What is it?
Port forwarding is a mechanism whereby signals going to a particular port on a public IP address is transported to the corresponding or different port on a private IP address.
A real world situation
Let us look at an everyday event. I make a call to John Doe of Super Duper Inc. at telephone number 555-12345 to get some information on their new Super Dumb product. The telephonist answers the call and I tell her I want to speak the salesman in charge of Super Dumb product. The telephonist then transfers my call to John Doe. After some hello and weather stuff, John Doe gives me the information and tells me to contact him again at extension 678 or his direct line at 555-98765 when I am ready to place an order.
Let us take bits from the event and put them in networking terms.
555-12345 | public IP of Super Duper Inc |
Sales Department | private IP of Super Duper Inc |
678 | port of John Doe (Sales Department) |
my telephone number | my public IP |
my department | my private IP |
678 | my port (I ask for salesman), determined by the telephonist |
telephonist | router of Super Duper Inc. |
The telephonist will answer any call to 555-12345 but will only transfer the call to John at extension 678 after knowing that I want to speak to a salesman, and determine that extension is 678. In computing terms, the router forwards packets from any external public IP arriving on port 678 to port 678 on its private IP.
I would not have to use the telephonist's service if I called John on his direct line. Assuming that John does not have a direct line, everyone will have to place calls through the telephonist. So we now know that routing is not needed if there are enough public IP addresses and accordingly there is no need to do any port forwarding. Since there are no enough IP to go round, it becomes a practise to route packets from a public IP to several private IP addresses. Subsequently, ports are assigned to specific servers (protocol). For example, the web server (HTTP) is assigned to port 80 and the FTP server is assigned to port 21.
The telephonist will not transfer my call to John if I said I want to sell a coffin to the Chief Executive of Super Duper Inc and probably will cut me off immediately. The telephonist knows that I am either sick or up to no good. That is the other function of port forwarding, which is to act as an in-bound firewall. However, the telephonist will transfer my call if I said I want to speak to John at extension 678 and I can abuse John until he slams the telephone on me. So, that firewall does not block an open port.
We can now write down the rules the telephonist uses:
Order: transfer call if the following criteria are met
allow [any call] [asking for] to [dept] [name] type
allow source any-phone Sales any destination Sales John PSTN
allow source any-phone any John Doe destination Sales John PSTN
|
Let us write that as a forwarding rule:
order deny, allow
allow source [any public IP] [public port] destination [private IP] [private port] protocol
|
The real forwarding
So how is port forwarding done? Routers come with a function known by names like port forwarding, network address port translation (NAPT) and virtual server. Those differ technically but can perform port forwarding with the similar results. There is no standard way to set port forwarding, each manufacturer has its own way. The basic line (rule) is:
allow source [public IP] [port] destination [private IP] [port] protocol
|
Example:
allow source 0.0.0.0 6900 destination 192.168.1.101 6900 TCP
|
A sample of port forwarding for Athena, HTTP, FTP and SMTP (ref: Network Devices):
source IP 0.0.0.0 port 6900 destination IP 192.168.1.101 port 6900 TCP
source IP 0.0.0.0 port 6121 destination IP 192.168.1.101 port 6121 TCP
source IP 0.0.0.0 port 5121 destination IP 192.168.1.101 port 5121 TCP
source IP 0.0.0.0 port 80 destination IP 192.168.1.101 port 80 TCP
source IP 0.0.0.0 port 21 destination IP 192.168.1.101 port 21 TCP
source IP 0.0.0.0 port 25 destination IP 192.168.1.101 port 25 TCP
|
A real world example
This guide is based on Netgear WGR-614 wireless router. Although proven, you should not assume that this guide will work for you even if you have the same model.
Log in
Launch browser
Log in to http://192.168.0.1, the factory-set IP.
LAN IP setup
Change the IP of your router and configure DHCP server here.
(Optional) Change IP of router to 192.168.1.1
Select Use Router as DHCP Server.
(Optional) Key in the IP range.
Scroll down.
(Optional) If you want to use static host IP, click Add in Address Reservation section.
Otherwise click Apply to complete LAN configuration.
Key in the IP you want to reserve for Athena host
Key in the MAC address of your network interface (6 pairs of alphanumerics separated by colon).
Key in the name of your Athena host.
Click Add.
Configure internet
Key in details of your internet account.
Scroll down.
Select Get Automatically from ISP or key in IPs of your nameservers.
Click Apply
Port forwarding
Click Port Forwarding.
Scroll down.
Select Add Custom Service
Key in all details, use IP of Athena host.
Click Apply
Repeat Add Custom Service until all desired ports have been forwarded.
WAN setup
Here are the default settings for WAN. Leave them at default, as shown.
Note the DMZ enable button
Dynamic DNS
If you have a DynDNS account, configure IP update here.
Key in all details of your account.
Click Apply.
UPnP
Do not turn on unless you know what you are doing.
Wireless
Disable, that is, leave at default, unless you know what you are doing.
Port trigger
Do not turn on or add anything unless you know what you are doing.
Remote management
Do not turn on unless you know what you are doing.
Firmware upgrade
Do not attempt unless you know what you are doing. You might make your router useless.
|
|