We cover a lot of articles that feature accessing files and features from inside and outside of your network. This usually entails forwarding ports, something that may seem daunting for beginners, but it’s actually pretty simple to do.
There are plenty of projects we’ve covered that use your computer as a server for other devices. When you’re inside of your network, things are great and they work. When you’re trying to access things from outside of your network, things get significantly hairier, so let’s take a look at why that is.
Port ForwardingFrom Inside of Your Network
Here’s a map of a simple home network.
As you can see, you’ve got three computers with unique IP addresses all connected to a router. You can easily access the other computers, but when they all access the internet, they go through the router. The router has an IP address that’s relative for you network, but it also has an external IP, one that it uses when interacting with things outside of your network. Whenever these computers make a request towards the internet, they all use the same IP – 127.34.73.214 in our example. Simple requests, such as loading web sites, are automatically handled by the router and are sent to their appropriate places. It’s not too difficult because each computer starts with a unique request, so it’s not hard for the router to figure out where things should go.
Ports and Protocols
Ports help make this process easier. If an IP is like a building’s address, then ports are like the apartment numbers for the residences in the building. Lower numbered ports have specific applications which are standards throughout the computing industry. When you fetch a web page, for example, it uses port 80. The receiving computer’s software knows that port 80 is used for serving http documents, so it listens there and responds accordingly. If you send an http request over a different port – say, 143 – the web server won’t recognize it because it’s not listening there, although something else might be.
Secure shell uses port 22, and VNC is usually done over port 5900. These ports can be changed for different uses, like when you have multiple instances of programs running for different purposes. To avoid interfering with other standard-abiding applications, it’s best to use larger numbers for these alternate configurations. Plex Media Server uses port 32400, for example, and Minecraft servers use 25565 – both numbers that fall into this “fair game” territory.
Each port can be used via either TCP or UDP. TCP, or Transmission Control Protocol, is what’s used most commonly. UDP, or User Datagram Protocol, is less widely used in home applications with one major exception: BitTorrent. Depending on what is listening, it’ll be expecting requests to be made in either one or the other of these protocols.From Outside Your Network
Now let’s take a look at what happens when a device outside of the network starts a request.
Let’s say you’re out and about and what to access a file on your network. Your computer makes a request to your home network’s IP, 127.34.73.214, which then goes to your router. Your router doesn’t know which computer to send it to.
Thankfully for us, we can configure our router to forward ports. This means that depending on the port number that the request is sent over, the router can pass it along to different IP addresses.
So in this example, when you’re out and about and using your laptop, you use different ports to make your requests. When you access your home network’s IP address using port 22, your router at home knows that this should go to 192.168.1.100 inside the network. Then, the SSH daemon on your Linux installation will respond. At the same time, you can make a request over port 80, which your router will send to the web server at 192.168.1.150. Or, you can try to remotely control your sister’s laptop with VNC, and your router will connect you to it at 192.168.1.200. Pretty clever, right?
You can even tell the router to change ports! For example, let’s say you have two web servers.
When you access your home network via the standard port, 80, you can tell your router to send it to 192.168.1.150. The web server there will be listening at port 80 and will respond accordingly. But, you can tell your router that when you access it via port 10,000, that it should go to another computer, 192.168.1.250, but also at port 80. This way, the second computer doesn’t have to be reconfigured to use a different port, but you can still manage traffic effectively.
EDIT: Corrected the above image (the orange IP address erroneously read 192.168.1.150 originally).
Before Configuring Your Router
There are a few things you need to be aware of when you decide on setting up port forwarding.
- If you’re using DHCP, then each device’s IP has the potential to change in the future, and when it does you’ll need to reconfigure your port forwarding settings. For this reason, it’s best to configure your “server” computers with a static IP. Some routers have the ability to “reserve” or “assign” IPs via DHCP that will NOT change in the future, allowing you the best of both worlds, but not all do.
- When you access your network externally, you will need to know your router’s external IP address. This can be easily found from someone inside the network by visiting whatismyip.com. This address can also change. One way to avoid this is to get a domain name redirect, so that when you go to http://myreallyawesomedoman.com, it’ll be your home network regardless of its changing IP.
- Using custom ports may trigger your antivirus or firewall, so you may have to add exceptions on your home computers to allow outside access on whatever ports you specify. This is a security risk to some extent, so be careful and take proper precautions!
That being said, if you’re careful and configure things properly, you’ll never have to worry once you’re all set up.
Each manufacturer has different software that they use on their routers. We took screenshots of the port forwarding settings from each of the major brands as well as our near and dear DD-WRT. We’re assuming that you know how to access your router and you know the proper username and password. If you don’t, check out your documentation, your router’s label, or your manufacturer’s website.Cisco/Linksys
You’ll see port forwarding under Applications and Gaming. Under “Single Port Forwarding,” you can add individual ports to specific IPs. Under “Port Range Forwarding,” you can easily forward whole ranges of ports at a time.DLink
DD-WRT and similar third-party router firmwares will usually have port forwarding as a tab under the NAT/Quality of Service section. Remember, clicking “Save” in DD-WRT saves your changes but doesn’t apply them immediately, so be sure to hit “Apply Settings,” too.
Regardless of what software is on your router, you’ll be required to enter the same type of information. First, you’ll see a text field where you can type in the name of the application or service. Next, you’ll see which incoming port your router should watch for. Then, you’ll be able to choose which protocol to watch for. A little online research should be able to tell you which one, but if you’re not sure you can choose both. You’ll need to choose which IP address is the destination for this port’s requests. Lastly, you’ll be able to choose which port the request should be targeted to on the destination IP.
Many firmwares will allow you to save many rules but selectively enable them as needed. If yours does it, be sure to check the “Enable” column’s boxes for all the rules you want active.
Now, if you want to check and be sure your router’s port is open and functioning, there are plenty of tools you can use to help you determine this. My favorite, however, is a web-based tool – the You Get Signal Port Forwarding Tester.
All you have to do is enter your port number in the box. Your external IP should be provided already, but if not, just click the “Use Current IP” link, then hit the “Check” button. This will check if your router has the port open and if it’s getting to a place on your network that can handle it.
If everything’s good, you’ll see a green flag icon and a message that says that your port is open. Ultimately, though, you can try to access your forwarded service by using your external IP address. For example, to check to see if your SSH server is properly forwarded, try to connect to it using the IP reported on whatismyip.com and the proper port.
Now that you know how configure your router to forward ports, you may want to revisit some of our articles and try to enable access from outside of your network. If you’ve got any interesting experiences or tips, share them in the comments!