Port Forwarding

From DD-WRT Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 11:28, 17 May 2005 (edit)
Sveasoft (Talk | contribs)
m (External Resources)
← Previous diff
Revision as of 01:29, 18 May 2005 (edit) (undo)
Sveasoft (Talk | contribs)

Next diff →
Line 1: Line 1:
-This Wiki page is not complete.+==Introduction (for beginners)==
 +====A Primer on Ports and IP Addresses====
 +The internet works using two main address units: the IP Address and the port. When your computer makes a call on the internet--trying to load www.dd-wrt.com for example--it starts by asking the IP address of www.dd-wrt.com for the webpage. However, it can't just ask dd-wrt.com's IP address for the webpage files--that would be like leaving off the apartment number when mailing someone. It needs to ask dd-wrt.com's IP address on port 80--the universal webpage port. Your computer instructs the response to be sent back to your IP address on some port that you opened to recieve that data. By using ports, your computer can keep track of which stream of data belongs to what.
-For the time being:+For example, when requesting a webpage with some text and 1 image, your web browser might ask that the main text content be sent back to it on port 10345 and the image be sent back on 10548. It might also be recieving instant messages on other ports and e-mails on yet other ports. The ports here don't matter because your computer just makes them up on the fly. What does matter are server ports. A web server doesn't announce that it's waiting for webpage requests on port 80, that's just known. It's a standard. In fact, all of the ports from 1-1024 are set asside for such standardization.
-==Port Forwarding using the Webinterface==+On the internet there are two types of addresses: public IP addresses and private IP addresses. Public IP addresses are those addresses that are routable on the internet. These consist of the bulk of all IP addresses. Addresses that begin with 10.x.y.z or 192.168.x.y (where x, y, and z can be anything 0-255) are strictly private addresses and cannot exist on the internet. Additionally, 127.x.y.z is set asside as the local loop back address and, depending on your computer, 127.x.y.z will reach your own system. On most computers this is limited to 127.0.0.1, but that needn't be so.
-==== Port Range Forward ====+
-options are found under the "Applications and Gameing" tab "Port Range Forward" subtab. This is the most common port forwarding and always forwards ports to the same machine (LAN IP) on the network.+
 +There are only 2^32 ''possible'' IP addresses, and worldwide there are many more than 2^32 devices (computers, printers, scanners, etc) that would like to have internet IP addresses. Private Addresses and, more specifically, NAT were setup to solve the problem of a limited number of IP addresses. The new IP Protocol specification, IPv6 intends to solve this problem by increasing the number of addresses.
-====Triggered Port Forwarding====+====A Primer on Network Address Translation====
-Triggered Port Forwarding is '''not''' the same as Port Range Forwarding, and works by forwarding requests to a range of ports to the machine that first connected to a remote host on the trigger port. For example, this could be used to forward the File Transfer ports that AIM uses to any computer that connects to the AIM servers without requiring a hard coded rule.+Network Address Translation (NAT) works by making an entire network of privately addressed devices appear as just 1 device on the internet. NAT is usually done inside of a router, like the WRT54G, but can also be done on a computer running Linux, MAC OS, or Windows provided you have more than 1 network adapter.
-==Port Forwarding using uPNP==+When a computer behind a NAT device makes a call to the internet, it sends it's packet to the NAT device just as though it were going to send it directly to it's destination. To the privately addressed device, the NAT device appears to be any ordinary router.
-Windows users (and others?) can use uPNP to configure port forwarding. This can be a little more convienient. uPNP also allows supporting programs to automatically configure port forwarding for you when they need it.+
-==External Resources==+When the NAT device recieves a packet destined for the internet, it reconstructs the packet taking not of the origional sender IP and Port and then resends that packet as though it were making the request. When the information comes back, it sends it back to the origional device as though it had come from the computer on the internet.
-[http://www.portforward.com http://www.portforward.com]+
-'''You are here: ''' '''[[Main Page]]'''/'''[[DD-WRT Doku (EN)]]'''/'''[[Port Forwarding]]'''+Example:
 +<pre>
 + ___ ___
 + __\ /____/ \ Broadband | WRT54G |
 + www.dd-wrt.com------/(The Internet)\-----Connection----|WAN 64.125.x.y |
 + (207.234.129.65:80) \__/\__/\______/ |LAN 192.168.1.1|-----Computer A
 + (Cloud) ;) 192.168.1.100
 + 
 +1. Computer A tries to connect to www.dd-wrt.com, it sends a packet like:
 + To=207.234.129.65:80 From=192.168.1.100:16848 Get index.html
 + 
 +2. The WRT54G intercepts this packet and sends the following:
 + To=207.234.129.65:80 From=64.125.15.256:15846
 + and makes a note:
 + Anything recieved on port 15846 goes to 192.168.1.100 on port 16848
 + 
 +3. www.dd-wrt.com responds with
 + To=64.125.15.256:15846 From=207.234.129.65:80 <Contents of Index.html>
 + 
 +4. The WRT54G sees the information is addressed to 15846, so it sends:
 + To=192.168.1.100:16848 From=207.234.129.65:80 <Contents of Index.html>
 + 
 +In this way neither www.dd-wrt.com nor Computer A knew that they weren't talking directly to each other.
 + (all ports except 80 were completely made up and were simply for illustration<br>
 + 64.125.15.256 is an invalid ip address on purpose)
 +</pre>
 + 
 +====Primer on Port Forwarding====
 +In the example above, during step 2 the WRT54G makes a note that all information recieved on port whatever should be relayed to a certain IP address on a certain port. This is essentially port forwarding, but this happens automatically.
 + 
 +Port Forwarding is generally considered when you manually define a rule in the router to send all data recieved on some range of ports on the internet side (WAN Jack) to a ort and IP address on the LAN side (LAN Jacks or Wireless Antennas).
 + 
 +You will need to do this whenever your computer opens a port to recieve connections without first connecting to a machine on the internet. This happens if your running a Webserver (80), FTP Server (21), SSH Server(22) etc on one of your local computers that you would like to be visible on the internet. Many games and instant messaging clients also open ports without trying to connect out first, and these ports may need to be specifically defined as well.

