Port Forwarding Basics
Port forwarding can be used to provide remote access to devices like DLI power switches.
This page explains the basics of port forwarding on typical SOHO routers.
Here's a simple home network:
In this example, three computers with unique fixed IP addresses connect to a router. The computers can communicate directly with each other, but when they all access the internet, they go through the router. The router has a first IP for your network and a second external IP used to communicate with the Internet. When any computer makes a request to the internet, it uses the same IP - 127.34.73.214. Simple requests, such as loading web sites, are automatically handled by the router.
Ports and Protocols
Ports help make this routing process easier. If an IP is a street address, then ports are like the apartment numbers. Low port numbers have specific standardized functions. When you fetch a web page, for example, you normally use port 80. The receiving computer's software knows that port 80 is the default for http and responds accordingly. If you send an http request over a different port - say, 143 - the web server won't recognize it because it's not the default port.
It's worth mentioning security here: The HTTP port can be changed to improve security. For example, you can change the HTTP port on a DLI web power switch from 80 to 8012. In doing so, the power switch is "hidden" from hackers who typically scan only for the default address 80. Also, be sure to change to a strong password before putting any device out on the internet.
Common default ports are: SSL - port 22, VNC - port 5900, Media Servers - port 32400, and Minecraft - port 25565. Each port can be used via either TCP or UDP.
From Outside Your Network
Let's see how this works:
Assume you're outside and need to access a Web Power switch over your network. Your computer makes a request to your home network's IP, 127.34.73.214, which then goes to your router. Your router doesn't know which computer to send it to.
Thankfully for us, we can configure our router to forward ports. This means that depending on the port number that the request is sent over, the router can pass it along to different IP addresses.
So in this example, when you're out and about and using your laptop, you use different ports to make your requests. When you access your home network's IP address using port 22, your router at home knows that this should go to 192.168.1.100 inside the network. Then, the SSH daemon on your Linux installation will respond. At the same time, you can make a request over port 80, which your router will send to the web server at 192.168.1.150. Or, you can try to remotely control your sister's laptop with VNC, and your router will connect you to it at 192.168.1.200. Pretty clever, right?
You can even tell the router to change ports! For example, let's say you have two web servers.
When you access your home network via the standard port, 80, you can tell your router to send it to 192.168.1.150. The web server there will be listening at port 80 and will respond accordingly. But, you can tell your router that when you access it via port 10,000, that it should go to another computer, 192.168.1.250, but also at port 80. This way, the second computer doesn't have to be reconfigured to use a different port, but you can still manage traffic effectively.
EDIT: Corrected the above image (the orange IP address erroneously read 192.168.1.150 originally).
Before Configuring Your Router
There are a few things you need to be aware of when you decide on setting up port forwarding.
- If you're using DHCP, then each device's IP has the potential to change in the future, and when it does you'll need to reconfigure your port forwarding settings. For this reason, it's best to configure your "server" computers with a static IP. Some routers have the ability to "reserve" or "assign" IPs via DHCP that will NOT change in the future, allowing you the best of both worlds, but not all do.
- When you access your network externally, you will need to know your router's external IP address. This can be easily found from someone inside the network by visiting whatismyip.com. This address can also change. One way to avoid this is to get a domain name redirect, so that when you go to https://myreallyawesomedoman.com, it'll be your home network regardless of its changing IP.
- Using custom ports may trigger your antivirus or firewall, so you may have to add exceptions on your home computers to allow outside access on whatever ports you specify. This is a security risk to some extent, so be careful and take proper precautions!
That being said, if you're careful and configure things properly, you'll never have to worry once you're all set up.
Router Brands
Each manufacturer has different firmware. It's beyond the scope of this page to describe all possibilities, so we'll touch only on the most common routers. You'll find more detailed information on the web and in your router manual.
To start you'll need the router username and password. Lost it? Check out your manual, read the labels, or go to the manufacturer's website.
Cisco/Linksys
You'll see port forwarding under Applications and Gaming. Under "Single Port Forwarding," you can add individual ports to specific IPs. Under "Port Range Forwarding," you can easily forward whole ranges of ports at a time.
DLink
On DLink's routers, you'll find your port forwarding settings in the Advanced section, under the Port Forwarding tab.
Netgear
Netgear's routers have a side menu. Under "Advanced", you'll find "Port Forwarding / Port Triggering." You can also use the "Smart Wizard" on these routers.
DD-WRT
DD-WRT, OPEN-WRT and similar third-party firmware usually have port forwarding under the NAT/QoS section. Be sure to click both "Save" and "Apply Settings" for changes to take effect.
Basic Instructions
Regardless of router type, you'll need this information:
First, you'll see a text field where you can type in the name of the application or service. Next, you'll see which incoming port your router should watch for. Then, you'll be able to choose which protocol to watch for. A little online research should be able to tell you which one, but if you're not sure you can choose both. You'll need to choose which IP address is the destination for this port's requests. Lastly, you'll be able to choose which port the request should be targeted to on the destination IP.
Some routers allow you to save many rules but only selectively enable them as needed. If yours does it, be sure to check the "Enable" column box.
There are several free tools to confirm port forwarding. Here's one: You Get Signal Port Forwarding Tester.
Enter your port number. Your external IP should be the default. If not, click the "Use Current IP" link, then "Check". This will check if your router has the port open and there is a valid path to it.
When set up correctly, you'll see a green flag icon and a message that the port is open. You can then try to access the forwarded service from an external IP. You can use the IP reported by whatismyip.com and correct port number.
More port forwarding information can be found here.
Hope this helps. Please offer feedback and