What is Port Forwarding? And what is it used for?
By Tibor Moes / Updated: July 2023
What is Port Forwarding?
Have you ever downloaded a movie via a torrent program? Have you ever played a multiplayer game that is hosted on someone else’s network? Or have you ever accessed your home network from another location using a VPN server? If you have done any of these things, you have already been engaged in a complex internet networking process called port forwarding.
This article will tell you everything you need to know about the process of port forwarding, what it’s used for, and what its main benefits are.
Summary
-
Port forwarding, also known as tunneling, is a network technology procedure that enables external devices to access services on a private network. This is achieved by rerouting communication requests from one address and port number combination to another while packets traverse a network gateway.
-
It is extensively used in scenarios where certain applications or services need to be accessible from the internet, including online gaming, torrent downloads, and hosting web servers. These applications typically require direct communication with devices on your private network, which isn’t possible due to NAT (Network Address Translation) mechanisms used by most routers.
-
While port forwarding can grant outside access and improve connectivity, it also presents a potential risk as it exposes your internal network to the internet. As such, it’s crucial to exercise due caution by only forwarding necessary ports and implementing robust security measures such as using strong, complex passwords and up-to-date firewall settings.
Don’t become a victim of cybercrime. Protect your devices with the best antivirus software and your privacy with the best VPN service.
What is Port Forwarding? – In-depth
Port forwarding is a process that gives someone outside of your network access to an application, program, or device within your private network. It’s otherwise known as port mapping or port tunneling. In the simplest terms, port forwarding allows other people on the internet to connect to you.
To truly understand what port forwarding means, we have to define ports first. To be clear, we aren’t talking about physical ports you’ll find on your computer, TV, router, or similar devices.
In this context, ports can be defined as numbers that mark the beginning and the end of a network connection. Ports are used by services and programs to exchange digital information.
A port number is used to identify an internet service, which computers use to differentiate between various types of traffic. For example, the Hypertext Transfer Protocol (HTTP) uses Port 80. The File Transfer Protocol (FTP) uses Ports 20 and 21. There are 65,000 ports, and each IP address is paired with one port at a time for a single connection. Regular internet use typically requires a dozen widely known and secure ports to obtain information.
Port forwarding works in two directions. It’s used to send traffic from an external network to a private local area network (or a private LAN). Conversely, it allows a local device within a private network to connect to a public IP address.
The reason port forwarding is otherwise known as port mapping is because this process creates a map between a local area network (LAN) IP address and a wide area network (WAN) IP address.
How Does Port Forwarding Work?
Understanding port forwarding requires you to know how internet networking works. Every time a device is linked to a particular network, it’s assigned a unique identifier. This is otherwise known as an IP address.
Don’t confuse this term with your public IP address, which is provided by your Internet Service Provider (ISP). Your public IP address is used to identify your router. We’re actually talking about a private IP address, which is a unique identifier for your device within the private network.
Every time you connect a device to your home network, be it a laptop or a mobile phone, the device receives a unique IP address.
This process doesn’t only happen with your home router. In fact, a private LAN doesn’t only apply to devices connected to your home network. It also refers to connecting to private networks outside of your home, like your office Wi-Fi or the Wi-Fi in a coffee shop.
Private or internal IP addresses are normally only accessible to devices connected to your router. A private IP address alone wouldn’t be enough to create a connection between your device and other devices outside your home network.
That’s because the access request won’t be able to pass through the device’s network gateway, which is usually some form of firewall protection.
This is where port forwarding comes in. It uses a process called Network Address Translation (NAT) to transcript private IP addresses into public IP addresses. To be more specific, a NAT router converts a connection request before a firewall can detect an error and close off the channel. For example, for outbound packets, NAT replaces the device’s private IP with the assigned WAN IP from the router, making it comprehensible for outside servers. NAT can also mask port numbers by assigning different port numbers to outbound connections to differentiate between devices using the same external port number.
For example, let’s say your private LAN has two devices connected to it, which are assigned an internal IP address. To keep these simple, let’s say they are 192.168.1.1 and 192.168.1.2, respectively. During the setup process, the network was assigned a public IP of 200.101.250.1.
If both local devices decide to use port 2025 to ask for information from a server, the router would see two separate requests for the same port. With regular NAT and with no port forwarding rules, the single outbound IP address would be 200.101.250.1/2025. This would be enough to reach the destination, but it will be impossible to direct server responses back to the correct device.
A router can use port forwarding to map the devices to separate outbound ports. For example, communication from 192.168.1.1/2025 is translated to 200.101.250.1/2025, while 192.168.1.2./2025 is mapped to 200.101.250.1/2026.
