Internet Video Series, Part 2

 

Episode 14, Segment 06 of 08

Port Forwarding

"Port Forwarding" is the best-known of these tools (and everybody uses the term - "Port Forwarding" - to describe these general principles). In it's most basic and popular form, Port Forwarding amounts to manually filling in one or two tables on your router (the best routers use large, separate tables for TCP and UDP processes, while cheaper routers combine both into a single, small table). Each table entry will precisely describe an individual - "hole" - through your NAT router firewall, which should lead to a server process. Thereafter, processes in your NAT router will recognize, intercept, translate, and relay incoming messages addressed to those TCP or UDP ports. Each entry will begin with a reference to a port number (either individually or as part of a group). The entry will then continue with the IP address of the computer on your local network to which all incoming traffic addressing that port should be sent.

As an example, suppose you wish to host a web server on a PC whose local IP address is 192.168.0.2. Because Web servers generally listen on TCP port 80, the corresponding router table entry would look something like this (click on small image to see larger, more detailed one):

TCP80: 192.168.0.2

The implications of this setup are simple: Everybody in the world will be able to use any browser to examine all of the information your web server publishes. They will set their browsers to send client inquiries to TCP port 80 of your NAT router. Your router will relay those inquiries to the web server on TCP port 80 of the PC on your LAN that has IP address 192.168.0.2. If any of those users knows of a weakness in the web server you are using (s)he can look for a browser version (or an imitation browser) that can be configured to exploit that weakness. If your web server is well configured and well supported, and if you keep up-to-date with patches for it, then they won't be able to access anything that you don't intend to publish. If the computer at 192.168.0.2 is switched off, or when it's web server is not listening on port 80, the - "port 80" - hole through your firewall doesn't lead to anything that can be exploited. Almost all routers support Port Forwarding. Proceed with caution.


Episode 14, Segment 07 of 08