Port forwarding is being used around us; in computers, routers, phones, and tablets. It is a mechanism that forwards, or “maps,” one TCP/IP port onto another. With port forwarding enabled, an incoming data packet might be en route to one application on a computer, but instead is received by another application on the same computer.
If you are looking to learn whether port forwarding is right for you, how to set it up, or whether you should use it in the first place, this is the post for you. Here, we dive deep into the logic of port forwarding to help you understand what it is and how it works, since it can be confusing for some.
Table of contents
- What is Port Forwarding/Mapping
- Why Port Forwarding
- Is Port Forwarding Safe?
- Which Ports to use for Port Forwarding
- How to Enable Port Forwarding
- How to Open TCP/IP Port on Windows
- Why Port Forwarding May Not Work
- Top Port Forwarding Software for Windows
- Closing Words
What is Port Forwarding/Mapping
By definition, port forwarding is an application of Network Address Translation (NAT) – also known as “natting.” It is the redirection mechanism that translates TCP / IP packets from one destination to another.
An IP address defines a device. More precisely, it defines a network adapter – wired or wireless. However, a port on the other hand defines a service or an application. Specific services on a Windows computer automatically open or close ports.
Port forwarding is the forwarding of ports and not the complete IP addresses. For example, a computer with the IP address 192.168.0.2 sends packets designated for 192.168.0.4:8080 (where 8080 is the destination port). However, the router in between decides to forward the port to 192.168.0.4:433. Thus, the packet is redirected to another port of the same computer. This is the concept of port forwarding.
Port forwarding can be used for many reasons.
Why Port Forwarding
If you are already in this post, you may have a good reason to explore port forwarding. But what made you get here? Of course, the mere thought of why port forwarding might be your best option at the moment.
A similar phenomenon is already in place when you begin using a consumer router in your home, known as network address translation. Natting is when the router forwards traffic from your public IP address (something like 301.108.229.31) onto your private IP address range (something like 192.168.100.3 or 10.0.0.3), and vice versa.
You may thus need port forwarding for a similar scenario.
Port forwarding is used in every home to translate many private IP addresses onto a single public IP address. If it weren’t for natting, each individual device would need its own public IP address so that everything was discoverable on the internet.
To a similar effect, you can use port forwarding within your local network to assign one IP address to multiple devices, then differentiate between them using only the ports. For example, you can assign that all incoming traffic from port 1212 should be forwarded to 192.168.10.18:1212, and so on.
Port forwarding, if used correctly, can also be used to speed up your internet. This is because when a packet is transmitted with the destination information within the packet header, it still needs to perform searches on the internet, go through many gateways, and search for the correct path. However, when port forwarding is enabled on the routers it is going through, the path will already be predefined, saving the packet seconds, resulting in a faster internet response.
Games mostly use this technique to get quick access to the game servers, ensuring their connection is quicker and more reliable.
Another purpose of using port mapping is when developers need to direct certain data onto their local servers. For example, when testing an Android application on a phone and making it communicate with a local server on the same network.
These aren’t the only uses for port forwarding.
IT officers often use this to connect to their computers at work from the comfort of their homes. More precisely, to access computers/devices behind a secure firewall.
In this case, port forwarding is used to instruct a router that when a certain port number has incoming traffic from the Wide Area Network (WAN), forward the traffic onto the Local Area Network (LAN) with a specific port number. This is how users can access their computers behind firewalls and routers from the internet.
That said, since port forwarding opens ports on a router directly connected to the internet, it also has its downside.
Is Port Forwarding Safe?
Technically, port forwarding is not safe since you are allowing it to listen to the traffic on the internet. In fact, it is one of the methods attackers use to hack into networks. If not secured properly using other methods, enabling port forwarding on a router with no security protocols in place is like leaving the front door open for everyone to access.
That said, there are methods that can be implemented – such as using Virtual Private Networks (VPNs) – to access these open ports and encrypt your connection. Or, if you are using Windows 11/10, it has a built-in Windows Security antivirus to block unwanted threats, even when port forwarding is enabled.
That said, some devices for port forwarding are considered (almost) safe:
- Xbox/PlayStation/Gaming consoles: Safe since it does not have any sensitive information
- Security cameras: Not entirely safe. Hackers can potentially access these devices because of open ports.
- IoT devices: Considered safe as they usually do not have sensitive information. However, hackers can potentially gain access and control the devices remotely because of vulnerable ports.
This information ought to be sufficient to understand why you need port forwarding and whether it is right for you. However, before we show you how to enable port forwarding on a router, let us discuss which ports can and cannot be used.
Which Ports to use for Port Forwarding
The Internet Assigned Number Authority (IANA), a government body, is responsible for standardizing certain ports for certain services. This means that out of a 16-bit code for a port (which makes 65535 ports in total) some of the port numbers are reserved for certain services, and thus cannot be used for other purposes by any vendor/manufacturer out there. However, many other vacant ports can still be used.
Port numbers 0 to 1023 are well-known ports and are reserved for certain services by IANA, as already mentioned. Ports 1024 to 49151 are considered as “Registered Ports,” which means that these can be registered with IANA, but user-written programs should not use these ports.
Ports 49152 to 65535 are the private or “free-use” ports. This means that these can be used by individuals as they please for local work. In other words, this is the port range which we suggest you ought to use while configuring port forwarding.
Below is a list of the commonly used port numbers and their purposes:
|20 & 21||FTP|
Let us now show you how to enable port forwarding on a router.
