How to Forward Ports on Your Router
Although modern routers handle most functions automatically, some applications will require you to forward a port to that application or device manually. Fortunately, it’s really simple if you know where to look. In this guide, we’ll look into port forwarding and how to forward ports on your router.
Port forwarding, or tunneling, is the behind-the-scenes process of intercepting data traffic headed for a computer’s IP/port combination and redirecting it to a different IP and/or port. A program running on the destination computer (host) usually causes the redirection, but sometimes it can also be an intermediate hardware component, such as a router, proxy server, or firewall.
Let’s take a look at some things you need to learn.
COPYRIGHT_NOVA: Published on https://www.novabach.com/how-to-forward-ports-on-your-router/ by Daniel Barrett on 2022-06-04T10:22:08.000Z
Here’s a map of a simple home network. The cloud icon represents the greater internet and your public, or forward-facing, Internet Protocol (IP) address.
This IP address represents your entire household from the outside world–like a street address, in a way. The red address 192.168.1.1 is the router address within your network. The additional addresses all belong to the computers seen at the bottom of the image.
If your public IP address is like a street address, think of the internal IP addresses like apartment numbers for that street address.
So, where do ports come into this process? Ports are an old but valuable holdover from the early days of network computing. Back in the day, when computers could only run one application at a time, all you had to do was point one computer at another computer on the network to connect them as they would be running the same application.
Once computers became sophisticated to run multiple applications, early computer scientists had to wrestle with the issue of ensuring applications connected to the right applications. Thus, ports were born.
Some ports have specific applications which are standards throughout the computing industry. For example, when you fetch a web page, it uses port 80. The receiving computer’s software knows that port 80 is used for serving HTTP documents, so it listens there and responds accordingly.
If you send an HTTP request over a different port—say, 143—the webserver won’t recognize it because it’s not listening there (although something else might be, like an IMAP email server that traditionally uses that port).
Other ports don’t have pre-assigned uses, and you can use them for whatever you want. However, to avoid interfering with other standard-abiding applications, it’s best to use larger numbers for these alternate configurations. For example, Plex Media Server uses port 32400, and Minecraft servers use 25565—both numbers that fall into this “fair game” territory.
Each port can be used via either TCP or UDP. TCP, or Transmission Control Protocol, is what’s used most commonly. UDP, or User Datagram Protocol, is less widely used in home applications with one major exception: BitTorrent. Depending on what is listening, it’ll expect requests to be made in either one or the other of these protocols.
So why exactly would you need to forward ports? While some applications take advantage of NAT to set their ports and handle the entire configuration for you, there are still plenty of applications that do not. So you’ll need to give your router a helping hand when connecting services and applications.
For example, you were on your laptop somewhere in the world (with an IP address of 188.8.131.52), and you want to connect to your home network to access some files.
If you plug your home IP address (127.34.73.214) into whatever tool you’re using (an FTP client or remote desktop application, for example), and that tool doesn’t take advantage of those advanced router features we just mentioned, you’re out of luck.
It won’t know where to send your request, and nothing will happen. This, by the way, is a great security feature. If somebody connects to your home network and isn’t connected to a valid port, you want the connection to get rejected.
That’s the firewall element of your router doing its job: rejecting unwelcome requests. However, if the person knocking on your virtual door is you, the rejection isn’t so welcome, and we need to tweak it.
To solve that problem, you want to tell your router, “hey: when I access you with this program, you’ll need to send it to this device at this port.” With those instructions in place, your router will ensure you can access the right computer and application on your home network.
So in this example, when you’re out and about and using your laptop, you use different ports to make your requests. When you access your home network’s IP address using port 22, your router at home knows that this should go to 192.168.1.100 inside the network.
Then, the SSH daemon on your Linux installation will respond. At the same time, you can make a request over port 80, which your router will send to the webserver at 192.168.1.150.
Or, you can try to control your sister’s laptop with VNC remotely, and your router will connect you to your computer at 192.168.1.200. Then, you can easily connect to all the devices you’ve set up a port forward rule for.
The usefulness of port forwarding doesn’t end there, though! You can even use port forwarding to change existing services’ port numbers for clarity and convenience.
For example, you have two web servers running on your home network. You want one to be readily accessible (e.g., it’s a weather server you want people to be able to find easily), and the other web server is for a personal project.
When you access your home network from the public-facing port 80, you can tell your router to send it to port 80 on the weather server at 192.168.1.150, where it will be listening at port 80.
But, you can tell your router that when you access it via port 10,000, it should go to port 80 on your server, 192.168.1.250.
The second computer doesn’t have to be reconfigured to use a different port. However, you can still manage traffic effectively—and at the same time, by leaving the first web server linked to port 80, you make it easier for people accessing your aforementioned weather server project.
Now that we know what port forwarding is and why we might want to use it, let’s take a look at some small considerations regarding port forwarding before diving into configuring it.
Don’t miss: The 5 Best Cheap Wireless Routers Under $50
There are a few things to keep in mind before sitting down to configure your router, and running through them in advance is guaranteed to cut down on frustration.
First and foremost, all your port forwarding rules will fall apart if you’re assigning them to devices with dynamic IP addresses assigned by your router’s DHCP service.
We dig into what DHCP is in this article on DHCP vs. static IP address assignments, but we’ll give you a quick summary here.
Your router has a pool of addresses that it reserves just for handing out to devices as they join and leave the network. Think of it like getting a number at a diner when you arrive—your laptop joins, boom, it gets IP address 192.168.1.98.
Your iPhone joins; boom, it gets address 192.168.1.99. If you take those devices offline for some time or the router is rebooted, then the whole IP address lottery happens all over again.
Under normal circumstances, this is more than fine. For example, your iPhone doesn’t care which internal IP address it has. But if you’ve created a port forwarding rule that says your game server is at a certain IP address and then the router gives it a new one, that rule won’t work, and nobody will be able to connect to your game server.
To avoid that, you must assign a static IP address to each network device you’re setting a port forwarding rule. The best way to do that is through your router—check out this guide for more info.
In addition to using static IP assignments for the relevant devices inside your network, you also want to be aware of your external IP address—you can find it by visiting whatismyip.com while on your home network.
Although you might have the same public IP address for months or even over a year, your public IP address can change (unless your internet service provider has explicitly given you a static public-facing IP address).
In other words, you can’t rely on typing in your numeric IP address into whatever remote tool you’re using (and you can’t rely on giving that IP address to a friend).
Now, while you could go through the hassle of manually checking IP addresses each time you leave the house and intend to work away from home (or every time your friend is going to connect to your Minecraft server or the like), that’s a big headache.
Instead, we highly recommend setting up a Dynamic DNS service that will allow you to link your (changing) home IP address to a memorable address like mysuperawesomeshomeserver.dynu.net.
For more information on setting up a dynamic DNS service with your home network, check out our full tutorial here.
Also read: How to Setup a Router without a Modem
Once you set up the port forwarding on the router level, there is a possibility that you may need to tweak firewall rules on your computer too.
For example, we’ve gotten a lot of emails over the years from frustrated parents setting up port forwarding so their kids can play Minecraft with their friends.
In almost every case, the problem is that despite setting up the port forwarding rules on the router correctly, somebody ignored the Windows firewall request asking if it was OK if the Java platform (that runs Minecraft) could access the greater internet.
Be aware that on computers running a local firewall and/or anti-virus software that includes firewall protection, you’ll likely need to confirm the connection you’ve set up is okay.
If you found this article helpful, kindly leave a comment in the comment section.