We cover a lot of articles that feature accessing files and features
from inside and outside of your network. This usually entails forwarding
ports, something that may seem daunting for beginners, but it’s
actually pretty simple to do.
There are plenty of projects we’ve covered that use your computer as a
server for other devices. When you’re inside of your network, things
are great and they work. When you’re trying to access things from
outside of your network, things get significantly hairier, so let’s take
a look at why that is.
Port Forwarding
From Inside of Your NetworkHere’s a map of a simple home network.
As you can see, you’ve got three computers with unique IP addresses
all connected to a router. You can easily access the other computers,
but when they all access the internet, they go through the router. The
router has an IP address that’s relative for you network, but it also
has an external IP, one that it uses when interacting with things
outside of your network. Whenever these computers make a request towards
the internet, they all use the same IP – 127.34.73.214 in our example.
Simple requests, such as loading web sites, are automatically handled by
the router and are sent to their appropriate places. It’s not too
difficult because each computer starts with a unique request, so it’s
not hard for the router to figure out where things should go.
Ports and Protocols
Ports help make this process easier. If an IP is like a building’s
address, then ports are like the apartment numbers for the residences in
the building. Lower numbered ports have specific applications which are
standards throughout the computing industry. When you fetch a web page,
for example, it uses port 80. The receiving computer’s software knows
that port 80 is used for serving http documents, so it listens there and
responds accordingly. If you send an http request over a different port
– say, 143 – the web server won’t recognize it because it’s not
listening there, although something else might be.
Secure shell uses port 22, and VNC is usually done over port 5900.
These ports can be changed for different uses, like when you have
multiple instances of programs running for different purposes. To avoid
interfering with other standard-abiding applications, it’s best to use
larger numbers for these alternate configurations. Plex Media Server
uses port 32400, for example, and Minecraft servers use 25565 – both
numbers that fall into this “fair game” territory.
Each port can be used via either TCP or UDP. TCP, or Transmission
Control Protocol, is what’s used most commonly. UDP, or User Datagram
Protocol, is less widely used in home applications with one major
exception: BitTorrent. Depending on what is listening, it’ll be
expecting requests to be made in either one or the other of these
protocols.
From Outside Your NetworkNow let’s take a look at what happens when a device outside of the network starts a request.
Let’s say you’re out and about and what to access a file on your
network. Your computer makes a request to your home network’s IP,
127.34.73.214, which then goes to your router. Your router doesn’t know
which computer to send it to.
Thankfully for us, we can configure our router to forward ports. This
means that depending on the port number that the request is sent over,
the router can pass it along to different IP addresses.
So in this example, when you’re out and about and using your laptop,
you use different ports to make your requests. When you access your home
network’s IP address using port 22, your router at home knows that this
should go to 192.168.1.100 inside the network. Then, the SSH daemon on
your Linux installation will respond. At the same time, you can make a
request over port 80, which your router will send to the web server at
192.168.1.150. Or, you can try to remotely control your sister’s laptop
with VNC, and your router will connect you to it at 192.168.1.200.
Pretty clever, right?
You can even tell the router to change ports! For example, let’s say you have two web servers.
When you access your home network via the standard port, 80, you can
tell your router to send it to 192.168.1.150. The web server there will
be listening at port 80 and will respond accordingly. But, you can tell
your router that when you access it via port 10,000, that it should go
to another computer, 192.168.1.250, but also at port 80. This way, the
second computer doesn’t have to be reconfigured to use a different port,
but you can still manage traffic effectively.
EDIT: Corrected the above image (the orange IP address erroneously read 192.168.1.150 originally).
Before Configuring Your Router
There are a few things you need to be aware of when you decide on setting up port forwarding.
- If you’re using DHCP, then each device’s IP has the potential to change in the future, and when it does you’ll need to reconfigure your port forwarding settings. For this reason, it’s best to configure your “server” computers with a static IP. Some routers have the ability to “reserve” or “assign” IPs via DHCP that will NOT change in the future, allowing you the best of both worlds, but not all do.
- When you access your network externally, you will need to know your router’s external IP address. This can be easily found from someone inside the network by visiting whatismyip.com. This address can also change. One way to avoid this is to get a domain name redirect, so that when you go to http://myreallyawesomedoman.com, it’ll be your home network regardless of its changing IP.
- Using custom ports may trigger your antivirus or firewall, so you may have to add exceptions on your home computers to allow outside access on whatever ports you specify. This is a security risk to some extent, so be careful and take proper precautions!
That being said, if you’re careful and configure things properly, you’ll never have to worry once you’re all set up.
Router Brands
Each manufacturer has different software that they use on their
routers. We took screenshots of the port forwarding settings from each
of the major brands as well as our near and dear DD-WRT.
We’re assuming that you know how to access your router and you know the
proper username and password. If you don’t, check out your
documentation, your router’s label, or your manufacturer’s website.
Cisco/Linksys
You’ll see port forwarding under Applications and Gaming. Under
“Single Port Forwarding,” you can add individual ports to specific IPs.
Under “Port Range Forwarding,” you can easily forward whole ranges of
ports at a time.
DLinkNetgear
DD-WRT
DD-WRT and similar third-party router firmwares will usually have
port forwarding as a tab under the NAT/Quality of Service section.
Remember, clicking “Save” in DD-WRT saves your changes but doesn’t apply
them immediately, so be sure to hit “Apply Settings,” too.
Basic Instructions
Regardless of what software is on your router, you’ll be required to
enter the same type of information. First, you’ll see a text field where
you can type in the name of the application or service. Next, you’ll
see which incoming port your router should watch for. Then, you’ll be
able to choose which protocol to watch for. A little online research
should be able to tell you which one, but if you’re not sure you can
choose both. You’ll need to choose which IP address is the destination
for this port’s requests. Lastly, you’ll be able to choose which port
the request should be targeted to on the destination IP.
Many firmwares will allow you to save many rules but selectively
enable them as needed. If yours does it, be sure to check the “Enable”
column’s boxes for all the rules you want active.
Now, if you want to check and be sure your router’s port is open and
functioning, there are plenty of tools you can use to help you determine
this. My favorite, however, is a web-based tool – the You Get Signal Port Forwarding Tester.
All you have to do is enter your port number in the box. Your
external IP should be provided already, but if not, just click the “Use
Current IP” link, then hit the “Check” button. This will check if your
router has the port open and if it’s getting to a place on your network
that can handle it.
If everything’s good, you’ll see a green flag icon and a message that
says that your port is open. Ultimately, though, you can try to access
your forwarded service by using your external IP address. For example,
to check to see if your SSH server is properly forwarded, try to connect
to it using the IP reported on whatismyip.com and the proper port.
Now that you know how configure your router to forward ports, you may want to revisit some of our articles and try to enable access from outside of your network. If you’ve got any interesting experiences or tips, share them in the comments!
No comments:
Post a Comment