Port Forwarding

From DD-WRT Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 02:36, 18 May 2005 (edit)
Sveasoft (Talk | contribs)
(Port Range Forward)
← Previous diff
Revision as of 02:56, 18 May 2005 (edit) (undo)
Sveasoft (Talk | contribs)
(Triggered Port Forwarding)
Next diff →
Line 72: Line 72:
====Triggered Port Forwarding==== ====Triggered Port Forwarding====
-Triggered Port Forwarding is '''not''' the same as Port Range Forwarding, and works by forwarding requests to a range of ports to the machine that '''first connected to a remote host on the trigger port'''. For example, this could be used to forward the File Transfer ports that AIM uses to any computer that connects to the AIM servers without requiring a hard coded rule.+Triggered Port Forwarding is '''not''' the same as Port Range Forwarding, and works by forwarding requests to a range of ports to the machine that '''first connected to a remote host on the trigger port'''. Port triggering is nice because it's semi-automatic and doesn't care about static IP addresses. For example, this could be used to forward the File Transfer ports that AIM uses to ''any'' computer that connects to the AIM servers, just just the computer you hard code.
 + 
 +-Browse to the web interface <nowiki>(http://&lt;RouterLanIP&gt;)</nowiki><br>
 +-Click on the "Applications and Gameing" tab<br>
 +-Click on the "Port Triggering" subtab. <br>
 +-Enter any '''Application''' name you'd like. This if for you and makes no difference<br>
 +-Enter the '''Start''' and '''End''' ports in the range that needs to be triggered. If you just want 1 trigger port, set them equal.<br>
 +-Enter the '''Start''' and '''End''' ports in the range you'd like to forward. If you're just forwarding 1 port, set them both equal.<br>
 +As soon as a local computer connects to a remote server on the trigger port, the port range will be forwarded to that local computer.
 +<div style="height: 180px; padding: 1em; border: 1px dashed #2f6fab; color: Black; background-color: #f9f9f9;line-height: 1.1em; line-height: 1.5em;">Ex: <br>
 +<div style="float: left;margin-right: 0.5em; margin-left: 0.5em; vertical-align: middle">[[Image:TriggeredPortForward.jpg|Image Showing Triggered Port Forwarding for a AIM file transfers]]
 +</div> When a local computer connects to any remote IP address with the remote port 5190 then the ports 4117-4443 will be forwarded to that computer. Since the AIM servers listen for connections on 5190, this means that as soon as a computer connects to the AIM servers, the ports AIM uses for file transfers will be opened on the router and forwarded to that computer automatically. No need for static IP. Nice.</div>
===Port Forwarding using uPNP=== ===Port Forwarding using uPNP===

Revision as of 02:56, 18 May 2005

Contents

Introduction (for beginners)

A Primer on Ports and IP Addresses

The internet works using two main address units: the IP Address and the port. When your computer makes a call on the internet--trying to load www.dd-wrt.com for example--it starts by asking the IP address of www.dd-wrt.com for the webpage. However, it can't just ask dd-wrt.com's IP address for the webpage files--that would be like leaving off the apartment number when mailing someone. It needs to ask dd-wrt.com's IP address on port 80--the universal webpage port. Your computer instructs the response to be sent back to your IP address on some port that you opened to recieve that data. By using ports, your computer can keep track of which stream of data belongs to what.

For example, when requesting a webpage with some text and 1 image, your web browser might ask that the main text content be sent back to it on port 10345 and the image be sent back on 10548. It might also be recieving instant messages on other ports and e-mails on yet other ports. The ports here don't matter because your computer just makes them up on the fly. What does matter are server ports. A web server doesn't announce that it's waiting for webpage requests on port 80, that's just known. It's a standard. In fact, all of the ports from 1-1024 are set asside for such standardization.

On the internet there are two types of addresses: public IP addresses and private IP addresses. Public IP addresses are those addresses that are routable on the internet. These consist of the bulk of all IP addresses. Addresses that begin with 10.x.y.z or 192.168.x.y (where x, y, and z can be anything 0-255) are strictly private addresses and cannot exist on the internet. Additionally, 127.x.y.z is set asside as the local loop back address and, depending on your computer, 127.x.y.z will reach your own system. On most computers this is limited to 127.0.0.1, but that needn't be so.

There are only 2^32 possible IP addresses, and worldwide there are many more than 2^32 devices (computers, printers, scanners, etc) that would like to have internet IP addresses. Private Addresses and, more specifically, NAT were setup to solve the problem of a limited number of IP addresses. The new IP Protocol specification, IPv6 intends to solve this problem by increasing the number of addresses.

A Primer on Network Address Translation

Network Address Translation (NAT) works by making an entire network of privately addressed devices appear as just 1 device on the internet. NAT is usually done inside of a router, like the WRT54G, but can also be done on a computer running Linux, MAC OS, or Windows provided you have more than 1 network adapter.

When a computer behind a NAT device makes a call to the internet, it sends it's packet to the NAT device just as though it were going to send it directly to it's destination. To the privately addressed device, the NAT device appears to be any ordinary router.

When the NAT device recieves a packet destined for the internet, it reconstructs the packet taking not of the origional sender IP and Port and then resends that packet as though it were making the request. When the information comes back, it sends it back to the origional device as though it had come from the computer on the internet.

