What is port forwarding? Also known as port mapping and port tunneling, port forwarding is a way of accessing private networks, such as your home or business servers and devices from outside. It also shields the private network from unwanted external connections.
At the same time, port forwarding allows external devices to communicate with your device that’s on a private network. Without port forwarding, devices connecting from outside cannot see private IP addresses, only the external one which belongs to a gateway (i.e., VPN, proxy, router, or firewall). A gateway can block both incoming and outgoing traffic, depending on its settings.
Table of Contents
- What is port forwarding used for?
- How does port forwarding work?
- Port forwarding security
- Port forwarding and VPNs
- Best VPNs for port forwarding
- Setting up port forwarding
- What is local port forwarding?
- Frequently Asked Questions
What is port forwarding used for?
Port forwarding can be used in many different ways for work and entertainment purposes. Here are some examples of the most common uses of port forwarding:
- Online games. It can be either a computer or a game console that’s behind the router. Occasionally, routers block incoming gaming server’s traffic because they find it suspicious. Another popular reason to use port forwarding is when you want to create your own game server. In this case, routers might not recognize the necessary port, leaving your friends on the other side of the router.
- Seeding .torrent files. If you’re behind a router, it might prevent you from seeding .torrent files. This can be a problem if you’re using a tracker that counts your download/upload ratio or if you just want to share some files.
- Accessing your work computer from home. You are probably familiar with remote desktop access software. It also uses port forwarding to allow access to a private network of your office or pass your home router.
- Increasing downloading speed. In a way, your router acts like a border guard that stops everyone, checks their documents, and occasionally inspects their belongings. However, you can make the process more Shengen-like by using port forwarding. This way, the traffic goes straight to your computer, which can be crucial if you want to stream in UHD (4K) or do other bandwidth-heavy tasks.
- Improving your security and privacy. Knowing your public IP address allows anyone can check if some of the most commonly used ports are open. You can shield yourself by allowing only one port for external access. You can also make yourself less vulnerable to DDoS (direct denial of service) attacks with port forwarding.
- CCTV and security. The Internet of Things (IoT) is extending the use of port forwarding rapidly. It’s needed to remotely access security cameras and different devices at your home or work.
- Running a public HTML server. With the advent of cloud hosting, using your computer as a public server becomes obsolete, at least in the home environment. Nevertheless, you may want to have some of your resources available to your family, coworkers, or yourself while traveling. However, a router might block incoming traffic, especially if you use some random port. Therefore, a router should also know that it’s OK to let the right ones in.
- Allowing FTP connection. FTP, or File Transfer Protocol, is another dwindling service that can be used to download files from a remote server. It might be useful if you host large files that are above your cloud storage quota. Like before, the router has to know where to direct FTP requests from outside so they could reach your internal IP address.
How does port forwarding work?
To establish a connection with a private network, port forwarding intercepts the traffic and uses the gateway to redirect your request from one IP address and port address to another by applying network address translation (NAT). NAT allows internal devices to communicate with the external network using only one IP address. This is possible because NAT stores all the maps (IP+port) of that connection.
All internet traffic consists of packets that hold your data and a header that defines its destination. When port forwarding is used, the gateway rewrites the header so it could reach the private server. So while the external device thinks that it sent a request and received an answer from IP 184.108.40.206, in reality, the whole communication process went to IP 10.0.01.
The scheme below should help you better understand how the actual IP and port address forwarding happens.
IP is the address of the system in the network. They can be public or private and static or dynamic. Your public IP address is given to you by your internet service provider (ISP) and is used to communicate with other public IP addresses. In contrast, private IP is used only in your LAN or “behind the router.”
Port is the address of the service within the system. A router uses it to connect you to the desired service that uses a particular port. A port can lead anyone directly to your private IP address and device that uses it – the router won’t stop such traffic.
While your device can only have one IP address, it can use multiple ports to allow access to numerous services. Ports can also identify what kind of applications or services are running on your device. IP and port together are known as a socket.
TCP/IP network ports
TCP/IP is a suite of communication protocols, named after the core TCP (Transmission Control Protocol) and IP (Internet Protocol) protocols. It provides the rules for sending and receiving data online. All TCP/IP protocols are managed by a volunteer organization named Internet Engineering Task Force (IETF).
