What is Port Forwarding?
Port forwarding opens a portal in the router’s firewall, allowing for inbound traffic to reach your LAN. Think of your router as an apartment building with thousands of apartment units. Then imagine that there is a computer behind one of the doors and you need access to it. You have a key but you don’t know which apartment the key belongs to. And so, you can’t find the room with the computer that you are trying to get to. Port forwarding is like having a key and a map. With port forwarding, you know precisely which computer you need access to, and which room that computer is located in.
Different applications use different ports. The guys over at PortForward.com have compiled a nice list of port numbers associated with various software, games, and other applications.
Tomato firmware offers a few different types of port forwarding configurations:
- Basic Port Forwarding
- DMZ (de-militarized zone)
- Triggered Port Forwarding
Basic port forwarding is the most commonly used method for residential LAN’s so we’ll focus on this one first.
“Ok, that sounds fantastic. But I still don’t understand so, what’s all of the fuss about port forwarding?” Well, without port forwarding, you will be unable to reach computers on your network from the outside world (WAN). And when you combine port forwarding with Dynamic DNS, you’ve got a powerful tool that provides remote access your home network from anywhere in the world.
How To Open Ports in Your Router
First, Login into your router’s administration panel and go to Port Forwarding > Basic.
Step 1. Tick the checkbox on the left to turn ‘ON’ the port forwarding rule.
Step 2. Select the protocol: TCP or UDP
What’s the difference between TCP and UDP?
The short version? TCP likes to go both ways. UDP likes to go one way.
The long version? TCP and UDP are the two types of Internet protocols. TCP (Transmission Control Protocol) is connection oriented and optimized for bidirectional transmission. TCP is best used for sending and receiving data in two directions. UDP (User Diagram Protocol) is less complex and does not depend on an active connection. UDP is best used for one-way transmissions such as streaming media. In most cases, you’ll select either TCP or Both. Rarely, will you select UDP as a stand-alone protocol. When you’re not sure, choose Both.
Step 3. Enter the Source IP address.
This is rarely used. Think of it like a filter. Unless a connection attempt is coming from the specified source address, the connection will be refused. Source addresses can also be entered using a range of IP addresses, instead of one per line. For example: 192.168.1.100-192.168.1.200.
Step 4. Enter a port number, or port range under ‘Ext Ports’.
Enter the external ports to be forwarded. They can be entered three ways: (1) by entering a single port (80), a list of them separated by commas (80, 85, 90), or a range of ports, separated by a dash (80-90).
Step 5. Enter a port number under ‘Int Port’.
Internal ports redirect inbound requests to a different port. In the screenshot above, the rule labeled “Backup Server” redirects external requests for port 8080 by forwarding them to a backup server that uses the standard Web port 80. Therefore, a Web server running on the default port 80 will receive requests that outside users send to http://domain.com:8080 (the public IP address or domain name, followed by the port number).
Step 6. Enter the Internal Private IP Address
Enter the IP address of the computer that will receive requests to the associated port(s). Only one IP address is permitted. After all, that’s the whole idea of port forwarding. Remember, devices that depend on port forwarding should always have a static IP address. They should never rely on dynamic IP addresses.
Step 7. Click “Add” to add the port forwarding rule. Then, click ‘Save’.
What is DMZ (de-militarized zone)?
First, let’s define the word “de-militarized zone.” It refers to an unprotected or unregulated area.
DMZ is a device inside of your LAN (usually a server) that operates without regard to the firewall rules on your router. It has no firewall protection whatsoever; therefore it garners obvious security risks. When you enable DMZ, you specify the IP address of one machine. DMZ devices do not have “priority,” so to speak. However, they do receive any and all requests to your network that are not specifically intended for another device. Therefore, if you enable DMZ, you’ll want to enable Basic port forwarding rules to ensure that the other devices within your LAN receive the intended request.
What is a Port Trigger?
Port triggers work dynamically, on-they-fly. Port triggers open ports for inbound requests only when first initiated from an outbound request. Unlike Basic port forwarding rules which are mapped to a specific IP address, port triggers can be initiated from any host computer within your network. Port triggers are also initiated from the inside of your network, not from the outside.
Let’s ask Mr. Router to explain it: If the router could talk, it would say “you’re not calling in, unless someone calls out first. And when they call out through port 1000, you can call in through ports 2000-3000 only. And when they disconnect, your connection will be terminated shortly thereafter.”
While “basic” router port forwarding is the most commonly used method, it does have a few minor drawbacks. First, Basic port forwarding rules are active 24/7, even when the port is not in use by the application they were intended for. Secondly, Basic port forwarding rules are designed to forward requests to one specific device; whereas, port triggers are not bound to one device based on the IP addresses.
Instances where you might use port triggers include: download utilities such as BitTorrent software, etc.
What is UPnP/NAT-PMP?
UPnP and NAT-PMP are temporary and automatic port forwarding rules designed for use inside of your LAN.
UPnP is basically an automated router port forwarding rule used by media devices. The router opens an unspecified port for a period of time while the media is being transferred, and then closes the port automatically when the connection is terminated. The port it opens may be different each time.
NAT-PMP is a protocol used by Apple, also known as “Bonjour.” Bonjour is often used by media servers (such as iTunes) to locate and transfer data for both Mac and Windows computers.
I’m not a fan of Bonjour on a Windows machine. If you’re on a MAC, no problem. If you’re running Windows, you might consider alternative apps for managing your media.
I’ve seen Bonjour prevent Windows clients from connecting to wireless networks. There are ways to circumvent the wifi connectivity issue but it requires a custom installation. Even so, when an update is required, the user must remember to only install certain portions of the software. I realize this was a bit off-topic, but I’ve spent hours trying to troubleshoot WiFi issues due to Bonjour. I just thought I would share some insight in case you ever run into it.