Understanding Port Forwarding
First of all, Happy Valentine’s Day everyone! Today is my first Valentines Day as a married man. My wife and I celebrated on Valentines Day Eve after work yesterday. Today we’re heading out to our favorite little coffee shop back in Gresham, Cafe Delirium, then we’ll have dinner at a little Lebanese restaurant (we love all kinds of ethnic food), followed perhaps by an independent flick somewhere in Portland. I hope you all enjoy your V-day as much as we will! Now on to the good stuff…
Port forwarding is required when users from outside your network need unsolicited access to a resource inside your network. By unsolicited, I mean that the service inside your network has absolutely no idea the outside user exists, or where they are coming from, but they should have access anyway. That sounds fairly abstract, I know. Let me give you a real-world example.
Christina is a web-design student. In order to work on her class projects she needs a web server. Christina has a couple of options – she can sign up for hosting from a company like Dreamhost, or she can setup a free web server on a computer in her own home. Christina doesn’t have a lot of money to spare, but he’s tech savvy so she installs WAMP on a spare desktop, and can access it from her laptop on her home network using the web address http://192.168.1.100. I didn’t bother making that URL “clicky” because it isn’t really going to work. You aren’t going to be able to see Christina’s work using that address unless you click on it while connected to her home network. The reason is that all addresses in the 192.168.x.x range are private addresses according to the IANA and it is against the rules to route that IP address range over the public internet.
Christina can access herwebsite when connected to her home network, but she can’t see it from school yet. She needs to configure her router, a device sitting between her home computer and her internet service provider, to recognize certain incoming network traffic and forward that traffic to her spare desktop computer where WAMP is installed. By “certain incoming network traffic”, I mean incoming HTTP, or web traffic for which TCP port 80 is reserved.
Armed with this information, Christina logs into her home wireless router using the address http://192.168.1.1 which is the default address for just about any residential router. There’s a port-forwarding section where multiple forwarding rules can be created. She creates a new rule that looks something like this (it will look slightly different on your router):
IP Address: 192.168.1.100
What this rule says is that if an unsolicited TCP connection is requested from outside the network on TCP port 80, forward that request to the computer at 192.168.1.100 on the inside of the network. Once Christina saves her settings and restarts her router, the rule is in effect and all the pieces are in place for Christina to access her home web server from her laptop while she’s at school.
But wait! What address should Christina use to get there? Remember that http://192.168.1.100 only works when she’s on the same network as her web server? Christina needs to find out her “public IP” designated to him by her internet service provider. The easiest way to do this is to visit What is My IP or ask Google while connected to her home network. These sites will echo the address you appear to reach them from. Christina discovers her IP address is 184.108.40.206 (this is not Christina’s address, it’s random) so when she’s at school she can simply type http://220.127.116.11 in her web browser and, voila! She is able to view the website hosted on her desktop computer at home from school (or anywhere else in the world with internet access).
Okay, I’ve glossed over a lot of details here so that I could illustrate the basics, but there’s one little hiccup Christina is bound to experience. Internet service providers for residential customers rarely give you a static IP address. This means that eventually the public IP Christina uses to connect to her home network will probably change. There is no warning, eventually she will just receive a new IP address from her ISP, and if she’s out and about when this happens, then he’ll have no idea how to access her website until she gets home again.
Enter Dynamic DNS! What is Dynamic DNS? DDNS is a service provided by a third-party like No-IP which allows you to register an easy to remember address like Christina.no-ip.org. Using their service, Christina.no-ip.org will always point to Christina’s home network no matter how many times her public IP address is re-assigned by her ISP.
How does DDNS work? From a high level it’s pretty simple. A small program is installed on any computer on Christina’s home network, and Christina enters her DDNS credentials in the settings. From here on out, this little program will periodically check-in with the DDNS provider, and each time it does this the provider “sees” the source address which is Christina’s public IP. If the source address is different than the last check-in, they update their records to ensure that Christina.no-ip.org always points to the last known IP address of Christina’s home network.
I hope you found this information helpful! It is just one example of the many, many reasons you may need to configure port forwarding. Other reasons include…
- Gaming – some internet-enabled games require special port-forwarding rules
- File Sharing – some file sharing programs only work if you forward designated ports. Remember though, sharing digital movies and music is almost always illegal!
- Security – Networked IP cameras and video management systems almost always require port-forwarding rules for remote access
Entry filed under: Intermediate. Tags: .