All about Port Forwarding
- chandragobi
- Jan 23, 2022
- 3 min read
Updated: Feb 10, 2022
Port forwarding, or port mapping, allows remote servers and devices on the internet to access the devices that are within your private local-area network (LAN) and vice versa. Without port forwarding, only devices that are part of the internal network can access each other, and with port forwarding, anyone can.
Whether you’re making a Minecraft game accessible to your friends or hosting a small website, port forwarding is a useful way to access software running on your computer remotely.
Essentially, port forwarding maps an external “port” on your internet-facing IP address to a particular computer on your local private network. This allows you (or someone else) to access something on your computer from the internet.
Port forwarding solves all kinds of problems, but it can also be dangerous. If you fail to secure a remote desktop connection, for example, someone could log into your computer from afar.
How does port forwarding work?
Ports are how computers distinguish between multiple services listening on one computer.
Using ports lets a device run a myriad of different processes and services. Each service has its own port - for example, email servers usually use port 587 while websites use port 80.
In total, there are more than 65,000 different ports, but only about 1,000 are used regularly. The others can be assigned to the devices or applications of your choice, and this process is called port forwarding.
Is port forwarding safe?
Port forwarding inherently gives people outside of your network more access to your computer. Giving access or accessing unsafe ports can be risky, as threat actors and other people with malicious intents can then easily get full control of your device.
Port forwarding requires disabling Network access translation (NAT), the technology that allows multiple devices to share one IP address. NAT also protects your devices from external attacks.
When you selectively disable NAT with port forwarding, you open your chosen device up to direct connections from the wider Internet. If you port forward a remote desktop connection to the Internet, anyone from anywhere in the world can connect to your computer if they know the password or exploit a bug. This can be bad.
Can you get hacked through port forwarding? Yes. If you take security precautions, such as using a firewall or a VPN for the port forwarding process, is it likely? Not really.
More than anything, responsibly using port forwarding requires care and diligence. The following general tips will make sure that you stay safe:
Use strong passwords. If you’re running a remote access connection, your computer is only as secure as the password you set. Hackers try multiple passwords every second on every machine connected directly to the Internet. If possible, eliminate this weakness altogether by using key-based authentication (supported by some protocols like SSH tunnels).
Update your devices quickly. Vulnerabilities are constantly discovered and fixed in operating systems and other software. If you put off updating your computer, there might be a bug that a hacker can use to defeat your security and gain access to your computer.
Don’t expose more than you need. Once you learn how to use port forwarding, you might want to use it with all sorts of devices and services. This is a bad idea. As you expose more surface, the odds of a successful cyberattack against your computer increase
Dangers of port forwarding
Even though using port forwarding with a VPN greatly reduces the risk of getting hacked, you should still be aware of the possible dangers. Let’s look at some more specific hypothetical scenarios where port forwarding can be risky.
1. You port forward access to a video game. For convenience, you don’t set a password, thinking that hackers will never guess your IP address. Your friends can join your game with ease, but so can bad actors.
Just like how hackers test passwords to Internet-accessible services multiple times per second, they also automatically attack open protocols like games on every internet-connected device.
Set a strong password and keep your device updated to prevent this issue.
2. You secure your game with a password, but don’t update the game or device. A security issue is discovered in the game, allowing anyone who exploits the bug to hack your computer.
Apply security updates in a timely manner to avoid this problem.
3. You forward a port to use a torrenting application. Even though you think you’re using an anonymizing solution like a VPN, data is accidentally uploaded through your real IP address. If you’re downloading copyrighted material, you could be in trouble.
Always verify that your software is configured correctly. Don’t assume that your traffic is anonymous just because you use a VPN or Tor.
Comentários