It is common to configure port forwarding on routers over a web interface. Here, the user is configuring port forwarding for a Conexant router using the Konqueror web browser. 10.0.0.3 and 10.0.0.5 are the private IPs on the LAN.

Port forwarding (sometimes referred to as tunneling) is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside via a NAT-enabled router. Wikipedia does not have an article with this exact name. ... It has been suggested that this article or section be merged with Port forwarding. ... Download high resolution version (978x977, 58 KB)Configuration of port forwarding through a web browser. ... Download high resolution version (978x977, 58 KB)Configuration of port forwarding through a web browser. ... A large core router used for major networks. ... Conexant is a publicly listed NASDAQ: CNXT semiconductor company, which was formerly the semiconductor division of Rockwell International. ... Konqueror is a file manager, web browser and file viewer, which was developed as part of the K Desktop Environment (KDE) by volunteers and runs on most Unix-like operating systems. ... A tunneling protocol is a network protocol which encapsulates one protocol or session inside another. ... Forwarding is the relaying of packets from one network segment to another by nodes in a computer network. ... It has been suggested that this article or section be merged into Computer port (software). ... Network node (NN): A grouping of one or more network elements (at one or more sites) which provides network related functions, and is administered as a single entity. ... It has been suggested that this article or section be merged with private network. ... Local area network scheme A local area network is a computer network covering a small geographic area, like a home, office, or group of buildings. ... In computer networking, the process of network address translation (NAT, also known as network masquerading, native address translation or IP masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. ... A large core router used for major networks. ...

Port forwarding allows remote computers (e.g. public machines on the Internet) to connect to a specific computer within a private LAN.

For example:

• forwarding ports 80 or 443 to run an HTTP webserver
• forwarding port 22 to allow Secure Shell access
• forwarding port 21 to allow FTP access

Modern Linux machines achieve this by adding iptables rules to the nat table: with target DNAT to the PREROUTING chain, and/or with target SNAT in the POSTROUTING chain. HTTP (for HyperText Transfer Protocol) is the primary method used to convey information on the World Wide Web. ... Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. ... The abbreviation FTP can refer to: The File Transfer Protocol used on the Internet. ... Linux (IPA pronunciation: ) is a Unix-like computer operating system. ... In computer networking, netfilter, along with its companion iptables, are collectively a software extension to the Linux operating system that implements a stateful firewall framework. ...

BSD and Mac OS X machines use a similar tool named ipfw. The ipfw tool is likely already running as a built-in part of your operating system's kernel. BSD redirects here; for other uses see BSD (disambiguation). ... Mac OS X (official IPA pronunciation: ) is a line of proprietary, graphical operating systems developed, marketed, and sold by Apple Inc. ... Not to be confused with IPFW, Indiana University—Purdue University Fort Wayne. ...

Some common caveats with port forwarding include: Caveat, the third-person singular present subjunctive of the Latin cavere, means warning (or more literally, let him beware); it can be shorthand for Latin phrases such as Caveat lector Caveat emptor Caveat venditor More narrowly, caveat can also refer to CAVEAT, a Canadian lobby group; The Paulette Caveat about...

• The need to forward the packets that come to the router's forwarded port as well as the need to rewrite them so that the machine to which the port is forwarded to can reply to the original source address, which in turn leads to the inability of the destination (private) machine to see the actual originator of the forwarded packets, and instead see them as if originating from the router
• Only one networked machine can use one forwarded port at one time
• Traditional port forwarding allows the entire world access to the forwarded port, reducing network security slightly

A large core router used for major networks. ...

Single Computer

Port forwarding can also be used within a single machine. Port forwarding is necessary for a standalone computer if any of the following conditions are true:

• The computer is using a shared IP address.
• Internet Connection Sharing is enabled.
• A router is being used with NAT enabled.

In a typical home networking setup, internet access is through a DSL or Cable modem. That modem may be connected to a router, which is then connected to the networked computers by Ethernet or WiFi. The router is the device that the Internet sees; it holds the public IP address. The computer behind the router, on the other hand, is invisible to the Internet as it holds a local IP address. Port forwarding is necessary in the router because computers will send information directed to the public IP address and the router needs to know where to send that information.

Port forwarding is commonly done on Unix-derived computers where port numbers numbered below 1024 can only be accessed by software running as the root user. Running as root can be a security risk, so some people use port forwarding to redirect incoming traffic from a low numbered port to software listening on a higher port. For example, a web server may be listening on a port such as 8080 for traffic redirected from the restricted port 80.

Double port forwarding

Double port forwarding can be done on a network with multiple routers. From the first router ports from the public IP address are forwarded to another router/gateway's external IP address which in turn forwards them on to a host on the private network. ^[1]

See also

• Secure Shell
• Port triggering

Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. ... Port triggering is a function offered by some NAT-enabled routers, to enable access to a computer within the network from the outside, on a specific port number. ...

External links

• canyouseeme.org - Tells you if your ports are forwarded properly (even ports under 1024)
• portforward.com - A large howto and resource site on port forwarding
• zConf.com - RouterConfig - Automating Router’s Configuration
• AzureusWiki.com - Port forwarding - very good explanation