What is port forwarding, how safe is it to use today?
Most people view networking as a complicated knowledge space. The state of confusion is made even worse by the sheer volume of acronyms. Frankly, it is not a simple topic to understand, and there is so much involved that it will require decades of study and experience. But understanding port forwarding is not that complicated either.
In this article, we present you with a more straightforward way to understand the basics of the concept. Particularly, we will look at what port forwarding is, how it works, and is it safe to use. We’ll also uncover if there are any risks involved. Read on for these answers and much more.
What is port forwarding and does it work?
Port forwarding enables incoming internet connections to get to specific programs and devices on a private network. Keep in mind that the private network can comprise devices connected to a router or users to a VPN.
If a computer tries to connect to your device when the NAT firewall is active, the connection is jammed or discarded. However, port forwarding lets unsolicited connections pass through the NAT firewall on particular ports. As a result, devices on the internet can launch connections and access any service. For instance, other users on a P2P network can download a file from your device.
To fully comprehend how port forwarding works, you must first understand what a NAT firewall is. Both routers and VPNs have it. Also, each device connected to a VPN server or router uses the same public IP address but is assigned a unique private IP address.
Network Address Translation (NAT) is what enables multiple devices to share a single IP address. See, incoming connections have to go to the VPN server or router through the public IP address. Then, the connections are forwarded to individual devices in relation to their private IP addresses or port number.
On the other hand, outgoing requests are attached to a specific port number. Usually, the number is included when they receive a response, indicating the device where the data will be sent. However, if you get an unsolicited connection request without a port number, it will be discarded. This is how NAT blocks malicious requests, thereby creating an effective firewall.
Nonetheless, you may need to allow unsolicited connections in some situations. Port forwarding lets you create a passage through the NAT firewall to permit inbound connections containing the specified port. Then, these connections will be forwarded to the device you have specified in your setup.
What is port forwarding used for?
As you can see above, the port forwarding concept may seem like a purview reserved for professional developers and programmers. However, although these people heavily use port forwarding, it also comes in handy for the average computer user.
Below are some of the common uses of port forwarding:
- Allowing file transfers from your computer to third parties
- Hosting game servers for multiplayer games available outside your home network
- Operating a publicly-accessible website from your local computer
- Running remote desktop protocols to access your computer from anywhere
- Hosting your own VPN server so you can access your home network remotely
- Using torrent applications to download files quickly
Although most of these tasks can be accomplished without port forwarding, it provides an easy solution.
Is it safe to forward ports?
Generally, port forwarding allows people outside your network to access your computer. As we mentioned earlier, NAT is the technology that enables several devices to share a single IP address. In addition, it safeguards your devices from external attacks.
Note: Disabling NAT with port forwarding opens up your device to direct internet connections. Also, anyone from anywhere can access your computer if you port forward a remote desktop connection to the internet, which can be risky.
Is it possible to get hacked with port forwarding? Unfortunately, yes, but is it not likely if you take necessary computer security measures.
More importantly, using port forwarding responsibly requires diligence and care. Use the following general tips to stay safe when using port forwarding:
- Update your devices regularly. This will help your operating system to discover and fix bugs promptly. Otherwise, there might be a vulnerability that a hacker might take advantage of and access your computer.
- Use a strong password. When running a remote access connection, the password you use will determine your computer’s security level. Unfortunately, hackers are running numerous passwords per second, trying to access every device connected to the internet. The best way to eliminate this weakness is by using a strong password or key-based authentication.
- Avoid exposing more than you need. After understanding how port forwarding works, you may want to use it on every device or service. This is highly discouraged as you can expose your connections to all and sundry, which increases the likelihood of cyberattacks.
Risks of port forwarding
Using port forwarding with a VPN significantly reduces the chances of getting hacked, but it’s good to know the possible dangers. These are some of the hypothetical scenarios where port forwarding can be complicated.
- Port forwarding to access a video game. In such a case, users mostly don’t see the need to set a password for convenience, thinking that malicious actors won’t guess their passwords. Unfortunately, although this enables your friends to access the game quickly, so do hackers. As hackers test multiple passwords per second to access devices, they also attack open protocols like games on internet-connected devices. So, create a strong password and update your device’s operating system regularly to prevent this issue.
- Protect your game with a password, but you don’t update the game or your device. Unfortunately, this makes it easy to discover a vulnerability that hackers can exploit to access your computer. The best solution to this problem is to apply security audits on time.
