Purpose of port forwarding


What does port forwarding do?

In: 6


it lets a service on your computer be visible to the internet even though you’re using NAT.

most internal networks use addresses starting with 10. or 192.168.: these addresses can’t be routed over the internet. so if your computer has an ip of I’ll never be able to connect to it from my network, because my computer would be trying to connect to a computer with that address on *my* network, not yours.

this is done because public ip addresses are in limited supply, we only have 4 billion or so and they all got allocated to various entities years ago. so your house gets 1 single public ip to share between all the devices on your network. your router takes care of this, sending packets out the network by replacing your internal ip address with the public ip so that the other computer knows where to send the reply. (remember if it tried to send it to your internal ip address, the other computer would end up trying to send the reply to a computer on its own network).

you can see your public ip if you type “what’s my ip” into google. you can see your internal ip if you open a cmd terminal and type ipconfig (on windows).

but what if you wanted to host a game, how could i connect to your computer? well, you can tell me your public ip, and that’s fine, but all i can connect to is your router, it’s your router that has that ip address, not your computer.

so you can set up port forwarding, say you make your game listen on port 3000 on your computer, and your computer has the internal ip, you can say to the router: “hey, if anyone tries to connect to you on port 3000, connect to my computer on port 3000 and forward any data you receive to the other end of the connection”.

your router does this, you tell your friend your public ip and that you’re on port 3000, they connect to port 3000 and your router forwards all that traffic to port 3000 on your computer. it’s just like your friend had connected directly to your machine.

now there’s no reason for the 2 ports to be the same, you could ask the router to listen on port 4000 and send everything to port 2000, it’s really just arbitrary.

games don’t like making people set this stuff up so they tend to use another feature called hole-punching (or upnp) this works differently using a different internet protocol. this only works when services are actively looking for each other with a 3rd party public server somewhere. if you wanted to set up, say a web server on your machine that everyone can see, you’d need to do port forwarding.

We ran out of IP addresses a decade ago. Since then most people have been using a stupid trick called NAT so there can be more than 4 billion computers on the internet. A router intercepts the internet traffic coming from your computer and adjusts it so it looks like it’s coming from the router. That way only the router needs to have a real IP address and your computer can have a fake one.

Internet traffic is two-way. When the router gets traffic addressed to it, it has to figure out which computer it’s actually for. As long as your computer initiated the connection, that’s easy.

But if another computer on the internet initiates a connection to your router then your router has no idea which computer it’s meant for. So you have to tell it. That’s port forwarding.

Engineers predicted that we’d run out of IP addresses a decade ago, **three decades ago** and designed an upgrade called IPv6 which has zillions of addresses. You can Google an IPv6 test and see if you have it. If not, you might or might not be able to get it turned on by calling your ISP (Internet company). In IPv6 there is no need for NAT or port forwarding. You can just put a Minecraft server on your computer and people can connect to it, no fuss. (But they need IPv6 as well)

To understand the purpose of port forwarding, you have to understand what a Local Area Network (LAN) is and its purpose. A LAN is like a mini internet that connects to the Wide Area Network (WAN). Outside the LAN, nobody can see any of your devices. This is why you can connect your printer to the internet without worrying that someone outside your LAN will print off of it when you don’t want them to. It’s a good security measure. However, what if you DO want your computer to be seen by the outside world? For example, you want to set up a Minecraft server. Nobody will be able to connect to it because it’s not visible. So to solve this, we “trick” outside computers into thinking they’re connecting to your computer by forwarding packets to your router to your computer inside your LAN. So that way, your computer can talk to the outside world, but can remain invisible to hackers and everyone else outside your LAN.