What Is Port Forwarding?

Port forwarding, also known as port mapping, is the application of Network Address Translation (NAT) to redirect communication when packets pass through a network gateway, such as a router or firewall.

Port forwarding is commonly used to allow a computer on the user’s router’s client-side to be contacted from the network side (e.g., the internet). Port forwarding is used to improve communication between the web and all connected devices. This approach has certain additional advantages that should not be neglected. It also aids in maintaining a direct and uninterrupted connection to a Voice over IP (VoIP) call server.
Port Forwarding Guide

How Does Port Forwarding Work?

An image featuring network address translator concept

Port forwarding keeps unwanted traffic off of networks. Port forwarding enables remote computers to connect to a specific computer or service on a private local area network (LAN). A cable modem connected to a router or network address translator (NAT/NAPT) provides internet access to nodes in a local network. Computers behind the router connect and communicate exclusively using a private IP address, making them invisible to hosts on the internet.

When establishing port forwarding, the network administrator designates one port number on the gateway for the single purpose of interacting with a service on a specified host in the private network. External hosts must know this port number and the gateway’s address to communicate with the network-internal service. Port forwarding frequently uses the port numbers of well-known internet services, such as port 80 for web services (HTTP), to enable standard internet services on hosts within internal networks.

Port forwarding instructs the router to send particular instructions to specific devices among all the devices connected to the router. For example, assume a router receives a packet with an IP address and a port number in the header. If port forwarding is not enabled on the router, it must resolve/identify the port before transmitting. If port forwarding is enabled, however, the packet will be automatically forwarded to the destination node. All linked network clients are completely unaware of the port forwarding process.

What Are the Uses of Port Forwarding?

Port forwarding is important to IT professionals and programmers to keep unwanted access off the computer network. Port forwarding is also necessary for heavy computer users who want to protect and privatize their computer access. Port forwarding is especially risky because if any computer or internet user fails to protect a remote desktop connection, someone could remotely enter into that user’s computer. The following are some of the most prevalent uses for port forwarding.

An image featuring hosting a game server concept
  • Hosting game servers: Port forwarding allows users to connect their gaming console or PC to other gaming consoles or PCs. For a host, port forwarding can increase the connection speed as well as improve the queue and overall gaming. Some games implement a port forwarding process to make their game activities available to players. The port forwarding technique implies that a specific port of the game is open to users for easy connection. Some examples are Minecraft port forwarding, port forwarding PS4, port forwarding Xbox One, Call of Duty games port forwarding and lots more. In Minecraft port forwarding, users who want to port forward in Minecraft will forward the port 25565 to their server’s internal IP address in the router.
  • CCTV and security: Port forwarding allows computer users to monitor events from any location. Users may effortlessly view their private security feeds from any location, whether a business or a home.
  • Virtual desktops: Computer desktops are more effectively stored in cloud environments thanks to advances in technological implementations like those in hospitals or institutions. Port forwarding allows users to connect to their virtual desktops from any computer on the premises.
  • Quick downloads: Port forwarding can save hours of download time when downloading massive files, such as P2P torrent sharing. If the signal can reach the user’s computer a few milliseconds faster, it will significantly boost games and other downloads. If port forwarding is configured correctly, a file that used to take three hours to download can now be completed in less than ten minutes.
  • Hosting VPN servers: VPN port forwarding allows incoming data to bypass the user’s NAT firewall, allowing the connection to be faster. Port forwarding can boost internet speeds and make it easier to access a device remotely.

What Are the Types of Port Forwarding?

The following are the different types of port forwarding.

  1. Local Port Forwarding
  2. Remote Port Forwarding
  3. Dynamic Port Forwarding

1. Local Port Forwarding

An image featuring local port forward concept

The most prevalent type of port forwarding is local port forwarding. Local port forwarding allows users to connect from their local computer to another server, allowing them to safely transmit data from another client application running on the same computer as an SSH client. Local port forwarding allows users to get around firewalls that are blocking some web pages.

Local port forwarding is used for the following activities.

