Monday, March 8, 2010

Port forwarding

There are a couple of concepts you need to know before you can understand port forwarding. I'm going to make a couple broad statements that are almost always true. For simplicity lets assume they are true for now.

1.) Every device on the internet has at least one ip address. The IP address is a number that is used to identify a device. For more information on ip addresses refer to our What is an IP Address page.

2.) Every IP address is divided up into many ports. When one computer sends data to another computer, it sends it from a port on an ip address to a port on an ip address. For more information on ports refer to our What is a Port page.

3.) A port can only be used by one program at a time.

Now that we've got those general concepts out of the way let's talk about NAT. NAT is an acronym for Network Address Translation. NAT takes one ip address and basically breaks it into many ip addresses.

[img]http://www.portforward.com/help/BasicNetwork.jpg[\img]

Here the external ip address is broken into two internal ip addresses. The first ip address "IP Address1" is the gateway. While "IP Address2" is the ip address of the first computer. Take note that the router has two ip addresses. It has the external ip address, and an internal ip address which acts as the gateway for every computer on the network.

[img]http://www.portforward.com/help/NetworkVisibility.jpg[\img]

Excuse my rough drawing. Computers on the internal network can only "see" internal ip addresses. So computers on the internal network can not send data directly to a computer outside of the network. When a computer on the network wants to send data to a computer outside of the network, it sends the data to the gateway. Remember the gateway is the internal ip address of the router. The router then takes this data and sends it out to the computer on the internet. The router sends the data out of the external ip address. The same thing is true of computers on the internet. A computer outside of the network can not "see" a computer inside of the network. They can only "see" and send data to the external ip address of the router. The router must then decide what to do with this data. Lucky for us NAT takes care of most of the work for us. There are some programs that NAT was not designed to work with, those are the programs we need to set up port forwarding for. Okay take a deep breath! We are on to port forwarding.

Now that you understand the general concepts of a network, explaining port forwarding is easy. When a computer on the internet sends data to the external ip address of the router, the router needs to know what to do with the data. Port Forwarding simply tells the router which computer on the local area network to send the data to. When you have port forwarding rules set up, your router takes the data off of the external ip address:port number and sends that data to an internal ip address:port number. Port Forwarding rules are created per port. So a rule set up for port 53 will only work for port 53.

A port can only be used by one program at a time! Think of how this rule interacts with NAT. Well you've only got one external ip address on your router. When computer 1 is using port 500, it is using port 500 on it's internal ip address. If you have set up a port forwarding rule for computer 1 and port 500, the external ip address's port 500 is also in use. This means that you can only use port 500 on one computer on the network at a time. Using port 500 on two computers at the same time would violate the one program rule, and your data would get messed up. Most routers require you to specify an internal ip address to forward ports to, just for this reason. Some do not, so be aware of this. Port Forwarding rules will only work for one computer at a time!

Reference:
http://portforward.com/help/portforwarding.htm

1 comment:

  1. Port forwarding will be killed when ipv6 takes over the internet..NO more NAT devices in IPv6..
    It makes p2p connectivity dream some true...There are already softwares which work over ipv6 for p2p connectivity & u don't need this complex procedure of port forwarding..Freeware like lanoi pro(www.lanoninternet.com) can make ur application work over internet without port forwarding.

    ReplyDelete