Port forwarding

A port forwarding (English port forwarding ) is the conveyance of a compound which undergoes via a computer network on a specific port to another computer. Since the corresponding network service is not provided by the forwarding computer itself, you also misleading used here the term Virtual Server.

The incoming data packets is masked by Destination NAT and the outgoing packets by source NAT to forward it to the other computer, or to give the impression that the outgoing packets came from the computer that operates the port forwarding.

Port forwarding is often used to run FTP, Web server or other server - based applications behind a NAT gateway.

Port Forwarding through router

A router which is connected for example with a private local area network and the Internet, while waiting on a particular port on the data packets. When packets arrive at this port, it is forwarded to a specific computer, and optionally a different port on the internal network. All data packets from this computer and port are, if they belong to an incoming connection, Network Address Translation (NAT) so changed that it seems in the external network, the router would send the packets.

Through port forwarding it is all computers in a LAN - which are not directly accessible from an external network - thus possible, even outside of this network, especially to act on the internet as a server, as these thus for a specified port (and using NAT) unambiguously addressed be made.

For all computers on the external network, it looks as if the router offers the Server service. That is not the case, can be the basis of header rows or package runtime analyzes to identify.

Example: A larger company has a local network on multiple servers to outside ( Internet) via ADSL router with an IP address (eg 205.0.0.1 ) occur. Now want a service ( such as HTTP / TCP port 80) to use on a company's server, a client from the external network (Internet). However, it can only appeal to the ADSL router of the company for the service (HTTP / TCP port 80 ) to the known him IP address ( 205.0.0.1 ). The ADSL router of the company forwards the request to the service (HTTP / TCP port 80) to the appropriate server in the local network further.

A port forwarding is therefore needed when a Port Address Translation (PAT ) is possible because the first request from the outside ( eg the Internet) comes and multiple servers are accessible only with an IP address from the outside.

Port forwarding for improving the safety

Another application example of port forwarding is to secure a channel for the transmission of confidential data. This Port A to Port B is on computer 2 to computer 1 linked by a sustained in the background connection between two other ports of the two computers. This is also referred to as tunneling.

For example, an insecure POP3 connection (login and password are usually transmitted in plain text) are covered by the transport in an SSH channel: The port 113 on the POP server via SSH to port 113 on the local machine of the user forwarded. The local e- mail program is now communicating with the local port ( localhost: 113 ) instead of the port of the server ( pop.example.org: 113). The SSH channel transports it to encrypt the data on the parallel existing SSH connection between the two addresses. The tapping of the password by a third party listening in is almost impossible thereby. Prerequisite for an SSH tunnel is an at least limited SSH access on the server ( pop.example.org ) what home users is generally not permitted.

Port Triggering

When port triggering both the ports are set over which the data of the program are sent to the outside, and also enter into the ports via which the answers again. Port Triggering is expanding the technique of simple port forwarding. If a computer via an application whose ports have been defined in the Port Triggering, sends data to the Internet, the router stores the IP address of this computer and forwards the incoming reply packets corresponding to this IP address on ( back ). The forwarding is done in this case in each case the IP address from which said request was received, without that the latter is deposited in the configuration. However, it is also not possible with this technique to route incoming connections to a port at the same time to a plurality of computers.

If port forwarding the port is always open, even if the service is not used. In contrast, Port Triggering allows incoming traffic only after a computer from the local network has sent a corresponding request towards the internet, and automatically closes the port after a specified period of inactivity. This results in two advantages:

• Increased safety: the incoming ports are not open all the time.
• The forwarding does not need to be configured: It is no longer necessary to specify fixed internal IP addresses for the forwarding of the ports because this IP address can be determined by the outgoing traffic on the trigger port.

When port triggering is set to a port on the VoIP operated, it is possible that the VoIP service is available only if previously an outgoing call was made. Once the port is closed (see above ), it is again not possible to receive incoming calls. Therefore, some VoIP terminals assist in maintaining the forwarding by sending pseudo - data packets.