  • Using an SSH tunnel to connect from a laptop to a website.
  • Jump servers are used for tunneling sessions and file transfers.
  • Using the internet to access a remote file share.
An image featuring SSH concept

Several organizations use a single jump server to handle all incoming SSH access requests. It could be a conventional Linux/Unix system with additional protection, intrusion detection, logging or a commercial jump server solution. The method involved in local port forwarding involves an SSH server. The SSH server is set up to forward data from a specific port to a destination server and port via a secure tunnel. The “forwarded port” is the local port located on the same machine as the SSH client. The process enables any client on the same system to access the forwarded port. The SSH client then listens on the redirected port and sends all data via a secure tunnel to the SSH server. The server decodes the information before sending it to the specified host and port.

“-L” indicates local port forwarding on the command line. During this process, users must give two port numbers and the destination server. The system uses port numbers less than 1024 and larger than 49150. Some programs require specific source ports to function, but any source port number will suffice for the most part. For example:

The -L option in OpenSSH is used to configure local port forwarding:

ssh -L 80:intra.example.com:80 pr.example.com

Note:

This example establishes a connection to the pr.example.com jump server and redirects any connections to port 80 on the local system to intra.example.com’s port 80.

2. Remote Port Forwarding

An image featuring connecting to a server concept

Local and remote port forwarding are opposed. Remote port forwarding transfers data to a destination from a port on a user’s server. In other words, remote port forwarding allows users to connect from the tunnel’s server-side, via SSH or another protocol, to a remote network service on the tunnel’s client-side.

Users can connect to another server from a remote SSH server via remote port forwarding. The method of remote port forwarding necessitates the usage of the target server’s address on the tunnel’s client-side and the knowledge of two port numbers. The port numbers selected are determined by the program that the user wants to utilize.

Consider a user who is constructing a web application that runs on the local computer’s port 4000. Since the user is behind a NAT network with no public IP, others cannot access it directly. Now it is time to show a consumer how the app appears. Fortunately, in this scenario, remote forwarding can help. For example, the user will need to use a code that looks like this: -R 7000:192.0.0.1:4000 pr.example.com.

The SSH server binds to the 7000 port on pr.com when the user runs this command. Any communication received on this port is forwarded to the user’s local computer’s SSH client, forwarding it to port 4000 on 192.0.0.1. Now the customer can utilize the user’s application by going to http://pr.com:7000 in a browser.

An image featuring FTP concept

The following are some examples of how users can use remote port forwarding.

  • An employee of a company who wants to provide access to an FTP service for other employees who use computers at work. To accomplish this, an employee can use SSH to set up remote port forwarding on the company’s internal computers, providing their FTP server’s address and the appropriate FTP port numbers.
  • Remote port forwarding is frequently used to start remote desktop sessions.

3. Dynamic Port Forwarding

An image featuring a proxy server concept

Dynamic port forwarding uses firewall pinholes to allow traffic to pass through a firewall or NAT on demand. The idea allows clients to connect securely to a trusted server that acts as an intermediary between users and more destination servers. The user’s SSH client becomes a SOCKS proxy server due to dynamic port forwarding. SOCKS is a commonly used protocol that allows programs to use a proxy server to request an internet connection. Users must configure the proxy server independently for each program that uses it and the proxy server must be reconfigured when it is no longer in use.

For example, a user wants Firefox to use the SSH server to access all web pages. First, with the default SOCKS port, utilize dynamic port forwarding with the following.

ssh -C -D 1080 laptop

On the user’s local computer, the SSH client sets up a SOCKS proxy on port 1080. Any data transmitted to this port is routed through the SSH server to its intended recipient. Dynamic port forwarding is defined via the -D option. The SOCKS port is 1080 by default. Although users are free to use any port number, some programs will only work with port 1080. -C allows compression, which speeds up the tunnel when proxying primarily text-based data but slows the tunnel down when proxying binary data, e.g. downloading files.

For this example, to make Firefox use the proxy, do the following.

An image featuring Mozilla FireFox concept
  • Select Edit > Preferences > Advanced > Network > Connection > Settings from the drop-down menu.
  • Tick “Manual proxy configuration.”
  • Clear “Use this proxy server for all protocols.”
  • Delete the “HTTP Proxy,” “SSL Proxy,” “FTP Proxy” and “Gopher Proxy” fields.
  • Type “127.0.0.1” for “SOCKS Host.”
  • Type “1080” (or whatever port you chose) for “Port.”

Dynamic port forwarding is a versatile technology with a variety of applications. Here are a few of these applications.

