Congratulations to anyone who reads this article! It successfully communicates with another server on the Internet using standard open network ports 80 and 443 for web traffic. If those ports are blocked on your server, you will not be able to read this article. Closed ports protect your network (and your server) from hackers.
Our web ports may be open, but they should not be open on your home router because they open a loophole for intruders. However, in some cases, you may need to allow your device to access the Internet using forwarding. For more information about port forwarding, here’s what you need to know:
What is port forward?
Port forwarding in LAN routers is a process that redirects connection attempts from network devices to specific devices on the LAN. This is due to forwarding rules in network routers that match connection attempts to the correct port and IP address of devices on the network.
Your local network may have a public IP address, but every device on your internal network has its own private IP address. Port forwarding connects these external requests to A (public IP address and external port) to B (request port and local IP address of the device on your network).
To illustrate why this is useful, let’s imagine your home network is like a medieval castle. As long as you can see outside your walls, no one can see or breach your defenses – you are safe from attack.
The network is where it is because it has a built-in network firewall. You can access other online services such as websites and game servers, but other Internet users cannot access your device. The drawbridge is ready because the firewall is actively blocking external connections from entering the network.
In some cases, however, this level of protection may not be desirable. If you run a server on your home network (for example using a Raspberry Pi), you will need an external connection.
Port forwarding comes in handy here as it allows us to forward these external requests to specific devices without compromising security.
How to set a port address on your network
If you don’t want to use UPnP and want to set port forwarding manually, you can usually do it through your router’s web management page. If you don’t know how to access it, you can usually find information on the bottom of your router or in your router’s manual.
You can use your router’s default gateway address to connect to your router’s admin page. This is usually 192.168.0.1 or a similar address. Enter this address of your web browser. You will need to verify the username and password supplied with your router (eg admin).
Configuring a static IP address using DHCP reservations
Most LANs use dynamic IP assignment to assign temporary IP addresses to connecting devices. After some time, your IP address will be renewed. These temporary IP addresses can be reused and used elsewhere and can be other local IP addresses assigned to the device.
However, port forwarding requires that the IP addresses used by all local devices remain the same. You can manually assign a static IP address, but most network routers allow you to assign a static IP address to a specific device using a DHCP reservation on the router’s settings page.
Unfortunately, every router manufacturer is different, and the steps shown in the screenshot below (taken using a TP-Link router) may not match your router. If so, you can refer to your router’s documentation for further assistance.
To get started, use a web browser to access the network router’s web management page and authenticate using the router’s administrator username and password. Once connected, go to the DHCP settings area of your router.
You may need to scan local devices that are already connected (to automatically generate the necessary assignment rules) or provide the specific MAC address of the device you want to assign a static IP to. Create a rule with the correct MAC and IP addresses you want to use, then save the entry.
Create a new port forwarding rule
If your device has a static IP address (configured manually or stored in the settings assigned by DHCP), you can proceed to create port forwarding rules. So the terms may vary. For example, some TP-Link routers call this feature a virtual server, while Cisco routers call it by its standard name (port forwarding).
Create a new port forwarding rule from the corresponding menu in the router’s web management page. The rule requires an external port (or range of ports) to connect to external users. This port is associated with a public IP address (e.g. port 80 for public IP 80.80.30.10).
You also need to decide which internal port to forward traffic from the external port to. This can be the same port or a different port (to hide the destination of the traffic). You will need to provide the static IP address of the local machine (e.g. 192.168.0.10) and the port protocol to use (e.g. TCP or UDP).
Depending on your router, you can select the type of service that automatically fills in the required configuration data (such as HTTP for port 80 or HTTPS for port 443). After configuring the rules, save them to apply the changes.
Home network security
Every port you open adds another hole beyond your router’s firewall for port scanners to find and exploit. If you need to open ports for specific apps or services, you should limit them to single ports rather than large ranges of ports that can be hacked.
If you are concerned about your home network, you can add a third-party firewall to increase network security. This can be a software firewall installed on your PC or Mac or a 24/7 hardware firewall like Firewalla Gold connected to your network router to protect all your devices at once.
