What Is Port Forwarding & How Does It Work?
SUMMARY: Port forwarding allows computers on an external network – typically the Internet – to access other computers on a private local area network (LAN). It works by creating an association between the public WAN IP address and port of the network router and the internal LAN IP address and port of a device.
Every local area network (LAN) router has a firewall that controls traffic coming in and out of the network, protecting your home devices from security threats like hackers and malicious websites.
This is called a NAT (Network Address Translation) firewall. It’s the feature that allows every device on your local network to share the same external IP address. NAT firewalls come in three types: Open, Moderate, and Strict. These NAT types dictate the accessibility of your local network to external connections.
A strict NAT type has security benefits, but it can also make it harder for external devices to communicate with specific devices on your network, especially on peer-to-peer connections. This can affect your ability to seed torrents and participate in multiplayer games, amongst other things.
This problem is solved by opening router ports. These ports route external traffic to individual devices on your local network, and vice versa.
Port forwarding refers to the process manually opening and assigning a port to certain kinds of network traffic. It allows computers outside of your local network to access specific devices within your local area network (LAN).
Port forwarding allows you to get around the limits imposed by the NAT firewall, improving the speed of some applications and making other services possible, including remote desktop access.
There are other ways to bypass or change your NAT type, but port forwarding is the most popular. For example, it is also possible to use a piece of software called UPnP (Universal Plug and Play) to weaken your NAT type, or to use a Windows 10 Hotspot, which creates a moderate NAT type.
What Is A Port In Networking?
You can think of ports as the routes in and out of your local network through your router. Most routers can have up to 65,000 ports, but only around 1,000 are regularly used. Generally, ports are assigned to specific types of activity. For instance, websites use ports 80 and 443, and email uses port 25.
Only the ports your router uses are kept open, meaning traffic directed to the wrong port will be automatically blocked by the router’s firewall. By default, all of your router’s ports should be closed.
Port numbers for commonly used services are assigned by the Internet Assigned Numbers Authority (IANA). Here’s a list of some common NAT ports and their uses:
|20||FTP (File Transfer Protocol) data transfer|
|21||FTP (File Transfer Protocol) control|
|22||SSH (Secure Shell encryption)|
|53||DNS (Domain Name System)|
|80||HTTP (Hypertext Transfer Protocol i.e. web pages on the internet)|
|110||POP3 (Post Office Protocol) – Used to retrieve email|
|193||Internet Relay Chat (IRC)|
|443||HTTPS (Encrypted web pages)|
|5060||SIP (Session Initiation Protocol) – used in VoIP (Voice over Internet Protocol) devices|
Local, Remote, and Dynamic Port Forwarding
There are several types of port forwarding in computer networking. Which one you use will depend on whether you have access to the external device, and what exactly you’re trying to achieve.
The three types of port forwarding are:
- Local port forwarding. Here, a local port is forwarded to a remote host. This reroutes traffic from your device to another device, commonly running SSH encryption. This allows you to bypass your firewall and access a service that you do not have access to, but the intermediary device or server does.
- Remote port forwarding. Here, a remote port is forwarded to a local host. This allows your device to be connected to from the server-side of a tunnel, such as SSH. It is commonly used for remote desktop access, server hosting, and other applications, but it can come with security risks.
- Dynamic port forwarding: This type of port forwarding functions similarly to a proxy. It allows you to bypass your server’s firewall by connecting to a trusted third-party server or device. Unlike local and remote port forwarding, the port number is not chosen in advance, but dynamically at the point of connection.
VPN port forwarding usually involves either remote port forwardingor dynamic port forwarding.