For a lot of people, the very concept of “port forwarding” can be intimidating. It sounds highly technical, and most people don’t know what “ports” even are, let alone how they relate to your router or VPN. That’s not even getting into the weeds about router configurations, IP addresses, your firewall, and more. That’s why we wrote a complete guide to port forwarding.
We’d like to demystify port forwarding and general router control with this handy guide that will, hopefully, make using your router with games and even your VPN as fast and secure as possible.
How Does a Router Work?
Before you get into what router ports are and how they affect your connection, let’s start by understanding your router itself.
A “router” is a piece of computer equipment that connects all of the devices on a specific network to the Internet and one another. Many people have private WiFi connections in their homes or have used public WiFi before. Have you ever wondered how, when you request a website, it gets sent to your phone or computer rather than somebody else on the same network? That has to do with your router and ports.
A router uses a specific protocol called a Network Address Translation (NAT) firewall. There are several NAT types, but they all guide data to the right place. Think of NAT as a switchboard operator, sending data from one place outside your network to one inside it or vice versa.
Every device on your network has an internal IP address (which is different from your external IP address) given to it by your router. The router can find your device by sending any information to your device’s IP on the network. The sheer amount of work that routers have to do just to keep your house supplied with the Internet is astonishing. Take a minute to just appreciate your router.
What are Ports, Then?
So what are ports? Ports are how routers can tell what type of request is coming in and what type of data to return to the other computer. Ports are actually an old technology that arose from the early days of computing. They remain a major part of how network architecture is built, network utilities work, and how a router guides data.
Initially, computers could only run one application at a time. They just didn’t have the capacity to switch between programs, and that made building effective connections easy: just link one computer to the other. However, when we started finding ways to run more than one application at a time, often with many of them operating in the background, it became necessary to have standardized “doors” or “tunnels” that would send the right kind of information to the right kind of application. Ports are those doors. They can be open or closed and are often highly specialized. The computer scientists who came up with ports also recognized that it would be inefficient for your computer to handle those. It needs those resources! Instead, the task of running NAT belongs to routers.
What Does NAT Look Like?
Imagine a hallway with tens of thousands of doors. This is your router and each door is a port. Only certain, specific kinds of data can travel through that door. Each door connects to a tunnel that leads directly to a program, so there’s no way that the information can be sent to another program or device.
The NAT acts as a guide, reading the kinds of data and sending it to the correct open port. For example, let’s say you wanted to visit a web page. The request for that web page would go from your web browser directly to Port 80, come out that door to exit your router, then go find the public IP address of the web page you want to see. When it comes back, the NAT will tell it to enter your router through Port 80 again, and it’ll be sent directly to your web browser.
But wait, it gets even more detailed. You see, Port 80 is only for HTTP traffic. But what about a page that uses Secure Sockets Layer (SLL) and starts with HTTPS? Those go from your web browser, out to Port 443 instead. And when the information comes back to your router, it’ll come in through Port 443. Your router is constantly directing data into and out of your computer, making sure that it gets to the correct local IP address. It sends your data to the right public IP address and it never confuses one device or application for another.
Why You Would Need to Use Port Forwarding
Now that we understand how your router and its ports work, it’s time to consider what we mean by “port forwarding.”
Let’s say that you have several devices set up at home: a desktop, a NAS server, and a tablet. You’re out and about with your laptop and you need to access something on your home network, for example, a file on your desktop. You open the application you want to use and connect to your router through its IP address and…then what? How does the router know which device you want to log in to? Why does it connect you to the desktop and not the tablet?
How it Works
That’s where port forwarding comes in. When you forward ports, you are telling your router that when traffic comes from some place, it goes to another specific place. In this case, if you were trying to FTP into your desktop, you could set up a port forwarding rule that says when you access a certain port, the router sends the data to a specific application or daemon. That way, your connections always end up at the correct destination. If you didn’t have port forwarding set up, your router would reject the connection altogether.
And to be honest, that’s a good thing. You want your router to reject random traffic. You wouldn’t hire a security guard who let everybody through, even when they are clearly going in the wrong door or one that isn’t open. However, when you want to legitimately access your data, then you need your router to understand what you’re requesting.
Port Forward Applications to Anywhere
There are several ports that common applications have, but that doesn’t mean that you have to use them. What if you want your SSH traffic to come in through a port other than Port 22? Lots of people set up services that allow remote access to their system to use a different port so that it makes it a little more difficult for hackers to log in. As long as you have your router forwarding ports, why not port forward your SSH application to someplace besides the default? Then any potential intruder would have to figure out your router port forwarding settings in order to even make that kind of connection. Since ports range from 0 to 65536, that’s a lot of possibilities for them to try.
Or you might want to port forward games. By setting a games port forward option on your router, you’re helping to get data where it needs to go. Port forwarding while gaming could improve your connection speed, lobby wait times, and overall gameplay, especially if you’re the person hosting. Many competitive gamers or dedicated hobbyists are very familiar with their router, ports, and port forwarding because it gives them a bit of an edge at home.
