What is Port Forwarding, and How Safe is It to Use in 2024?

Abeerah Hashim  - Security Expert
Last updated: July 30, 2024
Read time: 14 minutes Disclosure
Share

If you want to learn what port forwarding is, how it works, and how to set it up, this straightforward guide is for you. Read to know all that and more.

Most people view networking as a complicated knowledge space. The sheer volume of acronyms makes the state of confusion even worse. Frankly, it is not a simple topic to understand, and so much is involved that it will require decades of study and experience. But understanding port forwarding is not that complicated, either.

In this article, we present you with a simpler way to understand the basics of the concept. Particularly, we will look at what port forwarding is, how it works, and if it is safe to use.

What is port forwarding, and how does it work?

Port forwarding enables incoming internet connections to access specific programs and devices on a private network. Remember that the private network can comprise devices connected to a router or users to a VPN.

If a computer tries to connect to your device when the NAT firewall is active, the connection is jammed or discarded. However, it lets unsolicited connections pass through the NAT firewall on particular ports. As a result, devices on the internet can launch connections and access any service. For instance, other users on a P2P network can download a file from your device.

To fully understand the process, you must first understand a NAT firewall. Both routers and VPNs have it. Also, each device connected to a VPN server or router uses the same public IP address but gets a unique private IP address.

Network Address Translation (NAT) is what enables multiple devices to share a single IP address. See, incoming connections must go to the VPN server or router through the public IP address. Then, the connections are forwarded to individual devices via their private IP addresses or port number.

On the other hand, outgoing requests are attached to a specific port number. Usually, the number is included when they receive a response, indicating the recipient device for the data. However, it will be discarded if you get an unsolicited connection request without a port number. This is how NAT blocks malicious requests, thereby creating an effective firewall.

Nonetheless, you may need to allow unsolicited connections in some situations. Port forwarding lets you create a passage through the NAT firewall to permit inbound connections containing the specified port. Then, these connections will be forwarded to the device you have specified in your setup.

What is port forwarding used for?

As you can see above, the port forwarding concept may seem like a purview reserved for professional developers and programmers. However, although these people heavily use port forwarding, it also comes in handy for the average computer user.

Below are some of the common uses of port forwarding:

  • Allowing file transfers from your computer to third parties
  • Hosting game servers for multiplayer games available outside your home network
  • Operating a publicly accessible website from your local computer
  • Running remote desktop protocols to access your computer from anywhere
  • Hosting your own VPN server so you can access your home network remotely
  • Using torrent applications to download files quickly

Although you can accomplish most of these tasks without port forwarding, it provides an easy solution.

Is it safe to forward ports?

Generally, it allows people outside your network to access your computer. As we mentioned earlier, NAT is the technology that enables several devices to share a single IP address. In addition, it safeguards your devices from external attacks.

Note: Disabling NAT with port forwarding opens up your device to direct internet connections. Also, anyone from anywhere can access your computer if you port forward a remote desktop connection to the internet, which can be risky.

Is it possible to get hacked with port forwarding? Unfortunately, yes, but it is not likely if you take the necessary computer security measures.

More importantly, using it responsibly requires diligence and care. Use the following general tips to stay safe when using port forwarding:

  • Update your devices regularly. This will help your operating system to discover and fix bugs promptly. Otherwise, there might be a vulnerability that a hacker might take advantage of and access your computer.
  • Use a strong password. When running a remote access connection, your password will determine your computer’s security level. Unfortunately, hackers are running numerous passwords per second, trying to access every device connected to the internet. A strong password or key-based authentication is the best way to eliminate this weakness.
  • Avoid exposing more than you need. After understanding how port forwarding works, you may want to use it on every device or service. This is highly discouraged as you can expose your connections to all and sundry, which increases the likelihood of cyberattacks.

Risks of port forwarding

Using port forwarding with a VPN significantly reduces the chances of getting hacked, but knowing the possible dangers is good. These are some of the hypothetical scenarios where port forwarding can be complicated.

  1. Port forwarding to access a video game. In such a case, users mostly don’t see the need to set a password for convenience, thinking that malicious actors won’t guess their passwords. Unfortunately, although this enables your friends to access the game quickly, so do hackers. Hackers test multiple passwords per second to access devices and attack open protocols like games on internet-connected devices. So, create a strong password and update your device’s operating system regularly to prevent this issue.
  2. Protect your game with a password, but you don’t update the game or your device. Unfortunately, this makes it easy to discover a vulnerability that hackers can exploit to access your computer. The best solution to this problem is to apply security audits on time.
  3. Port forwarding to use a torrenting application. Anonymizing your connections with VPN is a great way to torrent safely, but you can upload data accidentally through your actual IP address. This can put you into trouble if you are downloading copyrighted material. Ensure the appropriate configuration of the VPN software you are using. Don’t assume everything is fine just because you use a VPN or Tor.