Revision as of 01:29, 18 May 2005

Contents

Introduction (for beginners)

A Primer on Ports and IP Addresses

The internet works using two main address units: the IP Address and the port. When your computer makes a call on the internet--trying to load www.dd-wrt.com for example--it starts by asking the IP address of www.dd-wrt.com for the webpage. However, it can't just ask dd-wrt.com's IP address for the webpage files--that would be like leaving off the apartment number when mailing someone. It needs to ask dd-wrt.com's IP address on port 80--the universal webpage port. Your computer instructs the response to be sent back to your IP address on some port that you opened to recieve that data. By using ports, your computer can keep track of which stream of data belongs to what.

For example, when requesting a webpage with some text and 1 image, your web browser might ask that the main text content be sent back to it on port 10345 and the image be sent back on 10548. It might also be recieving instant messages on other ports and e-mails on yet other ports. The ports here don't matter because your computer just makes them up on the fly. What does matter are server ports. A web server doesn't announce that it's waiting for webpage requests on port 80, that's just known. It's a standard. In fact, all of the ports from 1-1024 are set asside for such standardization.

On the internet there are two types of addresses: public IP addresses and private IP addresses. Public IP addresses are those addresses that are routable on the internet. These consist of the bulk of all IP addresses. Addresses that begin with 10.x.y.z or 192.168.x.y (where x, y, and z can be anything 0-255) are strictly private addresses and cannot exist on the internet. Additionally, 127.x.y.z is set asside as the local loop back address and, depending on your computer, 127.x.y.z will reach your own system. On most computers this is limited to 127.0.0.1, but that needn't be so.

There are only 2^32 possible IP addresses, and worldwide there are many more than 2^32 devices (computers, printers, scanners, etc) that would like to have internet IP addresses. Private Addresses and, more specifically, NAT were setup to solve the problem of a limited number of IP addresses. The new IP Protocol specification, IPv6 intends to solve this problem by increasing the number of addresses.

A Primer on Network Address Translation

Network Address Translation (NAT) works by making an entire network of privately addressed devices appear as just 1 device on the internet. NAT is usually done inside of a router, like the WRT54G, but can also be done on a computer running Linux, MAC OS, or Windows provided you have more than 1 network adapter.

When a computer behind a NAT device makes a call to the internet, it sends it's packet to the NAT device just as though it were going to send it directly to it's destination. To the privately addressed device, the NAT device appears to be any ordinary router.

When the NAT device recieves a packet destined for the internet, it reconstructs the packet taking not of the origional sender IP and Port and then resends that packet as though it were making the request. When the information comes back, it sends it back to the origional device as though it had come from the computer on the internet.

Example:

                            ___     ___
                          __\ /____/   \      Broadband     |    WRT54G     |
     www.dd-wrt.com------/(The Internet)\-----Connection----|WAN 64.125.x.y |
   (207.234.129.65:80)   \__/\__/\______/                   |LAN 192.168.1.1|-----Computer A
                              (Cloud) ;)                                         192.168.1.100

1. Computer A tries to connect to www.dd-wrt.com, it sends a packet like:
     To=207.234.129.65:80 From=192.168.1.100:16848 Get index.html

2. The WRT54G intercepts this packet and sends the following:
     To=207.234.129.65:80 From=64.125.15.256:15846
  and makes a note:
  Anything recieved on port 15846 goes to 192.168.1.100 on port 16848

3. www.dd-wrt.com responds with
    To=64.125.15.256:15846 From=207.234.129.65:80 <Contents of Index.html>

4. The WRT54G sees the information is addressed to 15846, so it sends:
    To=192.168.1.100:16848 From=207.234.129.65:80 <Contents of Index.html>

In this way neither www.dd-wrt.com nor Computer A knew that they weren't talking directly to each other.
  (all ports except 80 were completely made up and were simply for illustration<br>
   64.125.15.256 is an invalid ip address on purpose)

Primer on Port Forwarding

In the example above, during step 2 the WRT54G makes a note that all information recieved on port whatever should be relayed to a certain IP address on a certain port. This is essentially port forwarding, but this happens automatically.

Port Forwarding is generally considered when you manually define a rule in the router to send all data recieved on some range of ports on the internet side (WAN Jack) to a ort and IP address on the LAN side (LAN Jacks or Wireless Antennas).

You will need to do this whenever your computer opens a port to recieve connections without first connecting to a machine on the internet. This happens if your running a Webserver (80), FTP Server (21), SSH Server(22) etc on one of your local computers that you would like to be visible on the internet. Many games and instant messaging clients also open ports without trying to connect out first, and these ports may need to be specifically defined as well.