Port numbers ranging from 0 to 1023 are for most popular service types. Then there’s the 1024–49151 port range reserved for specific services and registered by Internet Assigned Numbers Authority (IANA). Finally, there are the so-called dynamic ports (49152–65535) that are not for registering. This range is for private or temporary use.
While it’s common to assign a port for internal-to-external connections randomly, it doesn’t work the other way around. That’s because the external client assumes you will use a standardized port for that connection type.
Here are some of the standardized TCP/IP suite ports from all ranges:
|20, 21||Well-known||FTP transfer and control|
|993||Well-known||IMAP over TLS/SSL|
|4244, 5242, 5243, 9785||Registered||Viber|
|5000–5500||Registered||League of Legends|
|49152–65535||Dynamic||Certificate Management over CMS|
Is port forwarding safe?
While there are some dangers in port forwarding, port forwarding is safe, in general. Port forwarding can actually help hide your public IP address. It may also help against a DDoS attack because the attacker needs not only your IP but port as well.
Finally, you can always combine different cybersecurity resources, such as VPN, with port forwarding to reach a desirable level of security and privacy. That’s because VPNs encrypt all your traffic, which is usually not the case with routers or firewalls.
Dangers of port forwarding
The dangers of port forwarding are real. Whenever you’re opening a port, there’s always a chance, no matter how small, that it will be exploited. The chances go up if your traffic isn’t encrypted. What’s more, using the user-friendly but not always secure Universal Plug and Play (UPnP) protocol for port forwarding also increases the risk of cyberattacks.
But what if someone randomly checks some well-known ports to see if they can access a remote system? Well, there’s the external and internal port. The external port can be a totally random number, while the internal one will correspond to the actual service that uses this port. What’s more, most routers come with a firewall that automatically closes down the ports that are often exploited.
Port forwarding and VPNs
Most home routers already offer port forwarding functionality. And most VPNs can be configured to work on routers. In fact, some even have dedicated router apps.
However, VPN port forwarding can be tricky because these two do not always work together. Luckily, you don’t have to turn off VPN whenever you want to do port forwarding because some providers support this feature (see the list below).
Using a VPN and port forwarding has plenty of benefits. For starters, a VPN encrypts all your traffic and hides your IP address, significantly increasing security and privacy. Additionally, you can enjoy other benefits that come with VPNs, such as unblocking websites and streaming platforms, allowing P2P, and avoiding bandwidth throttling, among others.
Best VPNs for port forwarding in 2020
Here are some of the best VPNs that support port forwarding:
- PrivateVPN – starting at $1.89/month
- Private Internet Access – starting at $2.69/month
- PureVPN – starting at $6.49/month
- Ivacy – starting at $2.40/month
- ExpressVPN – starting at $6.67/month
All of these VPNs not only support port forwarding but are also among the best overall services.
How to set up port forwarding
Setting up port forwarding is easier than you may think. You can do that without prior technical knowledge. Below you will find step-by-step instructions on how to set up port forwarding with UPnP, manually, and with a Virtual Private Network.
Port Forwarding with UPnP
With UPnP, you’re sacrificing some security in return to simplicity. I don’t recommend it for sharing sensitive information. Also, don’t be surprised if your router doesn’t have this option. There are certain models and makes where you need to install the UPnP feature yourself.
Here are the generic steps for setting up port forwarding with UPnP – the actual flow depends on your router and device:
- Log in to your router by entering 192.168.0.1 in your browser.
- Locate the tab with port forwarding settings.
- Enable UPnP port forwarding.
That’s it – router software will create all the rules automatically.
Now that you have UPnP enabled on your router, you can set it up on your desired application, i.e., torrenting client.
“Enable UPnP port mapping” should be ticked by default. The only thing you might need to change is the port number to correspond with the one in your router configuration.
Manual port forwarding
As the name implies, manual port forwarding is the most difficult of all three options. This means you may need to check your router’s manual or ask customer support for help. In general, the process looks as follows:
- Check if your device has a static IP address.
- Log in to your router by entering 192.168.0.1 in your browser.
- Locate the tab with port forwarding settings.
- Choose the ports that you want to open.
- Choose the desired protocol.
- Enter your static IP address.