  • Dynamic port forwarding can be used to safeguard data when a user is connected to the public Internet through a coffee shop, hotel or another network with a low level of security.
  • Dynamic port forwarding can also be used to get around firewalls that block access to external websites, such as those found in company networks.

What Are the Examples of Port Forwarding?

One example of port forwarding involves a user with a web server on their private network who wants clients to connect through port 80. To do this, the user must employ a port forwarding process. Static mapping of the external IP address and port 80 to the internal IP address and port 80 is required for port forwarding. Another example would be if a router forwards port 3389 to a computer with the IP address 192.168.1.115, it cannot also forward port 3389 to 192.168.1.120.

Why Is Port Forwarding Important?

An image featuring secure IP address concept

Port forwarding helps to keep public IP addresses safe. This security and access mechanism can secure servers and clients from unauthorized access. Port forwarding also hides network services and servers and restricts access to and from a network. Port forwarding is used to keep unwanted traffic off of networks.

Port forwarding enables network managers to use a single IP address for all external internet interactions while designating many servers with distinct IPs and ports to the task internally. Port forwarding is also handy for home network users who want to run a web server or a gaming server on the same network.

How to Set Up Port Forwarding

An image featuring a router

Communication between a router and a port is required for port forwarding to occur. A port is similar to a dedicated passageway for a specific type of traffic. There will be no communication if a router does not understand the traffic traveling through it. As a result, the ports can handle any traffic that passes through the router.

Port forwarding is similar to connecting a pipe from the router to the device that requires access to the port; there is a direct line of sight between the two, allowing data to flow. Consider an FTP server that accepts connections on port 21. People from outside the user’s network are unable to connect to the FTP server. On the router, the user can open port 21 and forward it to the server computer. The new dedicated pipe moves files from the server, through the router and out of the network to the FTP client communicating with it.

The example above demonstrates what happens when programs or websites need to communicate over the internet. Every networking application requires a port to run on, so if a program or application is not working despite all of the other settings being fine, open the port on the router and send requests to the appropriate device. There are two main steps for port forwarding on a router. Although there may be differences in the procedures depending on the router, these methods are basic. Refer to the router’s user manual for further information on a specific router.

Step 1. Assign a static IP address to the device: To avoid altering the port forwarding settings every time the device gets a new IP address, the device that will benefit from the port forward must have a static IP address. A static IP address is required, for example, if a game console employs a certain port range. Also, assign a static IP address to any computer that uses torrenting software. Users can also set up a static IP address on macOS, Ubuntu and other Linux distributions. Assigning a static IP address can be done in two ways: from the router or the PC.

An image featuring static IP address concept
  • Create a static IP address with your computer. To assign a static IP address to a Windows PC, you must first determine the IP address the PC is currently using. Follow the steps below.
  1. Open the Command Prompt program on the computer.
  2. Press Enter after typing this command:

C: \Users\HP>ipconfig /all

  1. Note the following: IPv4 Address, Subnet Mask, Default Gateway and DNS Servers.

IPv4 Address: 192.168.7.23 (preferred)

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.7.1

DNS Servers: 71.10.216.1

                        71.10.216.2

Note:

If you see many IPv4 Address entries, look for one labeled Ethernet Adapter Local Area Connection, Ethernet Adapter Ethernet or Ethernet LAN Adapter Wi-Fi. Anything else can be ignored, such as Bluetooth, VMware, VirtualBox and other non-default entries.

Users can now utilize the data to set up a static IP address. Set up the IP address using the following steps.

  1. To open Network Connections, open the Run dialog box (click WIN+R), type “ncpa.cpl” and select OK.
  2. Right-click or hold the connection with the same name as the one seen in the Command Prompt. Ethernet0, for example.
  3. From the menu, choose Properties.
  4. From the drop-down menu, select “Internet Protocol Version 4 (TCP/IPv4)” then Properties.
  5. Select “Use the IP address listed below.”
  6. Copy the IP address, subnet mask, default gateway and DNS servers from the Command Prompt.

IP address: 192.168.202.146

Subnet mask: 255.255.255.0

Default gateway: 192.168.202.2

  1. Click OK.

Do not reserve the same IP address you discovered in the Command Prompt if many devices on the network get their IP addresses from DHCP. To avoid address conflicts, if DHCP is set up to serve addresses from a pool between 192.168.1.2 and 192.168.1.20, configure the IP address to use a static IP address outside that range. Use 192.168.1.21 or higher, for example. For clarity, multiply the IP address by 10 or 20 and use that as the static IP in Windows.

