Most people live their lives unaware of what port forwarding is and what it can do for them. I recently bought a Foscam IP camera that connects to my wireless network and records everything to my Synology NAS (network attached storage). What’s great about an IP camera is that you can watch it from outside your local network, for example when you leave home for a two week vacation and want to check everything.
You can spend hundreds or even thousands of dollars hiring a company to install the cameras and set everything up for you, or you can spend $ 70 Amazon on a camera and do it yourself! I was pleasantly surprised with my purchase and the relatively easy installation required. Unfortunately, if you don’t know anything about port forwarding, you won’t be able to do it yourself.
In this article, I am going to explain what port forwarding is and how you can use it to access your local devices such as cameras, NAS devices, printers, etc., from outside your home or office network. By learning how to forward a port, you will be able to set up Remote Desktop and access your computer from anywhere.
Before we get into port forwarding, you first need to understand a little about what a router does on your local network.
Internet, router and NAT
Most home networks are similar to the image above: your devices like smartphone, tablet, computer, TV, etc. are connected either directly or wirelessly to your router that is connected to the internet. However, when you think about it, you only have one IP address for your connection, which is unique to the entire Internet, so how do all these devices connect and only use this one address?
This is where your router comes in handy. Basically, your router allows devices on your LAN to communicate with devices on the Internet through NAT (Network Address Translation). So what exactly is NAT? I won’t go into details in this post, but basically all the IP addresses on your local network are private or reserved addresses. This means that they can only be used on private networks. Examples of private addresses: 10.x.x.x, 192.x.x.x, etc.
Each device on your network is assigned a private address by the router via DHCP. Basically, it is a network protocol that configures devices on a network with addresses so that they can communicate with each other.
So this is one side or interface of your router. The second interface connects to the Internet. In this interface, your router has a unique IP address assigned by your ISP. It looks like this:
As you can see, the IP address here starts with something completely different (99.108.x.x). This is where NAT comes into play. If a computer on your local network tried to send data over the Internet, nothing would happen because traffic is not routed. Any traffic from a private address is dropped onto the Internet. Instead, your computer sends data to a router, which then “broadcasts†that data and sends it over the Internet. Outwardly, it looks like one computer with one IP address is sending all the data, even if several computers and devices are actually behind the router.
To explain this in a little more detail, let’s say a computer on your network wants to connect to a computer on the Internet, that is, connect to Google.com from your web browser. This request is sent to the router, which is the default gateway. If you’ve ever run IP configuration for your computer, you’ll see a line called Default Gateway or Router. The default gateway is where data is sent if the IP address doesn’t match anything locally.
Now a simple router takes this data and changes the source address from the local private IP to the public IP of the router. It also records in the NAT table that this computer has made a request for a specific port for this Internet resource. When the front-end server responds, it sends data back to the router. The router will then check its table and see which computer initiated this connection. It will then redirect this data to the port on the local computer that requested it.
Shipping Port
So this works great for web browsing, sending emails, etc., because they are predefined in email clients and web browsers and are outgoing traffic. For example, HTTP traffic always goes through port 80. This is defined by the IANA and everyone must follow it. SMTP, which is used to send email, uses port 25 by default. However, what happens when someone tries to connect to your router from the Internet, for example, through port 80?
By default, if you do not have port forwarding configured and firewall enabled, this connection will simply be dropped. If you want to run a web server on your local network, you need to redirect traffic coming in on port 80 to the local IP address of the machine that is running the web server. Another example: you are running a game server on your local network and you want other friends to be able to join it. The game server can accept new connections on port 55202, which means that you need to forward data coming in on port 55202 on your router to the IP address of the game server on your local network. The IP camera can use port 5000 for incoming connections.
As you can see above, port forwarding is not that difficult. You give it a name (NetCam, RDP, etc.) and then give it the Start and End port numbers. Usually they are the same thing. This means that data arriving on port 5000 from outside the network will be directed to port 5000 on a local computer within your network. After choosing the port numbers, you simply enter the IP address of the device that will listen for data on that port number.
If you can’t figure out how to do this on your router, you can read my previous post on how to forward ports using a free software called Simple Port Forwarding.
Complications
If it were that easy, everyone would do it, right? There is a reason this is a little tricky to set up correctly. The biggest reason is that your unique public IP address assigned to your home Internet connection is constantly changing! So if you try to connect from outside the network, it may work once or twice, but will stop working after changing the public IP address.
This is where you need to set up dynamic DNS. This will allow you to create a unique domain name that is automatically updated based on the current IP address of your internet connection using a tool that you must download and install on a computer on the network. You can read more about setting up dynamic DNS in a previous post on OTT.
Another issue is security. By default, your router is the only device connected to the Internet. Once you start forwarding ports, these computers are now vulnerable to attacks from the Internet on that port number. There are many attackers who regularly scan computers over the Internet looking for open ports on computers. Thus, you must be careful with open ports. It is always recommended to select a port higher than 1024. In fact, many ISPs do not even allow inbound traffic to ports such as 80 due to spam and hackers.
When setting up my Foscam, I had to change the port from 80 to something in the 8000 range to be able to connect. I also made sure to enter the password so that no person who accidentally discovered this open port on my IP address could suddenly see what was happening in my house, at least without knowing the password.
Hopefully this article introduces you to the concept of port forwarding and how you can use it to access devices on your local network from anywhere in the world. Enjoy!
–