Keep in mind that you need to configure port forwarding settings, or your router won’t know where to direct the connection request sent by the other device. The port forwarding process for daily use is typically automatic and applications that were built to facilitate inter-device communication handle the process without much user input.
Manual port forwarding can be done by entering the router’s internal IP address in a web browser and going to the router’s configuration login page. At this point, you’ll be able to go through the port forward process.
To do this, it’s important to know your router’s private IP address. If you don’t know what it is, simply open the command prompt on your computer. Type in “ipconfig” and press the “Enter” key on your keyboard.
Your router’s IP address will be written next to “default gateway.” You can also see your computer’s IP address in the same window, written next to “IPv4 Address.” Now, let’s go back to the port forwarding configuration page.
A forwarded port is also called an opened port, which is necessary to enable the connection request from an external IP address. All you need to do is specify which port should be forwarded from one device to another.
Once you complete the port forward process, the connection between the internal network and the external port will be complete.
Doing this allows you to access a private application, program, or device from anywhere outside your home network. There are three requirements that must be met during this entire process. Your internet connection must be working, the local device needs to be connected to the same network, and the port must remain open until the data transmission process is over.
Types of Port Forwarding
There are three types of port forwarding: local port forwarding, remote port forwarding, and dynamic port forwarding.
Local Port Forwarding
The most common type of port forwarding is local port forwarding, which you can use to connect to another server from your local computer. Local port forwarding can provide remote access to a device which is typically unavailable to all but a few other devices on its local network, which become the forwarding points. This form of port forwarding employs the so-called Secure Shell Protocol (SSH).
The SSH tunnel is used to safely forward digital information from another client application without being blocked by firewalls. An SSH server uses this technology to connect remote computers with a local port.
In other words, through an SSH server, local port forwarding can bypass an unsecured network in order to operate network services. Note that the local port must be located on the same device as the Secure Shell Protocol client.
Remote Port Forwarding
As opposed to local port forwarding, remote port forwarding creates a direct link between applications on the server side of a Secure Shell Protocol connection and the services located on the client’s side of an SSH server. In other words, anyone who is on the distant server can use remote port forwarding to connect to a device whose public IP address and NAT port are known.
Businesses based on remote operation use remote port forwarding to provide the employees with a host server. In this case, the server gives the employees access to the business’s internal devices.
Dynamic Port Forwarding
Before we explain dynamic port forwarding, we have to make a distinction between a dynamic IP address and a static IP address. A dynamic IP address changes every time you connect to the internet, as opposed to a static IP address, which always stays the same.
Dynamic IP addresses directly correlate to dynamic port forwarding because it is constantly required to bypass the Network Address Translation and firewalls. It does this by using ports that aren’t protected by firewalls, otherwise known as firewall pinholes.
In dynamic port forwarding, the Secure Shell Protocol acts as a SOCKS proxy server. In case you are unfamiliar with proxy servers, they represent an intermediary between a large-scale network and a local network. You can also view a proxy server as a tunnel through which data is transmitted from one device to another.
Dynamic port forwarding isn’t used as much as local and remote port forwarding, but is an extension of both systems. This is because it requires manual reconfiguration every time the proxy is no longer needed. That being said, this type of port forwarding is extremely useful because it allows users to recycle unused open ports.
It’s commonly used by hotels, coffee shops, restaurants, and other establishments that are fine with a minimally secure network.
Examples of Port Forwarding
Port forwarding is used more than you think. For example, security cameras, torrents, gaming, and home automation are just some of the different devices and software that employ port forwarding.
Most common examples of port forwarding include providing someone outside of your local network public access to a web server. Port forwarding is also used when you want to access your network or computer remotely.
Let’s take a closer look at what port forwarding is used for.
Gaming
Port forwarding is commonly used for gaming when you want to give someone outside of your network access to a game server that you’re running.
For example, if your friend has a public Minecraft server, you can use port forwarding to join the server and play. If you wanted to join the server, the only way you would be able to do this (without the port forward process) is to either use the same external IP address or join their local area network (LAN).
If you want to use the Minecraft server your friend created from your home, you would need to send a forwarded port request to their router. After you do this, your friend would have to type in your port number in the port checker on their computer.
You can even use this connection method for your PlayStation or your Xbox.
Surveillance and Security
Port forwarding allows you to watch security camera footage from another address. This is extremely useful when you’re away from home, but you want to monitor a property. In this case, forwarding ports lets you access the footage from anywhere in the world.