Step 2. Set up a static IP address on the router: Another approach is to set up a static IP address on the router. Users can use this approach when a non-computer device, such as a gaming console or a printer, requires a fixed address.

An image featuring an IP address concept
  1. Log in to the router as an administrator.
  2. Check in the settings for a Client List, DHCP Pool, DHCP Reservation or anything similar. The current devices connected to the router are listed in this section. Along with the device’s name, the IP address is displayed.
  3. Find a mechanism to connect one of those IP addresses to the device so that the router uses it every time the device requests an IP address. Select the IP address from a list or choose Add or Reserve to do so. In some circumstances, paying for a static IP is required to make the public IP address static and visible from the outside network.

Step 3. Configure port forwarding: Access the router and set up the port forwarding settings now that you know the device’s IP address and have it set to not change. To set up port forwarding, follow these guidelines.

An image featuring accessing router concept
  1. Log in to the router as an administrator. You will need the IP address, username and password for the router.
  2. Look for alternatives for port forwarding. Depending on the router, these can be referred to as Port Forwarding, Port Triggering, Applications & Gaming or Port Range Forwarding. These could be concealed under other settings categories like Network, Wireless or Advanced.
  3. Enter the port number or range of ports you want to forward. Put the same number in both the Internal and External boxes if you are forwarding one port. Use the Start and End boxes to create port ranges.
  4. TCP or UDP are the two protocols available. If needed, select both. The software or game that explains the port number should provide you with this information.
  5. Type in your chosen static IP address.
  6. With the Enable or On option, enable the port forwarding rule.

Pro Tip:

A port forwarding configuration wizard is available on some routers, which makes the process easier. For example, the router may present users with a list of devices that already have a static IP address, after which they can select the protocol and port number.

Is Port Forwarding Safe?

An image featuring security firewall concept

Yes, port forwarding is safe if the computer or network has a security firewall or a VPN connection. Generally, a user’s network may be at risk at any time. Therefore, it is a good measure to have up-to-date antivirus and anti-malware software installed. The level of risk varies based on the reason for port forwarding and what programs listen to the open ports. Port forwarding provides those outside a user’s network more access to their computer by default.

This is important:

However, if users take security precautions, there will be no threat. Users can stay safe by ensuring that their gadgets are frequently updated and by limiting what they expose to external devices or networks. Also, use a password to secure the router settings and be on the alert for strange activity.

What Are the Differences Between Port Forwarding and Port Triggering?

An image featuring host machines concept

Port triggering manages communication between internal and external host machines in an IP network. When port forwarding has to reach numerous local computers, port triggering is the option to use. This other aspect of port forwarding is dynamic because ports are only opened when needed and closed when not.

Port forwarding requires that a computer’s IP address be specified during configuration and that the IP address never changes. For port triggering, specific outbound traffic is required to open inbound ports. These triggered ports are then closed after a period of no activity.

Is Port Forwarding Worth It?

Since most networks have a firewall that blocks incoming ports, port forwarding is essential. Firewalls restrict these ports to keep the network secure. End users can find their way through the firewall and engage with services on the network thanks to port forwarding. End-users would have difficulty accessing services when they were offsite in a remote location without port forwarding. However, servers can be exposed to intruders aiming to interrupt services. Therefore, port forwarding can be disastrous, particularly in the case of dynamic port forwarding, which allows users to access restricted websites by bypassing the firewall.

Do I Need to Restart the Router After Port Forwarding?

An image featuring restarting a router concept

Yes, to resolve any issues resulting from port forwarding, users may need to restart their router after making other changes. In addition, whenever a user removes a port forward, it is a good idea to restart the router to ensure that no temporary port forwards remain. Most routers will automatically start using port forwarding settings once they have been properly configured according to the router definition because routers are network switching devices.

Isa Oyekunle Isa is a seasoned writer and a cybersecurity expert with about 7 years of experience under his belt. He has worked with a number of prominent cybersecurity websites worldwide, where he has produced hundreds of authoritative articles regarding the broad subject of internet security. He’s always been enthusiastic about digital security, and now, he’s committed to enlightening people around the world about it.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.