Port forwarding Totally Explained

Everything about Port Forwarding totally explained

Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside via a NAT-enabled router.

Purposes

Port forwarding allows remote computers (for example public machines on the Internet) to connect to a specific computer within a private LAN.
For example:

forwarding port 80 to run an HTTP webserver
forwarding port 22 to allow Secure Shell access
forwarding port 21 to allow FTP access

Modern Linux machines achieve this by adding iptables rules to the nat table: with target DNAT to the PREROUTING chain, and/or with target SNAT in the POSTROUTING chain. BSD and Mac OS X machines use a similar tool named ipfw. The ipfw tool is likely already running as a built-in part of the operating system's kernel.
Some common s with port forwarding include:

The need to forward the packets that come to the router's forwarded port as well as the need to rewrite them so that the machine to which the port is forwarded can reply to the original source address, which in turn leads to the inability of the destination (private) machine to see the actual originator of the forwarded packets, and instead see them as if originating from the router

Only one networked machine can use a specific forwarded port at one time

Traditional port forwarding allows the entire world access to the forwarded port, slightly reducing network security Port forwarding can also be used within a single machine. Port forwarding is necessary for a standalone computer if any of the following conditions are true:

The computer is using a shared IP address.

Internet Connection Sharing is enabled.

A router is being used with NAT enabled. In a typical home networking setup, internet access is through a DSL or Cable modem. That modem may be connected to a router, which is then connected to the networked computers by Ethernet or WiFi. The router is the device that the Internet sees; it holds the public IP address. The computers behind the router, on the other hand, are invisible to the Internet as they hold a local IP address each. Port forwarding is necessary in the router because computers will send information directed to the public IP address and the router needs to know where to send that information.
Port forwarding is commonly done on Unix computers where port numbers numbered below 1024 can only be accessed by software running as the root user. Running as root can be a security risk, so some people use port forwarding to redirect incoming traffic from a low numbered port to software listening on a higher port. For example, a web server may be listening on a port such as 8080 for traffic redirected from the restricted port 80. A port may be forwarded for use by either the TCP protocol, the UDP protocol, or both.

Double port forwarding

Double port forwarding can be done on a network with multiple routers. From the first router, ports from the public IP address are forwarded to another router/gateway's external IP address which in turn forwards them on to a host on the private network.

Reverse port forwarding

Reverse port forwarding, or reverse port tunnelling, is done by two components, usually software-based, where one component acts as a session-server - listening on a session-port, while the other component acts as a session-client to the session-server component - connecting to the session-server. After a session is established, the session-server will often listen on (accept connections on) a port that's to be forwarded, and when a connection is made to this port, the connection traffic will be forwarded to the session-client (through the session-connection that was previously initiated by the session-client), usually with a destination of the session-client machine or another machine accessible from the session-client. A common situation where this type of forwarding is used is where a port needs to be accessed that's on a machine located behind a gateway/router or firewall that isn't configurable by those wanting to access that port. This functionality is built-in to some implementations of SSH (Secure Shell), and there are also software systems available that are designed more specifically for this type of forwarding (see external links, below).

Further Information

Get more info on 'Port Forwarding'.

External Link Exchanges

Do you know how hard it is to get a link from a large encyclopaedia? Well we're different and will prove it. To get a link from us just add the following HTML to your site on a relevant page:

<a href="http://port_forwarding.totallyexplained.com">Port forwarding Totally Explained</a>

Then simply click through this link from your web page. Our crawlers will verify your link, extract the title of your web page and instantly add a link back to it. If you like you can remove the words Totally Explained and embed the link in article text.
As long as your link remains in place, we'll keep our link to you right here. Please play fair - our crawlers are watching. Your site must be closely related to this one's topic. Any kind of spamming, dubious practises or removing the link will result in your link from us being dropped and, potentially, your whole site being banned.