Blog Port forwarding: what it is and how to set it up

CrazyReader

Automated Import
Staff member
Port forwarding can be a powerful tool to unlock new functions on your router, but it can also
open serious security vulnerabilities. What is it and how can you use it to your advantage while
staying safe?

Contents



What is port forwarding




What is port forwarding used for?




How to set up port forwarding




Is port forwarding safe?






What is UPnP?




Port forwarding vs. port triggering




Does port forwarding improve speed?




Does port forwarding work with a VPN?




To understand port forwarding you first need to understand what your router does. You can think
of it as a mix between a security guard and a mail sorter. Your{‘ ‘}

NAT firewall

, which lives on your router, sends incoming connections to the devices that requested them, by
extension also blocking unwanted incoming data. It does this automatically, but if you want your
home devices to connect to a remote device, you need to set up port forwarding.


Your router has over 60,000 ports. About the first 1,000 are ordinarily dedicated to standard specific functions. The remaining can be assigned to any device or program you want. You can do so by opening a
port on your router and assigning it to a specific device. Now, when a device sends a connection
request to your router, it will automatically create a direct connection. Here’s more about how to find your port number.




Port forwarding is useful whenever you need to make a direct connection between a device in your
home network and a remote device. For example:


Watch a security camera or baby monitor when away from home;
Connect to your home server remotely;
Use remote desktop software to access your home computer;
Allow other users to connect to your public web server;
Connect to an IoT device on your home network;
Form a direct connection to a gaming server;
Maintain uninterrupted and direct access to a VoIP call server.


There are many other legitimate uses for port forwarding, but many of them are advanced and
beyond the scope of this introductory article.



The specific instructions for port forwarding can be different for each router or brand, so
here’s a general overview of what the process might look like:



Log into your router. You can do so by entering your router’s IP (or in other words,{‘ ‘}

default gateway

) into the address bar.{‘ ‘}


Open the port forwarding settings panel. There, you should see a list of empty port
configurations.


Choose one configuration and enter internal and external port numbers (your best bet is to go
over 1,000 and under 65,000). In most cases, the external and internal ports don’t actually
have to match each other, as long as the external and internal devices know which ones to use.


Once the ports are set, enter the local IP address of the device you want the port to connect
to on your network (the local address will be different from your router’s IP address, since
another one of your router’s jobs is to hide your devices’ individual IPs under the router’s
public IP).


Now the router can redirect any request sent to that specific port straight to your device
without revealing its private IP address. But what does that request look like?



Say your router’s IP address is 123.456.789. If the port you set to connect to your home
security camera is 3579, then a request to your router to connect directly to the camera via
port forwarding would be sent to this address: 123.456.789:3579. It’s just like dialing a phone
number with an extension!



Imagine that your router’s ports are doors, and most of them are locked. The information from
the internet can still get in – it just has to be checked and allowed in by the router. But when
one of those doors are unlocked, anyone who tries that door can open it and walk right in.


In one sense, it’s not as bad as it sounds – that opened port (or unlocked door) only leads to
whichever device it was pointed at. But if, for example, your security camera has a weak
password (or no password),{‘ ‘}

an intruder could see what the camera sees or even control it

. A port opened directly to your PC could be used to infect your computer or to unlock the rest
of your network. Therefore it’s essential to protect your devices with strong passwords (see{‘ ‘}

what makes a strong password here

).{‘ ‘}

{SHORTCODES.blogRelatedArticles}

On the other hand, there are exceptions. You may not want a web server hosting your website to
be completely password protected, as some pages will have to be public, but you’ll need to make
sure that you can secure those pages and any data that needs to remain private.


Another issue is that manually configured ports remain open until you manually close them. They
can be used and abused while you sleep or while you travel. It’s usually impossible to use a
port that’s already occupied, but hackers will have a much easier time trying to connect to a
port that is open and not in use.




You might have previously used port forwarding without actually manually configuring the ports
or even being aware of it. How? Your device used{‘ ‘}

Universal Plug and Play (UPnP)

, which allows apps on your device to open ports on your router when needed and to close them
when they’re done.{‘ ‘}


UPnP might be convenient but it adds its own potential security issues. It assumes that every
device on your local network is trustworthy. So if you happen to get infected by malware that
wants to initiate a direct connection with a remote hacker, your UPnP router will allow it
without question. Such a connection would be much more difficult to open with UPnP disabled.


Outdated routers or ones with poor UPnP implementations can be vulnerable to a number of UPnP
exploits. Some of these can open all of the ports on your router or use UPnP to change your DNS
server (you can read about{‘ ‘}

DNS spoofing and other common hack attacks here

).




Port triggering is much like port forwarding, but with a few key differences. Some of these help
shore up some of its security vulnerabilities, but they also limit the cases where port
triggering can be useful.


First, when you set up port triggering, the port you choose remains closed. It will only open in
the event that it’s triggered by outbound communication. When the outbound communication that
triggered the port opening ends, the port will close after a specified period of time. This
makes the connection more secure because it puts the local device in control of opening the
connection. However, it also means these connections are difficult or almost impossible to
initiate from outside.


Secondly, port triggering doesn’t require you to configure a specific device IP address when
creating the trigger. This means that any device on your network can initiate the connection,
though only one can use it at a time. In port forwarding, you have to define the specific device
using the connection. Depending on your router and your devices, this can make port triggering
either a more or less secure choice than forwarding.



Yes. Returning to our analogy of the router as a mail-sorter, port-forwarding allows you to cut the time spent at the sorting stage. If you program your router to forward data from specific ports to pre-specified devices on your network, you could speed up your internet connection by several milliseconds and reduce your download time significantly.



Port forwarding and triggering could work with a VPN protocol in general, but not with NordVPN. Our apps block almost all port communication from within your device except for the ones most
commonly used by popular applications. This was a tough decision that may inconvenience some
users, but we’d like to explain why we did this.


Browsing the internet with open ports opens you up to a number of security risks. Blocking
access to all ports except those that are essential for our VPN to operate and for you to enjoy
the internet is part of how NordVPN keeps you secure. Otherwise, we wouldn’t be able to ensure
your security online.{‘ ‘}

If you aren’t yet covered by a VPN, download the NordVPN app for free and purchase a subscription that works best for you. Once you launch the app, you’ll be protected by some of the best encryption in the industry.



Protect yourself online with NordVPN. Try it now with a risk-free 30 days money-back
guarantee!



Get NordVPN
 
Top