Webafrica does not block any ports and any potential problems with port forwarding will be isolated to the customer's equipment. This article aims to provide you with the basic information required to go the extra mile and offer towards delivering ACE service on each and every call.
There will often be times when a client will request assistance with a method of making devices available on your LAN called Port Forwarding. This is done by configuring certain ports to trigger when requested on the WAN, which then sends the request to an internally configured IP and port. For example if I have a camera system in my house and I wish to view the cameras from work, I will need to configure a port to access from the outside, such as 8800 and then point it at the IP address of the camera system and then port 80 as it is the port that I want to be able to log into the system and view the footage.
Port Forwarding can be required for many different reasons, whether you want to host a games server, view your cameras or even get a Remote Desktop session to your home PC, port forwarding can serve all of these requirements. To achieve any of these outcomes there are a few criteria that need to be met and configured to get the function working. Firstly, the most important fact to remember is that you will be connecting to the router's public IP address and that if the client has no static IP service they will need to have a service called Dynamic DNS otherwise they will need to change the IP to which they connect every few days due to the changing of public IP’s.
Once you have the public IP you will need to decide what port you want to use as the external trigger. Generally, it is not best practice to use the same port as the port you are pointing to. By this, I mean that, for example, if we want to set up a remote desktop session to a PC on a LAN we would need to follow. The port that needs to be open on the LAN side, in RDP’s case it’s 3389, with a different port on the WAN side, I like to use 3398 for RDP’s WAN port trigger. This, of course, is not a forced rule it is just something to consider when you are configuring port forwarding.
First, we need to configure a port forward on a router. We are going to do port forwards to allow me to access my PC via RDP.
What do we need?
We need to know what IP address my PC has on the LAN, bare in mind if my PC doesn’t have a static IP address it would be a good idea to assign it one or set a DHCP reservation.
We need to know what port RDP requires, in this case, it is 3389.
Finally, we need to decide what port we are going to use from the outside on the WAN. We will use, 3398.
First you will need to log into the router, in this, we will use the TP-Link C20 as it is the standard router we send out to our clients. Please note however that setting up any port forwarding would follow similar steps.
Once logged into the router you will go to Forwarding > Virtual Server
Selecting Add New will bring you to the below screen where we can input our values we decided earlier
Now using the values we know from earlier we will fill in the respective fields.
Service Port: 3398
IP Address: 192.168.1.100
Internal Port: 3389
Protocol: Either TCP or UDP, in this case, we can leave it as All
Status: Set to Enabled
Common Service Port: Can be left as is
A simple way to test this is to use a site called “canyouseeme” which allows you to test if a port is successfully open on you LAN. You simply type in the port number you wished to open and hit Check Port. It will either come back saying it was successful or that it can’t see the open port.
Accessing Your Port Forward
Obviously what would be the point of performing these configurations if we didn’t know how to utilize them.
All depending on what kind of Port Forward you have configured will decide on how you will be accessing it. In our case, we configured a Port Forward so that we can RDP into our home machine from a remote location. You should all have at least heard about RDP (Remote Desktop Protocol), you can think of it sort of like Team-viewer but for Windows machines.
To access a normal machine using RDP you generally type in the IP or Host-name of the device and hit connect. Bare in mind RDP needs to be enabled on the machine you are connecting to as if it is not the connection will be rejected. So for us now we need to type in the Public IP of our router as well as the port we have specified because we are not using the default. If we were using the default port you can simply type in the IP/Host-name.
As mentioned before, due to the changing nature of normal Public IP’s, they only last around 3 days/72 hours, it is strongly recommended that a client make use of a Dynamic DNS service such as DYNDNS though there are others. This will change their Public IP into an A Record that will resolve anywhere on the internet. For example <RouterNum>.sn.mynetname.net will resolve to a Mikrotik with its built-in Dynamic DNS function, this, of course, is only on Mikrotik routers but the idea behind the record is the same.
However, if we are trying to access something like a router/firewalls web GUI, we will need to use the web browser, the same way you access it on the LAN basically. With a slight twist as of course, you need to include the port that will be triggering the web GUI. For instance, if I configured the Port Forward for my router to use port 8800 externally I would access it the following way.