Example:

                            ___     ___
                          __\ /____/   \      Broadband     |    WRT54G     |
     www.dd-wrt.com------/(The Internet)\-----Connection----|WAN 64.125.x.y |
   (207.234.129.65:80)   \__/\__/\______/                   |LAN 192.168.1.1|-----Computer A
                              (Cloud) ;)                                         192.168.1.100

1. Computer A tries to connect to www.dd-wrt.com, it sends a packet like:
     To=207.234.129.65:80 From=192.168.1.100:16848 Get index.html

2. The WRT54G intercepts this packet and sends the following:
     To=207.234.129.65:80 From=64.125.15.256:15846
  and makes a note:
  Anything recieved on port 15846 goes to 192.168.1.100 on port 16848

3. www.dd-wrt.com responds with
    To=64.125.15.256:15846 From=207.234.129.65:80 <Contents of Index.html>

4. The WRT54G sees the information is addressed to 15846, so it sends:
    To=192.168.1.100:16848 From=207.234.129.65:80 <Contents of Index.html>

In this way neither www.dd-wrt.com nor Computer A knew that they weren't talking directly to each other.
  (all ports except 80 were completely made up and were simply for illustration<br>
   64.125.15.256 is an invalid ip address on purpose)

Primer on Port Forwarding

In the example above, during step 2 the WRT54G makes a note that all information recieved on port whatever should be relayed to a certain IP address on a certain port. This is essentially port forwarding, but this happens automatically.

Port Forwarding is generally considered when you manually define a rule in the router to send all data recieved on some range of ports on the internet side (WAN Jack) to a ort and IP address on the LAN side (LAN Jacks or Wireless Antennas).

You will need to do this whenever your computer opens a port to recieve connections without first connecting to a machine on the internet. This happens if your running a Webserver (80), FTP Server (21), SSH Server(22) etc on one of your local computers that you would like to be visible on the internet. Many games and instant messaging clients also open ports without trying to connect out first, and these ports may need to be specifically defined as well.

Port Mapping

Many routers allow a concept known as port mapping. This allows one to forward 1 port from the WAN address to a different port on some LAN address. This is useful if your ISP blocks port 80, but you would like to run a webserver. Just send people to http://<youripaddress>:<external_port> rather than http://<youripaddress>. Your webserver on your home computer will be working on port 80, but the router maps a different external port to it. Linksys routers does not allow this via the web interface, but perhaps a custom firmware will eventually add it. In order to setup port mapping, we must do so from the console.

Configuring Port Forwarding

It's a good idea to set static IP addresses for any computers you would like to forward ports to. This can be done using Static DHCP or by manually configuring IPs in your OS. Be sure to set your static IPs outside of your automatic (DHCP) address range. This range is 192.168.1.100-192.168.1.149 by default.

Port Forwarding using the Webinterface

Port Range Forward

This is the most common port forwarding and always forwards ports to the same machine (LAN IP) on the network. -Browse to the web interface (http://<RouterLanIP>)
-Click on the "Applications and Gameing" tab
-Click on the "Port Range Forward" subtab.
-Enter any Application name you'd like. This if for you and makes no difference
-Enter the Start port in the range you'd like to forward
-Enter the End port in the range you'd like to forward. If you're just forwarding 1 port, set them both equal.
-Enter the Local IP Address of the machine you'd like to forward the port to
If the computer your forwarding to is configured by for automatic IP address by DHCP, you will periodically have to update the last field to reflect the machine's current Local IP Address.

Ex:
Image Showing Portforwarding for a web server and a bittorrent client with a local IP address of 192.168.1.2
Here you can see that connecting to <WAN_IP_Address>:80 will bring you to the webserver on 192.168.1.2 and connecting to any port between 6881 and 6889 on <WAN_IP_Address> will bring you to the bittorrent client on 192.168.1.2

Triggered Port Forwarding

Triggered Port Forwarding is not the same as Port Range Forwarding, and works by forwarding requests to a range of ports to the machine that first connected to a remote host on the trigger port. Port triggering is nice because it's semi-automatic and doesn't care about static IP addresses. For example, this could be used to forward the File Transfer ports that AIM uses to any computer that connects to the AIM servers, just just the computer you hard code.

-Browse to the web interface (http://<RouterLanIP>)
-Click on the "Applications and Gameing" tab
-Click on the "Port Triggering" subtab.
-Enter any Application name you'd like. This if for you and makes no difference
-Enter the Start and End ports in the range that needs to be triggered. If you just want 1 trigger port, set them equal.
-Enter the Start and End ports in the range you'd like to forward. If you're just forwarding 1 port, set them both equal.
As soon as a local computer connects to a remote server on the trigger port, the port range will be forwarded to that local computer.

Ex:
Image Showing Triggered Port Forwarding for a AIM file transfers
When a local computer connects to any remote IP address with the remote port 5190 then the ports 4117-4443 will be forwarded to that computer. Since the AIM servers listen for connections on 5190, this means that as soon as a computer connects to the AIM servers, the ports AIM uses for file transfers will be opened on the router and forwarded to that computer automatically. No need for static IP. Nice.

Port Forwarding using uPNP

Windows users (and others?) can use uPNP to configure port forwarding. This can be a little more convienient. uPNP also allows supporting programs to automatically configure port forwarding for you when they need it.

Port Forwarding using the Console

Here I will specifically show port mapping, but the same thing can be done for port forwarding if you set the internal and external ports equal.

External Resources

http://www.portforward.com

You are here: Main Page/DD-WRT Doku (EN)/Port Forwarding