What is port forwarding? Also known as port mapping and port tunneling, port forwarding is a way of accessing private networks, such as your home or business servers and devices from outside. It also shields the private network from unwanted external connections.
At the same time, port forwarding allows external devices to communicate with your device that’s on a private network. Without port forwarding, devices connecting from outside cannot see private IP addresses, only the external one which belongs to a gateway (i.e., VPN, proxy, router, or firewall). A gateway can block both incoming and outgoing traffic, depending on its settings.
What is port forwarding used for?
Port forwarding can be used in many different ways for work and entertainment purposes. Here are some examples of the most common uses of port forwarding:
- Online games. It can be either a computer or a game console that’s behind the router. Occasionally, routers block incoming gaming server’s traffic because they find it suspicious. Another popular reason to use port forwarding is when you want to create your own game server. In this case, routers might not recognize the necessary port, leaving your friends on the other side of the router.
- Seeding .torrent files. If you’re behind a router, it might prevent you from seeding .torrent files. This can be a problem if you’re using a tracker that counts your download/upload ratio or if you just want to share some files.
- Accessing your work computer from home. You are probably familiar with remote desktop access software. It also uses port forwarding to allow access to a private network of your office or pass your home router.
- Increasing downloading speed. In a way, your router acts like a border guard that stops everyone, checks their documents, and occasionally inspects their belongings. However, you can make the process more Shengen-like by using port forwarding. This way, the traffic goes straight to your computer, which can be crucial if you want to stream in UHD (4K) or do other bandwidth-heavy tasks.
- Improving your security and privacy. Knowing your public IP address allows anyone can check if some of the most commonly used ports are open. You can shield yourself by allowing only one port for external access. You can also make yourself less vulnerable to DDoS (direct denial of service) attacks with port forwarding.
- CCTV and security. The Internet of Things (IoT) is extending the use of port forwarding rapidly. It’s needed to remotely access security cameras and different devices at your home or work.
- Running a public HTML server. With the advent of cloud hosting, using your computer as a public server becomes obsolete, at least in the home environment. Nevertheless, you may want to have some of your resources available to your family, coworkers, or yourself while traveling. However, a router might block incoming traffic, especially if you use some random port. Therefore, a router should also know that it’s OK to let the right ones in.
- Allowing FTP connection. FTP, or File Transfer Protocol, is another dwindling service that can be used to download files from a remote server. It might be useful if you host large files that are above your cloud storage quota. Like before, the router has to know where to direct FTP requests from outside so they could reach your internal IP address.
How does port forwarding work?
To establish a connection with a private network, port forwarding intercepts the traffic and uses the gateway to redirect your request from one IP address and port address to another by applying network address translation (NAT). NAT allows internal devices to communicate with the external network using only one IP address. This is possible because NAT stores all the maps (IP+port) of that connection.
All internet traffic consists of packets that hold your data and a header that defines its destination. When port forwarding is used, the gateway rewrites the header so it could reach the private server. So while the external device thinks that it sent a request and received an answer from IP 126.96.36.199, in reality, the whole communication process went to IP 10.0.01.
The scheme below should help you better understand how the actual IP and port address forwarding happens.
IP is the address of the system in the network. They can be public or private and static or dynamic. Your public IP address is given to you by your internet service provider (ISP) and is used to communicate with other public IP addresses. In contrast, private IP is used only in your LAN, or “behind the router.”
Port is the address of the service within the system. A router uses it to connect you to the desired service that uses a particular port. A port can lead anyone directly to your private IP address and device that uses it – the router won’t stop such traffic.
While your device can only have one IP address, it can use multiple ports to allow access to multiple services. Ports can also identify what kind of applications or services are running on your device.
What are the types of port forwarding?
There are three types of port forwarding: local, remote, and dynamic.
Local port forwarding
Local port forwarding allows you to connect from a local computer to other servers. It can work even if the firewall blocks certain web pages. Local port forwarding can also be used to receive mail securely.
Remote port forwarding
Remote port forwarding lets you reach a local computer, i.e., by using remote desktop service. It can also be used to host a server accessible to clients on the other side.
Dynamic port forwarding
Dynamic port forwarding is a rarely-used method for protecting your data on public wifi and bypassing firewalls. It is done by transferring data via a secure tunnel before it’s forwarded.
Is port forwarding safe?
The dangers of port forwarding are real. Whenever you’re opening a port, there’s always a chance, no matter how small, that it will be exploited. The chances go up if your traffic isn’t encrypted. What’s more, using the user-friendly but not always secure Universal Plug and Play (UPnP) protocol for port forwarding also increases the risk of cyberattacks.
But what if someone randomly checks some well-known ports to see if they can access a remote system? Well, there’s the external and internal port. The external port can be a totally random number, while the internal one will correspond to the actual service that uses this port. What’s more, most routers come with a firewall that automatically closes down the ports that are often exploited.
Port forwarding can actually help hide your public IP address. It may also help against a DDoS attack because the attacker needs not only your IP but port as well. Finally, you can always combine different cybersecurity resources, such as VPN, with port forwarding to reach a desirable level of security and privacy. That’s because VPNs encrypt all your traffic, which is usually not the case with routers or firewalls.
Port forwarding and VPNs
Most home routers already offer port forwarding functionality. And most VPNs can be configured to work on routers. In fact, some even have dedicated router apps.
However, VPN port forwarding can be tricky because these two not always work together. Luckily, you don’t have to turn off VPN whenever you want to do port forwarding because there are some providers that support such this feature (see the list below).
