Earlier sections in this guide brought up NAT, address translation, and how it lets multiple computers on a LAN share the home router’s public IP address.
If however the opposite scenario is taking place – something on the Internet wants to initialise the communication toward a computer on the internal LAN – then that would be impossible without some type of special solution such as a Port Forward. Remember that all computers on your LAN are “hidden” behind the public IP address of your home router.
Let’s say we install a Web Server on our home network, and we want people on the Internet to be able to browse to our Web Server. We also have several other computers on our home network, and we want both our computers and the Web Server to share the same public IP address that the router has on its outside.
When somebody is browsing from the Internet to the public IP address of the home router, how should that router know that it should pass the traffic to the Web Server?
The router cannot do this automatically. Instead, you would have to configure the router to do what we want it to do in this particular scenario.
If you do not configure the router for this scenario, then if somebody on the Internet is browsing to the router’s public IP address, the router wouldn’t know what to do with the traffic. The router cannot find any matching pre-existing session in its memory, so the router doesn’t have any other choice but to discard the traffic.
The result is that the person on the Internet who was trying to browse to our Web Server simply doesn’t get any replies back. Their web browser will eventually time out and display an error information message.
The solution to this problem is to create a Port Forward. You as the administrator of the home router will have to investigate which ports that the web server on the inside LAN wants to listen to. Then you make sure that any traffic from the Internet that is sent to those ports are forwarded in the router to the correct device.
Luckily these days there is an easier and completely automatic way of doing Port Forwards. It is handled by a protocol called UPnP which is described in a section of its own within this guide. But worth noting is that UPnP won’t always work correctly.
So if you would like to understand the theory behind how Port Forwards work then this section is for you. If however you just want the simplicity then start by looking at the section about UPnP and come back to this section only if UPnP did not work in your case.
Understanding Port Forwards
Port Forwards are among the most advanced things that a typical home network owner will deal with. Sometimes depending on your router it might be simple to perform the actual configuration in your router. But the underlying theory behind Port Forwards is more complex.
First of all, you have to know why Port Forwards would sometimes be needed. You must also have heard about Port Forwards to even have a clue about any problem that could be associated with running a server on your home network.
Once you have gotten that far it is often rather simple for an experienced computer user to look for guides and try to follow those guides to perform a Port Forward in their home router. But the problem is that many guides are simply badly written, and might even be written by people who themselves do not have a clue about how Port Forwards actually work.
Also, if you don’t know the theory behind the configuration change that you are performing then it gets really difficult to try to troubleshoot why it is not working if something doesn’t go according to plan.
All programs or services that you can connect to always listen on a specific port. A Web Server for example always listens for TCP traffic on port 80. So if we install a Web Server on our home network then we know that it will listen for traffic on port 80/TCP by default.
That is all the information we need to set up a Port Forward rule in our home router. We can configure the router in such a way that if anybody browses to the public IP address of the router on port 80/TCP, then the router will forward that traffic to our internal LAN Web Server. That way we can “publish” our internal Web Server to the public Internet.
As you can see in the picture above an Address Translation is performed by the router on the IP packets as they pass through the home router. The destination IP address is translated in the IP packet. In fact, Port Forwarding is actually just a special type of NAT or Address Translation. But since it is used for a specific purpose it has gotten its own name, “Port Forward”.
Many computer games also require Port Forwards to function. This is often true for multiplayer games where one player can start a Game Server within the game and the other players connect to the Game Server. Since the Game Server is started on a computer which sits on a local LAN behind a home router, it might be necessary to configure that home router with Port Forward rules to make it work properly. Otherwise, when a player on the Internet wants to connect to the game server the home router doesn’t know where it should send the traffic.
Different games will require different Port Forward rules. Most games will actually require multiple Port Forward rules before they start to work, and there might be a mix of both UDP and TCP ports that must be forwarded to the computer which is running the game. Sometimes a whole range of ports must be forwarded.
To figure out which ports that must be Port Forwarded you have to either google for the game’s name and the keywords “port forward”, or you could try to find the information on the homepage of the game.
In all honesty, the game publishers are often absolutely incompetent regarding Port Forwards. They commonly list far too many ports that they tell you must be forwarded, and they are often confused themselves as to which ports are actually required to run the game. So to be on the safe side, the publishers often list loads of ports in their Port Forward help articles on their websites.
The most common mistake they make is that they cannot distinguish between outgoing traffic (from the gaming computer to the Internet) and incoming traffic (from the Internet to the gaming computer). The result is that they might list all ports in both directions and tell you to forward all of them.
Unfortunately, there is no general rule that can be applied to the problem of incompetent game publishers. You could try to enable UPnP if possible, but if that doesn’t work then you might have to search the Internet to find others who have solved the puzzle of making a certain game work with Port Forwards and copy what they did.
Example game requirements:
Here is one example of a game which has some Port Forward requirements listed. This particular game is Titanfall for PC:
- UDP port 8125
- TCP port range 25000 – 25099
- TCP port range 30000 – 30099
- UDP port range 25000 – 25099
- UDP port range 30000 – 30099
The game publisher also lists port 80/TCP and port 443/TCP. However, ports 80/TCP and 443/TCP (Web Server ports) should never have to be Port Forwarded to your computer unless you are running a Web Server on your computer. Your game is not a Web Server. So you can probably safely assume that you do not have to Port Forward port 80/TCP or 443/TCP to an internal computer unless you actually want to run a Web Server on that computer.
What the game actually uses those two ports for is to let the game connect to the publisher’s Web Servers on the Internet to download information and updates. In other words, they are only required for outgoing traffic to the Internet.
Configuring Port Forwards
How you configure a Port Forward depends completely on what router you have. Often there is a setting available in the router called “Port Forward” or something similar to it. But no matter what the exact name of the function is on your particular type of home router, the main idea is that you have to first pick which ports that should be forwarded to an internal computer, and then you have to pick which internal computer or which internal IP address that the traffic should be forwarded to.
Remember when we discussed earlier in the guide how you can configure a computer with a static IP address? When you need to set up a port forward rule to your computer, then it would normally also be wise to configure that computer with a static IP address. Otherwise, your new port forward rule will stop working if your computer changes its IP address later on.
Previous part: |
Next part: |