempts to connect for the first time to a computer in the outside world to perform a particular task, the home hub allocates a dynamic port number and creates an entry in the NAT table. This entry stays in the database until the connection to which it refers is terminated. The record is then erased and the port number is returned to the pool for future usage.
The importance of port forwarding
There are additional issues to consider while developing an address translation scenario. These translation tables are updated whenever a computer on the network attempts to connect to a distant computer. If a computer from outside the private network wishes to connect to a device on a private network, there is no established connection in the NAT table to facilitate this.
For decades, networking design was built on the client-server paradigm. The client makes a service request and the server replies. Domestic users of the internet will always initiate a connection, and commercial systems will react. As a result, any connection request sent to a domestic IP address is considered suspicious, is likely to be a malware assault or hacker activity, and should be stopped.
That assumption is shattered by peer-to-peer architecture. This includes torrenting, some VoIP services such as Skype, media sharing systems such as Plex and Popcorn Time, and gaming platforms with a lobby system such as Call of Duty. Worse still, some systems need the home computer to function as a server. This category covers remote desktop systems, some gaming systems, such as multi-player games hosted on Xbox or PSN, private file servers, such as OwnCloud, and modest, home-based Web hosting.
As a result, there are many novels used for your home computer and internet connection that do not match the way the internet service business works. Port forwarding eliminates this issue.
What is the definition of port forwarding?
Port forwarding is a workaround that enables you to permanently add an entry to the address translation table maintained by your WiFi hub. Your port forwarding record will provide a permanent online identity for your machine on your home network.
Once your computer’s IP address has been published in a system such as Call of Duty or a torrent tracker file, it cannot be changed. If you depend on being able to access your computer’s files from your mobile device while on vacation or when running your own small company outside the home, the app on your phone must be configured with a static IP address for your home computer.
Execution of port forwarding
Your router’s port forwarding must be configured. Regrettably, the precise steps for doing so vary depending on the type of WiFi hub you own, since each model’s menu layout is somewhat different. However, the gist of what you need to do is create a non-changing and non-deletable item in your hub’s NAT table.
You’ll note that in the example of machines A, B, and C above, there are distinct entries in the NAT table for various kinds of activity. This is a security benefit since it implies that traffic will continue to be prevented from entering your computer unless it is of a protocol to which you have granted access. This does imply, however, that you must configure port forwarding records for each kind of activity.
The application that you use to share activities will manage the distribution of your permanent address for particular traffic. For instance, eMule will prevent you if you do not configure port forwarding, however, this is handled via the eMule client installed on your computer. Similarly, if you have Skype, the Skype program will handle distributing the IP address and port number combination that passes through your network to people on your contact list.
Dynamic addresses
There is one more issue to resolve. Your computer’s address must remain constant. This results in a persistent entry into the NAT table with your computer’s network IP address. However, networks are structured in such a way that each time you join the network, you are given a unique IP address. This is also true for mobile devices connected to the home WiFi network.
The mechanism that maintains home network addresses is called Dynamic Host Configuration Protocol (DHCP), and if you wish to utilize port forwarding, you must disable DHCP on your computer. To do this, you must request that your machine be given a permanent address, referred to as Static, rather than Dynamic.
To do this on Windows, follow these steps:
- In the Start search box, type cmd and then choose Command Prompt from the results.
- Type ipconfig and click RETURN in the Command Prompt. Take note of the IPv4 address and default gateway settings for the Wireless LAN adapter in the Wireless LAN adapter section. To dismiss the window, type exit and hit RETURN.
- In your system tray, click on the network icon (where you choose which WiFi network to connect to) and then on Network and internet settings at the bottom of the list. A Status screen is shown. Select Properties.
- Scroll down to the IP address assignment section and select the Edit option.
- Manually adjust the settings.
- Select IPv4 in the Edit IP settings window.
- Enter the IP address you wrote down from ipconfig on the new screen that opens. In the Subnet prefix length field, enter 24 and in the Gateway field and enter the Default Gateway value from ipconfig.
- Click the Save button.
This permanently assigns the IP address to which your machine is presently allocated. You may now use this IP address in your router’s port forwarding configuration.
To configure port forwarding on your router, visit the Port Forward website and follow the instructions.
VPNs and port forwarding
When you use a VPN, the IP address associated with your home network is changed. Thus, to establish inbound connections to your computer, you must examine your VPN provider’s address allocation mechanism. If you operate on your Web server or gaming server, you should also investigate obtaining a static IP address from your VPN provider.
Internet remapping
The directions in this tutorial may seem to be rather complex. With a better understanding of how routers handle IP addresses, it should be clear why port forwarding is essential.
Regrettably, the whole internet service business for home internet was built on the erroneous premise that private customers would never be required to accept inbound connections. They were incorrect. Port forwarding is a deceptively simple technique, yet it has the potential to destabilize the whole internet.