Port Forwarding 101





INTRODUCTION

Webafrica does not block any ports and any potential problems with port forwarding will be isolated to the customer's equipment. This article aims to provide you with the basic information required to go the extra mile and offer towards delivering ACE service on each and every call.

There will often be times when a client will request assistance with a method of making devices available on your LAN called Port Forwarding. This Is done by configuring certain ports to trigger when requested on the WAN, which then sends the request to an internally configured IP and port. For example if I have a camera system in my house and I wish to view the cameras from work, I will need to configure a port to access from the outside, such as 8800 and then point it at the IP address of the camera system and then port 80 as it is the port that I want to be able to log into the system and view the footage.

Theory

Port Forwarding can be required for many different reasons, whether you want to host a games server, view your cameras or even get a Remote Desktop session to your home PC, port forwarding can serve all of these requirements. To achieve any of these outcomes there are a few criteria that need to be met and configured to get the function working. Firstly, the most important fact to remember is that you will be connecting to the router's public IP address and that if the client has no static IP service they will need to have a service called Dynamic DNS otherwise they will need to change the IP to which they connect every few days due to the changing of public IP’s. 

Once you have the public IP you will need to decide what port you want to use as the external trigger. Generally it is not best practice to use the same port as the port you are pointing to. By this I mean that, for example, if we want to setup a remote desktop session to a PC on a LAN we would need to following. The port that needs to be open on the LAN side, in RDP’s case it’s 3389, with a different port on the WAN side, I like to use 3398 for RDP’s WAN port trigger. This of course is not a forced rule it is just something to consider when you are configuring port forwarding. 


How To

First we need to configure a port forward on a router. We are going to do port forwards to allow for me to access my PC via RDP. 

What do we need?

We need to know what IP address my PC has on the LAN, bare in mind if my PC doesn’t have a static IP address it would be a good idea to assign it one or set a DHCP reservation. 

We need to know what port RDP requires, in this case it is 3389.

Finally we need to decide what port we are going to use from the outside on the WAN. We will use 3398.

First you will need to log into the router, in this we will use the TP-Link C20 as it is the standard router we send out to our clients. Please note however that setting up any port forwarding would follow similar steps.

Once logged into the router you will go to Forwarding > Virtual Server 




Selecting Add New will bring you to the below screen where we can input our values we decided earlier




Now using the values we know from earlier we will fill in the respective fields.

Service Port: 3398

IP Address: 192.168.1.100

Internal Port: 3389

Protocol: Either TCP or UDP in this case we can leave it as All

Status: Set to Enabled

Common Service Port: Can be left as is


A simple way to test this is to use a site called “canyouseeme” which allows you to test if a port is successfully open on you LAN. You simply type in the port number you wished to open and hit Check Port. It will either come back saying it was successful or that it can’t see the open port.



 




Accessing Your Port Forward

Obviously what would be the point of performing these configurations if we didn’t know how to utilize them. 

All depending on what kind of Port Forward you have configured will decide on how you will be accessing it. In our case we configured a Port Forward so that we can RDP into our home machine from a remote location. You should all have at least heard about RDP (Remote Desktop Protocol), you can think of it sort of like TeamViewer but for Windows machines. 

To access a normal machine using RDP you generally type in the IP or Hostname of the device and hit connect. Bare in mind RDP needs to be enabled on the machine you are connecting to as if it is not the connection will be rejected. So for us now we need to type in the Public IP of our router as well as the port we have specified because we are not using the default. If we were using the default port you can simply type in the IP/Hostname.



As mentioned before, due to the changing nature of normal Public IP’s, they only last around 3 days/72 hours, it is strongly recommended that a client make use of a Dynamic DNS service such as DYNDNS though there are others. This will change their Public IP into an A Record that will resolve anywhere on the internet. For example <RouterNum>.sn.mynetname.net will resolve to a Mikrotik with its built in Dynamic DNS function, this of course is only on Mikrotik routers but the idea behind the record is the same.



However if we are trying to access something like a router/firewalls web GUI, we will need to use the web browser, the same way you access it on the LAN basically. With a slight twist as of course you need to include the port that will be triggering the web GUI. For instance if I configured the a Port Forward for my router to use port 8800 externally I would access it the following way.


Common Ports

  FTP

  21

  SSH

  22

  Telnet

  23

  SMTP

  25

  DNS

  53

  HTTP

  80

  POP3

  110

  IMAP

  143

Remote Desktop

3389

RTSP

554




Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.