What is Port Forwarding and how does it work?
Port Forwarding is a very popular solution to gain access to your network from outside. If you have static public IP Address, you can forward ports on your Router to gain access to your computer/server/page/whatever from any place in the internet.
The question is: how can it be done?
Whole thing is being done on your router. It can also work if you have dynamic IP Address, but it will not work, if you are behind NAT (Network Address Translation), but I will tell you about NAT in another post.
Just to clarify – if you are behind NAT, port forwarding will not work for you. It’s very, very likely, that you are behind NAT.
OK, but let’s stick to the main topic – port forwarding on the router and all kinds of internal networks (including VPN).
In Computer Networking, Port Forwarding is a procedure of request redirecting from one address and port number combination to another. Data packets are being traversed a network gateway. This gateway is a router (in network) or firewall (in server), or both.
Port forwarding makes it easier to share more services on one IP Address. Also it is much more secure as all attacks (for example DDoS – Distributed Denial of Service) are being targeted to the Public IP Address, so theoretically your servers are secure – you will notify outage of your router or server with firewall, but your server will not be affected. The only thing you need to remember is to open and redirect ports that are in use!
Imagine: your computer has WWW Server running on XAMPP or Apache and you have static public IP Address.
You configured your router to redirect all incoming traffic to your computer. Also, because you are lazy, you opened all ports in your Operating Systems for public.
One day your computer is working slowly or immediately shuts down.
You forwared all ports (1-65535) to your computer and someone made a DDoS Attack. Because you opened all ports everywhere, attacker sent you a lots of packets and your computer was unable to handle it and system crashed.
Your computer has WWW Server with SSL Certificate installed, so incoming connections will be encrypted.
In your router you forwarded ports 80 (HTTP) and 443 (HTTPS) – all other are closed. On your computer the configuration is the same.
One day you notice, that your Internet is working very, very slow and your router is shutting down/restarting, but your computer is working fine. What happened?
Another DDoS. But thanks to correctly set up firewall, your computer is safe.