- Port forwarding to use a torrenting application. Anonymizing your connections with VPN is a great way to torrent safely, but you can upload data accidentally through your actual IP address. This can put you into trouble if you are downloading copyrighted material. Ensure the VPN software you are using is appropriately configured. Don’t assume that everything is fine just because you are using a VPN or Tor.
How to open ports on a router
The exact port forwarding process will depend on the router model since it involves changing the settings. Nonetheless, the process is pretty similar regardless of the router firmware.
Step 1: Locate your router’s configuration page
It is possible to access every routers’ settings through a configuration interface. Apple AirPort routers are the exception, where you will need special software (AirPort Utility) to alter the settings. However, you can make changes in the settings with a website accessed via a unique IP address.
Usually, internal networks use IP addresses in the form of 192.168.X.X or 10. XXX. The subnet 172.16.X.X is less prevalent but still usable. Most likely, your router’s configuration page will appear at the first IP address in its range. Therefore, to find the address, first, check your computer’s networking settings to see the IP prefix.
This setting can be in a different place depending on your computer’s operating system. For example, macOS shows both the router’s IP address and your computer’s internal IP address. Typically, routers will utilize the first IP address in the prefix, no matter the prefix used by your network.
Next, access your router’s IP address in a web browser.
Step 2: Log in
Once you have located the login page, input your credentials to access the router. If you haven’t set it up, it is probably still set on default. The RouterPasswords.com site is helpful as it provides a database of routers’ default passwords you can try.
Step 3: Find the port forwarding option
This feature may be hidden in the Advanced menu on some routers. Otherwise, continue perusing through the menu if you can’t find it. Also, some routers don’t allow you to alter port forwarding settings directly on the configuration page. So, you will have to find the settings website.
Step 4: Add the port forward
Once you have found the port forwarding option, you can add the port forward. At this point, the screen looks similar on almost every router. But, first, you have to choose the destination IP address or device hosting the software you want to forward to.
Next, manually input the port or select the common service to forward. The service should work out right if the option is premade. However, you might have to go through trial and error until you find the correct port to forward. In fact, this is the place to add multiple ports or forward a whole range of ports.
Step 5: Test the program
Use a device outside your local network to check whether port forwarding has been successful. Follow the tutorial later in the article on how to test port forwarding.
Best port forwarding software today
Most people today use routers instead of modems for security concerns. Moreover, it makes port forwarding even more manageable, which is why you should choose a reliable software. Here are some of the best options for Mac and Windows operating systems.
Simple Port Forwarding
Simple Port Forwarding is one of the best services that allows you to access various web servers without any configuration. In fact, you can create an email account with your company but have several email IDs. In addition, it can assign multiple IPs or hosts to a single email account. Therefore, this software offers a better way to do port forwarding than with routers and VPNs.
- Effortless to configure
- Connect to video game servers
- Private network
- Rules for each device
Port Forwarding Wizard
Port Forwarding Wizard is a popular software for forwarding data traffic between computers and servers. Usually, it is installed as part of the webserver and allows you to create several interfaces to connect to your home server software.
This software application enables you to connect to one or more computers through their ports. Also, it lets the computers access the internet like they were connected directly. Essentially, each computer with a different port is allocated a specific IP address.
- Command-line tool
- SSL port forwarding
- We interface
- Customer support only through email
How to do port forwarding on a VPN
There is no need for port forwarding if your router doesn’t have an inbuilt NAT firewall, as it won’t block incoming connections. Besides, the VPN’s encryption process will bypass the NAT firewall on your router, so you won’t have to alter the router’s settings.
If the VPN has a NAT firewall, then it should offer port forwarding as a feature. Unfortunately, there are only a handful of VPN services that support port forwarding. Usually, you can set it up in the account settings on the website or the app. Also, note that port forwarding may not be working on specific servers. Our top choice port forwarding VPN is NordVPN.
The port forwarding process on a VPN will depend on the provider, but you can follow the general outline below.
- Go to your VPN app or account dashboard to activate port forwarding
- Indicate the ports to open on the VPN
- Change the listening port to align with the number in the previous step on a program that supports port forwarding like a torrent client
- Deactivate NAT-PMP and UPnP in the program settings
Common issues with port forwarding
Although port forwarding usually works, it can fail sometimes. However, the root problem can be challenging to diagnose, whether the user or the software causes it.