Open Access to Specific Addresses
You can specify a particular IP address in your port forwarding rules so only traffic from there can access a specific open port. For a port to be “open,” that means that it has a certain type of traffic that can enter or leave your router. Ports that are not assigned remain “closed,” which just means that any attempt to connect to your system will be stopped by the router firewall or other network utilities.
Setting up port forwarding to specific addresses makes it easier to serve data from your system or can keep a port open for regular background traffic from that source. You can even open a port that will route traffic between two similar systems. For example, you might have a public and a private web server running on your system. You can tell the router to send traffic coming from one IP address to go to the public server, and to the private server from another.
By specifying different addresses for different functions, you are making your home system more efficient and easier to link with other devices.
Port Forwarding and VPN
You might not realize it but the same technology allowing your router to have port forwarding rules are also on a VPN. In fact, a VPN that allows port forwarding uses the same NAT protocol that the router does, but it does so from a remote server.
While this is a popular VPN feature, it’s also becoming less necessary as more VPNs use encrypted tunneling. By sending data through an encrypted tunnel, it helps the VPN bypass the NAT and make sure the data goes to the right place. Generally, you want a VPN to focus on a particular port for transferring data since that helps to hide what sort of information you’re sending and receiving.
In this case, imagine that hallway of doors representing ports on your router. If I know that Port 53214 is for a particular comic book application, and I see data coming out of that port, then I can reasonably assume that it’s digital comic books. However, with a VPN, the encrypted tunnel hides all of the ports, open and closed, from view by anyone on the outside, so I would have no way to figure out exactly which port the data came from.
A VPN combined with smart port forwarding can result in much better cybersecurity.
Port and Router Guides
Here are some basic instructions and a port forwarding guide for how to safely engage in port forwarding without too much of a headache.
1. Set a Static IP Address on Your Devices
If you’re going to use port forwarding rules on your router or VPN, you can’t have all your relevant devices changing the IP address every time you restart. Each device has to have a specific IP address of its own so that the rules will always know which is which. You can generally do this in your router settings, and we recommend taking a look at our setup guides for more details on how you can use port forwarding specifically with a VPN.
2. Know Your Own Address
It’s vitally important in port forwarding to know your own IP address and what ports you want to open. If you’re changing ports from the default, you need to be able to let your router know. Bad port forwarding rules can easily confuse routers, and they will close open ports rather than allow unauthorized connections. Make sure that the guide you create for your router (or routers) is accurate.
One way to do this is through a dynamic DNS service. This is an online service that lets you link your constantly changing IP address with a static one hosted elsewhere or even a simple URL. That way, it’s easy to connect to any open ports in your router, no matter where you are. This is especially helpful if you have a VPN, which can change your IP address entirely with the click of a button.
3. Login to Your Backend
Most home routers have a way to access the software that runs them. This interface called a “backend” lets you change almost everything about your router, from its name to what devices are allowed to use it. It’s here that you can open and close ports, set port forwarding rules, and even access your NAT firewall.
Once in the backend, you’ll want to find where the port forwarding rules are made. This can change from router to router, so it’s best if you look up the manual for your particular equipment or search on the web for reputable sources that can help you find the right place. In most cases, it’s something simple, like a button that says “Ports” or “Port Forwarding.”
4. Actually Setting up the Rules
After you navigate to the port forwarding section, there are a couple of things you need to do. First, name your rule. It’s usually a good idea to name it whatever the application it’s allowing port access to is, just for clarity.
Second, you can choose whether to use the TCP or UDP protocol. Or you can choose to use both. If you want to know what protocol every application uses to communicate with an open port, you can certainly look that up, but you can also just select “Both” and let the router determine which to use.
For more advanced routers that use DD-WRT, you’ll have the option at this point to specify a particular source address that restricts which devices can use the rule. It’s not a requirement, and we recommend that you don’t bother since it can complicate the process incredibly quickly. If you find you’re getting more into ports and router configuration, you can always go back and change the open settings.
Finally, you need to specify an external port, a local IP address, and an internal port. The external ports are the ones that your router uses to communicate with the rest of the Internet, while the internal ports are the ones it uses to send all the data to the right applications. You can choose any port you want, but remember that some ports have default applications associated with them. If you choose ports that are already assigned in the router settings, then it might prevent those other applications from accessing the open ports.
Choosing Ports
A good way to be safe is to choose ports that are higher than 5,000. Those first 5,000 ports are pretty full, but the other 60,536 are reasonably open and available for use. You can cluster your open ports any way that works for you.
Usually, both port numbers can be the same, since there’s no reason to route the data elsewhere once it accesses the router through open ports. Once you set that, you can save your settings and apply them.
Port forwarding really is that simple and you can set it up on your router today with this handy port forwarding guide.
Get PrivadoVPN Today
Sign up for unlimited VPN data, access to SOCKS5 proxy, and easy-to-use multi-device protection.
Get started with PrivadoVPN now.