How to open ports on a router

The exact port forwarding process will depend on the router model since it involves changing the settings. Nonetheless, the process is pretty similar regardless of the router firmware.

Step 1: Locate your router’s configuration page

It is possible to access every router’s settings through a configuration interface. Apple AirPort routers are the exception, where you will need special software (AirPort Utility) to alter the settings. However, you can change the settings with a website accessed via a unique IP address.

Usually, internal networks use IP addresses in the form of 192.168.X.X or 10. XXX. The subnet 172.16.X.X is less prevalent but still usable. Your router’s configuration page will most likely appear at the first IP address in its range. Therefore, to find the address, first check your computer’s networking settings to see the IP prefix.

Depending on your computer’s operating system, this setting can be in a different place. For example, macOS shows both the router’s IP address and your computer’s internal IP address. Typically, routers will utilize the first IP address in the prefix, no matter the prefix used by your network.

Next, access your router’s IP address in a web browser.


Step 2: Log in

Once you have located the login page, input your credentials to access the router. It is probably still set by default if you haven’t set it up. The RouterPasswords.com site is helpful as it provides a database of routers’ default passwords you can try.


Step 3: Find the port forwarding option

This feature may be hidden in the Advanced menu on some routers. Otherwise, continue perusing the menu if you can’t find it. Also, some routers don’t allow you to alter port forwarding settings directly on the configuration page. So, you will have to find the settings website.


Step 4: Add the port forward

Once you have found the port forwarding option, you can add the port forward. At this point, the screen looks similar on almost every router. But first, you must choose the destination IP address or device hosting the software you want to forward to.

Next, manually input the port or select the common service to forward. The service should work out right if the option is premade. However, you might have to go through trial and error until you find the correct port to forward. In fact, this is the place to add multiple ports or forward a whole range of ports.


Step 5: Test the program

Use a device outside your local network to check whether port forwarding has been successful. Follow the tutorial later in the article on how to test it.


Best port forwarding software today

Most people today use routers instead of modems for security concerns. Moreover, it makes port forwarding even more manageable, so you should choose reliable software. Here are some of the best options for Mac and Windows operating systems.

Simple Port Forwarding

It is one of the best services that allows you to access various web servers without any configuration. In fact, you can create an email account with your company but have several email IDs. In addition, it can assign multiple IPs or hosts to a single email account. Therefore, this software offers a better way to port forward than routers and VPNs.

Pros
  • Effortless to configure
  • Connect to video game servers
  • Private network
Cons
  • Rules for each device

Port Forwarding Wizard

It is a popular software for forwarding data traffic between computers and servers. Usually, it is installed as part of the web server and allows you to create several interfaces to connect to your home server software.

This software application lets you connect to one or more computers through their ports. Also, it lets the computers access the internet like a direct connection. Essentially, each computer with a different port gets a specific IP address.

Pros
  • Command-line tool
  • SSL port forwarding
  • We interface
Cons
  • Customer support only through email

How to do port forwarding on a VPN

The technology is unnecessary if your router doesn’t have an inbuilt NAT firewall, as it won’t block incoming connections. Besides, the VPN’s encryption process will bypass the NAT firewall on your router, so you won’t have to alter the router’s settings.

If the VPN has a NAT firewall, then it should offer port forwarding as a feature. Unfortunately, only a handful of VPN services support port forwarding. Usually, you can set it up in the account settings on the website or the app. Also, note that port forwarding may not be working on specific servers. Our top choice port forwarding VPN is NordVPN.

The port forwarding process on a VPN will depend on the provider, but you can follow the general outline below.

  1. Go to your VPN app or account dashboard to activate port forwarding
  2. Indicate the ports to open on the VPN
  3. Change the listening port to align with the number in the previous step on a program that supports port forwarding, like a torrent client
  4. Deactivate NAT-PMP and UPnP in the program settings

Common issues with port forwarding

Although port forwarding usually works, it can fail sometimes. However, the root problem can be challenging to diagnose, whether the user or the software causes it.

Here are some of the common problems associated with port forwarding.

  • Slow remote connections that render games and remote desktops inoperative 
  • ‘Connection refused’ like port forwarding isn’t active at all
  • The remote desktop software sends frequent invalid password warnings

How to do a port forwarding test

It is crucial to have a credible testing process before you check the cause of any issue. These are some of the hardware and software you will need to test port forwarding.

  • A computer is needed to host the application and port forward.
  • Additional computer to act as the client. It should be installed with the client software for the application you are testing.
  • A secondary internet connection or a smartphone with tethering.