- Add rules and settings (if any)
Just like with the UPnP method, you will also need to enable port forwarding on a particular service, such as a torrenting client.
Port Forwarding with a VPN
Port forwarding with a VPN is probably the best option of all three. That’s because a VPN adds a key component – security. Without it, your traffic is not automatically encrypted, and your external IP is not hidden. Last but not least, you get to enjoy all the other benefits that a VPN brings, including streaming and torrenting.
These are the steps for setting up VPN port forwarding:
- Get a VPN that supports forwarding. You can find our recommended ones above.
- Install a VPN and go to its Settings.
- Enable port forwarding if it’s not enabled by default.
- Follow the instructions (if any).
In case you get stuck at some point, don’t hesitate to contact customer support. Most of the VPNs above offer live chat with polite and knowledgable representatives.
What is local port forwarding?
Local port forwarding is the most popular one among all three types that also include remote and dynamic port forwarding. It allows you to connect from a local computer that runs a Secure Shell (SSH) client to other servers. Connections from the local computer are forwarded to the SSH server and then reach the destination server.
Local port forwarding can work even if the firewall blocks certain web pages. Furthermore, it can help receive mail securely or connect to a website using an SSH tunnel.
In the meantime, remote port forwarding also uses SSH but is suited for server-side communication with the client. Finally, dynamic port forwarding is a powerful but not popular type that requires manual configuration for securing data before forwarding.
Port forwarding FAQ
Is port forwarding the same as port triggering?
No, it’s not. So, port forwarding vs port triggering – which one should you use? Well, both serve the purpose of giving access to a device on a private network. However, in the case of port triggering, the port is open only while it’s at use, which adds extra security. What’s more, it’s available to any device on a private network.
The main disadvantage of port triggering is that it allows only one device from the private network to hold a connection.
Is port triggering safe?
Port triggering is safer than port forwarding, but it’s not 100% safe. In this case, the port remains shut until a request comes from a private network device to open it. This means that anyone wanting to hack into that device has a much shorter time span.
However, if you want maximum safety, you should use VPN port forwarding. A reliable VPN will encrypt your traffic and hide your IP from snoopers.
What does port forwarding do for gaming?
In short, port forwarding enables gaming online. If you’re behind a router, you won’t be able to host a multiplayer game for your friends. Also, the router might block incoming traffic from a public server. Finally, you might need to enable port forwarding not only for your computer but gaming console as well.
Why is port forwarding not working?
You should start troubleshooting by checking the IP address and the port. Can you access it inside the private network? If not, try checking your server settings.
Additionally, you can check the WAN IP of the router and make sure it’s getting a public IP. You can also see if the port is actually open by using an online checker. If all fails, try contacting your router manufacturer.
How do I enable port forwarding?
You can enable port forwarding by accessing your router’s software. Usually, entering 192.168.0.1 in your browser address allows logging in as an administrator. Most likely, you’ll be able to choose between the UPnP and manual configuration.
Alternatively, if you’re using a VPN that allows port forwarding, you can easily enable it from your VPN client’s settings.
Does port forwarding reduce lag?
Port forwarding can help reduce lag in some situations, such as online gaming or torrenting. This also means that voice chat can run at a higher quality. If you had problems with dropping out of games, port forwarding could help with that as well.
However, if you’re connecting to a server that’s thousands of miles away, you might experience increased latency.
How to test port forwarding?
The easiest way to check if port forwarding is working is to use an online port forwarding tester, such as yougetsignal.com. It will show your IP address and which of the most commonly used ports are open.
You can manually test any other port that’s not on the list. Port forwarding testers can also identify what services are running on these ports.
Which IP do I use for port forwarding?
You need to use a static IP for port forwarding. As its often the case, your IP address will be dynamic, meaning there’s no way to link it with an open port. After you set up the static IP on your device, go to your router settings. These are usually accessible by typing 192.168.0.1 or 192.168.1.1 in your browser. In router settings, enter your static private IP, local port, external port, and protocol to enable port forwarding.
How to forward ports on your router
You can forwarding ports on your router at least in two ways. In each case, you need to login to your router first by entering 192.168.01 in your browser’s address bar.
The most simple one is UPnP that does the hardest part of setting up all the ports for you. However, it also lacks security. Another option is to manually forward the ports, which allows you to choose all the settings.