Using a VPN and port forwarding has plenty of benefits. For starters, a VPN encrypts all your traffic and hides your IP address, significantly increasing security and privacy. Additionally, you can enjoy other benefits that come with VPNs, such as unblocking websites and streaming platforms, allowing P2P, and avoiding bandwidth throttling, among others.
Best VPNs for port forwarding in 2020
Here are some of the best VPNs that support port forwarding in 2020:
- PrivateVPN – starting at $1.89/month
- Private Internet Access – starting at $2.69/month
- PureVPN – starting at $5.82/month
- Ivacy – starting at $1.16/month
- ExpressVPN – starting at $6.67/month
All of these VPNs not only support port forwarding but are also among the best overall services.
How to set up port forwarding
Setting up port forwarding is easier than you may think. You can do that without prior technical knowledge. Below you will find step-by-step instructions on how to set up port forwarding with UPnP, manually, and with a Virtual Private Network.
Port Forwarding with UPnP
With UPnP, you’re sacrificing some security in return to simplicity. I don’t recommend it for sharing sensitive information. Also, don’t be surprised if your router doesn’t have this option. There are certain models and makes where you need to install the UPnP feature yourself.
Here are the generic steps for setting up port forwarding with UPnP – the actual flow depends on your router and device:
- Log in to your router by entering 192.168.0.1 in your browser.
- Locate the tab with port forwarding settings.
- Enable UPnP port forwarding.
That’s it – router software will create all the rules automatically.
Now that you have UPnP enabled on your router, you can set it up on your desired application, i.e., torrenting client.
“Enable UPnP port mapping” should be ticked by default. The only thing you might need to change is the port number to correspond with the one in your router configuration.
Manual port forwarding
As the name implies, manual port forwarding is the most difficult of all three. This means you may need to check your router’s manual or ask customer support for help. In general, the process looks as follows:
- Check if your device has a static IP address.
- Log in to your router by entering 192.168.0.1 in your browser.
- Locate the tab with port forwarding settings.
- Choose the ports that you want to open.
- Choose the desired protocol.
- Enter your static IP address.
- Add rules and settings (if any)
Just like with the UPnP method, you will also need to enable port forwarding on a particular service, such as a torrenting client.
Port Forwarding with a VPN
Port forwarding with a VPN is probably the best option of all three. That’s because a VPN adds key component – security. Without it, your traffic is not automatically encrypted, and your external IP is not hidden. Last but not least, you get to enjoy all the other benefits that a VPN brings, including streaming and torrenting.
These are the steps for setting up VPN port forwarding:
- Get a VPN that supports forwarding. You can find our recommended ones above.
- Install a VPN and go to its Settings.
- Enable port forwarding if it’s not enabled by default.
- Follow the instructions (if any).
In case you get stuck at some point, don’t hesitate to contact customer support. Most of the VPNs above offer live chat with polite and knowledgable representatives.
Port forwarding FAQ
Is port forwarding the same as port triggering?
No, it’s not. So, port forwarding vs port triggering – which one should you use? Well, both serve the purpose of giving access to a device on a private network. However, in the case of port triggering, the port is open only while it’s at use, which adds extra security. What’s more, it’s available to any device on a private network.
The main disadvantage of port triggering is that it allows only one device from the private network to hold a connection.
Is port triggering safe?
Port triggering is safer than port forwarding, but it’s not 100% safe. In this case, the port remains shut until a request comes from a private network device to open it. This means that anyone wanting to hack into that device has a much shorter time span.
However, if you want maximum safety, you should use VPN port forwarding. A reliable VPN will encrypt your traffic and hide your IP from snoopers.
What does port forwarding do for gaming?
In short, port forwarding enables gaming online. If you’re behind a router, you won’t be able to host a multiplayer game for your friends. Also, the router might block incoming traffic from a public server. Finally, you might need to enable port forwarding not only for your computer but gaming console as well.
Why is port forwarding not working?
You should start troubleshooting by checking the IP address and the port. Can you access it inside the private network? If not, try checking your server settings.
Additionally, you can check the WAN IP of the router and make sure it’s getting a public IP. You can also see if the port is actually open by using an online checker. If all fails, try contacting your router manufacturer.
How do I enable port forwarding?
You can enable port forwarding by accessing your router’s software. Usually, entering 192.168.0.1 in your browser address allows logging in as an administrator. Most likely, you’ll be able to choose between the UPnP and manual configuration.
Alternatively, if you’re using a VPN that allows port forwarding, you can easily enable it from your VPN client’s settings.
Does port forwarding reduce lag?
Port forwarding can help reduce lag in some situations, such as online gaming or torrenting. This also means that voice chat can run at a higher quality. If you had problems with dropping out of games, port forwarding could help with that as well.
However, if you’re connecting to a server that’s thousands of miles away, you might experience increased latency.
How to test port forwarding?
The easiest way to check if port forwarding is working is to use an online port forwarding tester, such as yougetsignal.com. It will show your IP address and which of the most commonly used ports are open.
You can manually test any other port that’s not on the list. Port forwarding testers can also identify what services are running on these ports.
Which IP do I use for port forwarding?
You need to use a static IP for port forwarding. As its often the case, your IP address will be dynamic, meaning there’s no way to link it with an open port. After you set up the static IP on your device, go to your router settings. These are usually accessible by typing 192.168.0.1 or 192.168.1.1 in your browser. In router settings, enter your static private IP, local port, external port, and protocol to enable port forwarding.
How to forward ports on your router
You can forwarding ports on your router at least in two ways. In each case, you need to login to your router first by entering 192.168.01 in your browser’s address bar.
The most simple one is UPnP that does the hardest part of setting up all the ports for you. However, it also lacks security. Another option is to manually forward the ports, which allows you to choose all the settings.