How to Enable Port Forwarding
The steps below show how to access the router’s portal and enable port forwarding. But before you do, make sure that it supports NAT since it is required to enable port forwarding. If your router does not support NAT, then you cannot configure port forwarding.
Note: Make sure that your computer has a static IP address configured so it does not change in the future. Only then will port forwarding be successful.
Open up any browser on your computer and type in the IP address of your router in the address bar.
If you do not know its IP address, it can usually be found on the backside of the router (unless changed explicitly).
Next, provide the credentials to log into the portal and sign in. By default, these can also be found on the backside of the router (if not changed).
Once logged in, look for the “NAT” page. Some routers may have a “Port forwarding” page.
Here, click Add to make a new entry to the port forwarding table.
On the next page, enter the details for your port forwarding configuration.
This usually includes the following information:
- Incoming interface.
- predefined or a custom service.
- * Machine IP address (Your local IP address).
- Protocol for use (TCP or UDP)
- External port start and end.
- Internal port start and end.
Once the configuration is done, click Apply/Save to implement the changes.
Note that not all routers provide predefined services. Such services make it easier for the configuration since the ports are already defined.
Performing the given steps above will enable port forwarding on the selected port. You can also make changes to the configuration in the future in case you want to add, remove, or edit the port forwarding rules or numbers.
Your task may not have been completed yet. Once port forwarding is enabled, you must also ensure that the device it has been forwarded to has that particular port enabled (the port is listening).
How to Open TCP/IP Port on Windows
Perform the following steps to open a closed port on a Windows computer:
Note: You can check for listening ports before proceeding with the steps below to make sure that the port is, in fact, closed.
Open Windows Firewall by typing in firewall.cpl in the Run Command box.
Click Advanced settings on the left.
Click Inbound Rules in the left pane, and then click New rule in the right pane.
the New Inbound Rule wizard will now open. Select Port and click Next.
Now select the protocol type, enter the port details, and click Next.
On the next screen, select Allow the connection and click Next.
On the Profile screen, select all network profiles and click Next.
On the final screen, enter a custom name for the rule and click Finish.
That’s it! The computer will now be listening to the specified port and port forwarding should now be fully functional.
If you want to close a listening port in the future, refer to this guide.
If you find that port forwarding still isn’t working, the section below highlights some effective methods to troubleshoot the problem.
Why Port Forwarding May Not Work
There can be several reasons why the port forwarding configuration is a bust:
- The incoming port selected is the wrong one. In which case, you must select the correct one.
- Ensure that your server is accessible from the internal network.
- Ensure that the server has a static IP configured and does not change.
- The software (Anticirus or Firewall) is blocking the port and has not been enabled successfully.
- Your network has a hidden NAT, in which case you need to make sure that your public IP address is the same one provided by your Internet Service Provider (ISP).
- The ports are already in use by another service.
- The default gateway of the destination device is different than the one router doing the port forwarding.
Using the given reasons above, you can troubleshoot the issue for port forwarding and correct it.
If these still do not work, you can try out the alternative for port forwarding, which is basically software to manage our port forwarding rules.
Top Port Forwarding Software for Windows
The following software works well with most modern routers that allow you to manage port forwarding rules on your router. These automatically configure the rules within the router and are not standalone port forwarding software.
Furthermore, to use these, you must also know the router credentials so the software can communicate with it after authentication.
Simple Port Forwarding
Simple Port Forwarding is a free software you can use to manage your port forwarding rules on the router. It has a pre-inserted list of routers you can choose from, enter its details, and then authenticate with it. Furthermore, this software receives updates for its databases and other security risks.
To add a new port forwarding rule, click File and then click Add Port. Then, enter the details and click Add. The rule will then be applied to the router automatically.
UPnP PortMapper is also a free software that allows you to manage port forwarding on your router. However, since it offers a JAR file, you need Java 11 or higher to run the software.
UPnP PortMapper removes the hassle of traditional forwarding techniques and makes the process much more convenient. It can be used to view, add, remove and edit existing port forwarding rules on your router. However, UPnP needs to be enabled on your router to connect to it.
Furthermore, the tool automatically detects any routers and retrieves the IP address, minimizing the manual work.
AnalogX PortMapper is also free to use, and is a minimal software that keeps running in the background. It supports both TCP and UDP connections, like all software discussed above. Similarly, you can forward ports by providing the correct information, edit existing rules, and even remove them.
Furthermore, if you are using an FTP server, AnalogX PortMapper also allows you to block access to it from specific IP addresses.
We personally find that accessing the router’s portal and then managing the port forwarding rules from their is much more convenient, rather than using third-party software. However, everyone has their own likes and dislikes.
We certainly hope that this post cleared up any confusion regarding port forwarding and enabled you to set it up yourself.
Are there any prerequisites for port forwarding?
The only prerequisite to enable port forwarding is that the router should support it. However, in order for port forwarding to work successfully, you must also ensure that the selected port is listening (open) on the destination device.
Is port forwarding the same as NAT?
Port forwarding is an application of NAT. For NAT, the focus is to translate the public IP address to private, and vice versa. Although port forwarding is somewhat similar, it functions on a port level. For example, the IP may or may not be changed, but only the port number is changed.
Which port to use for port forwarding?
You can use any port for port forwarding, which isn’t well-known. To be safe, you can use ports from 49152 to 65535.