Backups
Another common use of forwarding ports is backing up your data and files on cloud storage. Not only does it allow you to access your backed-up files from remote servers, but you can also share your backed-up files with other users, no matter where they are.
Accessing Restricted Websites
While there are different ways you can access restricted websites, port forwarding is one of the easiest ones. All you need is the website’s IP address and the right port number for the connection.
This is also useful for accessing geo-restricted content, so you will be able to access websites that otherwise wouldn’t be available in your region.
Virtual Desktops
By entering the correct port number in the configuration window, you’ll be able to access a virtual desktop remotely. This is handy when large-scale virtual desktops are stored on the cloud, giving you instant access no matter where you are.
Other Applications
Here are some other useful applications of port forwarding:
-
Recovering router passwords that you can’t remember or don’t have access to
-
Setting up an educational server which you can share with other users
-
Using baby monitors when you’re not currently home
-
Checking something on your home computer when you’re at the office
-
Preventing denial-of-service attacks
-
Contacting an Internet of Things (IoT) device
-
Accessing a service on a Plex or a Synology NAS
Is Port Forwarding Safe?
You may be wondering if it’s safe to forward ports on your router. While port forwarding has many benefits, it also comes with some security risks.
Remember, port forwarding is used to bypass proxy servers and firewalls, which are otherwise used to protect your network security from incoming traffic from external sources. The internet is a dangerous place, and firewalls are there to strengthen your cyber security.
When you are opening a port for another user to access your private network, you are essentially creating an opening for an intruder.
Of course, the risk level depends on what you’re using port forwarding for. Additionally, the more people you forward your IP address to, the greater the risk of hackers, viruses, or malicious traffic coming your way.
Even if you use a VPN for an extra layer of protection, you are still at risk of port fail attacks. Otherwise known as port fail vulnerability, this happens when the user who has your port number exposes your private IP address. This risk can even occur when the other person, or you, haven’t enabled the port forward process.
In the worst-case scenario, someone to who you never meant to give your IP address will be able to reach your home network, which can turn into a really dangerous situation. Doing so can give unauthorized users full control of your home device.
These are some of the different ways you can make port forwarding safer and avoid a serious privacy risk:
-
Use the latest security updates for your internet connection.
-
Only use strong passwords, following security recommendations (for example, add numbers, capitalized letters, special characters, etc.).
-
Change all your passwords frequently.
-
Install a Virtual Private Network (VPN) for added protection.
-
Close all the ports you opened when you no longer need them.
-
Don’t turn off your security firewall.
-
Use key-based authentication.
-
Update the software on your device regularly.
Above all, you need to be careful about who you share your ports with. Don’t just establish a connection with anyone online.
This also means that you shouldn’t share your private IP address on any websites, like public forums. Doing this would be the same as telling everyone your email password and bank account pin.
The safest way to forward posts is to do it in moderation and only with users you know and trust.
How to stay safe online:
- Practice Strong Password Hygiene: Use a unique and complex password for each account. A password manager can help generate and store them. In addition, enable two-factor authentication (2FA) whenever available.
- Invest in Your Safety: Buying the best antivirus for Windows 11 is key for your online security. A high-quality antivirus like Norton, McAfee, or Bitdefender will safeguard your PC from various online threats, including malware, ransomware, and spyware.
- Be Wary of Phishing Attempts: Be cautious when receiving suspicious communications that ask for personal information. Legitimate businesses will never ask for sensitive details via email or text. Before clicking on any links, ensure the sender's authenticity.
- Stay Informed. We cover a wide range of cybersecurity topics on our blog. And there are several credible sources offering threat reports and recommendations, such as NIST, CISA, FBI, ENISA, Symantec, Verizon, Cisco, Crowdstrike, and many more.
Happy surfing!
Frequently Asked Questions
Below are the most frequently asked questions.
What is VPN Port Forwarding?
Is Port Forwarding necessary?
Because computers are protected by firewalls, which block incoming traffic from external sources, no one else can access your local network. While this is useful for fending off viruses and hackers, it prevents users we want to connect with from coming into contact with our home network.
What is Port Triggering?
On one hand, port triggering directs incoming traffic to an internal host machine. On the other, the target device is selected dynamically, and the port isn’t opened permanently. Rather, the connection request triggers a port forwarding rule, which has a direct impact on the incoming traffic.
Author: Tibor Moes
Founder & Chief Editor at SoftwareLab
Tibor has tested 39 antivirus programs and 30 VPN services, and holds a Cybersecurity Graduate Certificate from Stanford University.
He uses Norton to protect his devices, CyberGhost for his privacy, and Dashlane for his passwords.