Here are some of the common problems associated with port forwarding
- Slow remote connections that render games and remote desktops inoperative
- ‘Connection refused’ like port forwarding isn’t active at all
- The remote desktop software sends frequent invalid password warnings
How to do port forwarding test
It is crucial to have a credible testing process before you check the cause of any issue. These are some of the hardware and software you will need to test port forwarding.
- A computer to host the application to port forward
- Additional computer to act as the client. It should be installed with the client software for the application you are testing
- A secondary internet connection or a smartphone with tethering
For example, you can use Minecraft to test if port forwarding is working properly
- Start the Minecraft server from the server machine and confirm that it is running on the selected port.
- Connect the client machine to the secondary internet connection or your smartphone. The connection should have multiple external IP addresses.
- Launch Minecraft on your client’s machine and connect to the first external IP or Port on the computer.
- Authenticate that the connection is working and the game is loading. The speed is a minor concern because it can’t be any faster even if you have done everything correctly.
Troubleshooting connection refused errors
Here are some troubleshooting tips if connection refusal persists
- Ensure that you are using the correct IP address. The device you want to connect to will show you your external IP address.
- Try to forward in a different port. Services such as VNC use many ports, so you may have to try forwarding on multiple ports.
- Change the firewall settings. For example, allow external connections if the computer acting as the server has a firewall.
Port forwarding and your internet connection speed
Sometimes it is challenging to fix connection slowness. Also, keep in mind that port forwarding does not affect the internet speed. Many things can slow down your connection when using port forwarding, like a high-bandwidth game. However, the port forwarding setup has nothing to do with it.
A solution to the invalid password warnings
Many remote desktop software will caution you if there is an attempted login with an invalid password. The problem is that you might receive many of these as many internet-enabled devices receives dozens of attempted hacks per minute.
One of the easiest and most effective ways to reduce the number of invalid login attempts is to use a non-standard port. Although this method does not improve your security, it offers basic privacy.
Head over to your router’s control panel and increase the external port number (below 65,535). If the port isn’t shared with other applications, the connection attempts notifications should be fewer.
This approach does not make up for a weak password, but it will come in handy if you face excessive invalid connections.
The difference between port triggering and port forwarding
Port triggering serves a similar function as port forwarding but works differently. For example, it handles traffic dynamically rather than forwarding it to a particular port always.
Here is how port triggering works:
- An internal network computer connects to an external server on a particular port.
- The router will trigger a port forwarding rule in the internal computer when it sees this connection.
- Then, the traffic that matches the forwarding rule will be forwarded to the internal computer.
Port triggering is a solution if two machines on the local network require a similar external-facing port.
Dynamic vs. static port forwarding
The main difference is that static ports remain the same while dynamic ports change with each connection. Therefore, static ports are more convenient if you are doing port forwarding on a router. In addition, it eliminates the hassle of changing the port settings every time you start a connection. Fortunately, some VPNs allow you to open a static port that stays the same.
On the other hand, dynamic port forwarding is easier to implement, and that’s why it is popular. In addition, it allows providers to recycle and reassign unused ports. However, it may not be applicable for some instances, such as torrenting and remote desktop access.
What is UPnP
Did you know that you may have used port forwarding even without knowing? How? Your device may have Universal Plug and Play (UPnP) that lets apps open and close ports on your router.
This might be convenient but brings forth certain security issues. The problem is that it identifies every device on your local network is trustworthy. So, if malware wants to establish a direct connection with a remote hacker, UPnP will allow it. Without UPnP, opening such a connection might be difficult.
Furthermore, old routers or those with poor UPnP implementations are susceptible to various UPnP exploits. Some vulnerabilities can open all of your router’s ports or even change DNS on your server.
Port forwarding allows you to intercept data traffic headed for a particular computer’s IP/port and reroute it to a different IP or port. Usually, the destination computer (host) has a program that facilitates the redirection. Also, you can use an intermediate hardware device like a router, firewall, or proxy server. The technology can be helpful for various purposes, such as accessing a remote desktop or playing online games. However, it has some security issues but can be generally managed.
Port forwarding frequently asked questions (FAQs)
About the author
Abeerah is a passionate technology blogger and cybersecurity enthusiast. She yearns to know everything about the latest technology developments. Specifically, she’s crazy about the three C’s; computing, cybersecurity, and communication. When she is not writing, she’s reading about the tech world.