For example, you can use Minecraft to test if port forwarding is working properly

  1. Start the Minecraft server from the server machine and confirm it is running on the selected port. 
  2. Connect the client machine to the secondary internet connection or your smartphone. The connection should have multiple external IP addresses. 
  3. Launch Minecraft on your client’s machine and connect to the first external IP or Port on the computer. 
  4. Authenticate that the connection is working and the game is loading. The speed is a minor concern because it can’t be any faster even if you have done everything correctly.

Troubleshooting connection refused errors

Here are some troubleshooting tips if connection refusal persists

  • Ensure that you are using the correct IP address. The device you want to connect to will show you your external IP address.
  • Try to forward in a different port. Services such as VNC use many ports, so you may have to try forwarding on multiple ports.
  • Change the firewall settings. For example, allow external connections if the computer acting as the server has a firewall.

Port forwarding and your internet connection speed

What is Port Forwarding, and How Safe is It to Use in 2023

Sometimes, it is challenging to fix connection slowness. Also, remember that port forwarding does not affect the internet speed. Many things, like a high-bandwidth game, can slow down your connection when using port forwarding. However, the port forwarding setup has nothing to do with it.

A solution to the invalid password warnings 

Many remote desktop software will caution you if there is an attempted login with an invalid password. The problem is that you might receive many of these as many internet-enabled devices receive dozens of attempted hacks per minute.

One of the easiest and most effective ways to reduce the number of invalid login attempts is to use a non-standard port. Although this method does not improve your security, it offers basic privacy.

Head over to your router’s control panel and increase the external port number (below 65,535). If the port isn’t shared with other applications, the connection attempt notifications should be fewer.

This approach does not make up for a weak password, but it will be useful if you face excessive invalid connections.

The difference between port triggering and port forwarding

Port triggering serves a similar function as port forwarding but works differently. For example, it handles traffic dynamically rather than forwarding it to a particular port always.

Here is how port triggering works:

  • An internal network computer connects to an external server on a particular port.
  • When it sees this connection, the router will trigger a port forwarding rule in the internal computer. 
  • Then, the traffic that matches the forwarding rule will be forwarded to the internal computer.

Port triggering is a solution if two machines on the local network require a similar external-facing port.

Dynamic vs. static port forwarding

The main difference is that static ports remain the same, while dynamic ports change with each connection. Therefore, static ports are more convenient if you are forwarding ports on a router. In addition, it eliminates the hassle of changing the port settings every time you start a connection. Fortunately, some VPNs allow you to open a static port that stays the same.

On the other hand, dynamic port forwarding is easier to implement, and that’s why it is popular. In addition, it allows providers to recycle and reassign unused ports. However, it may not apply to some instances, such as torrenting and remote desktop access.

What is UPnP

Did you know that you may have used port forwarding even without knowing? How? Your device may have Universal Plug and Play (UPnP) that lets apps open and close ports on your router.

This might be convenient, but it brings forth certain security issues. The problem is that it identifies every device on your local network as trustworthy. So, if malware wants to establish a direct connection with a remote hacker, UPnP will allow it. Without UPnP, opening such a connection might be difficult.

Furthermore, old routers or those with poor UPnP implementations are vulnerable to various UPnP exploits. Some vulnerabilities can open all of your router’s ports or even change the DNS on your server.

FAQs

Indeed, it can have a positive impact depending on the game you are playing. It can stabilize your connection or even increase the speed. On the other hand, some games increase the loading time. However, its effectiveness should be looked at in a case-by-case scenario.

It reroutes inbound and outbound traffic through specific ports. The setup can sometimes take advantage of ports that usually remain closed. However, it doesn’t slow down your internet speeds.

Port forwarding provides a straightforward way for devices to connect and has nothing to do with the lag. So, if you are getting lags, it may be caused by the hosting server. Opening specific ports doesn’t improve it.

Yes, it can. Since port forwarding acts as a mail sorter, it helps to reduce the time spent at the sorting stage. Setting up your router to direct traffic to specific ports can improve your speed by milliseconds and even reduce the download time.

Although situations may differ, we urge you to opt for a VPN. The few benefits of port forwarding can’t match the risk of using the internet without sufficient encryption. However, a reliable and trustworthy VPN like NordVPN can provide high security and privacy. In fact, it can even help you improve your speed if your ISP is throttling your bandwidth.

Share this article

About the Author

Abeerah Hashim

Abeerah Hashim

Security Expert
174 Posts

Abeerah is a passionate technology blogger and cybersecurity enthusiast. She yearns to know everything about the latest technology developments. Specifically, she’s crazy about the three C’s; computing, cybersecurity, and communication. When she is not writing, she’s reading about the tech world.

More from Abeerah Hashim

Comments

No comments.