Port forwarding

   

Port forwarding is the act of forwarding a network port from one machine to another. It is a technique used to let a port on a private IP address (inside a LAN) be reached from the outside via a NAT-enabled router.

This allows remote computers (e.g. public machines on the Internet) to connect to a specific computer within a private LAN, depending on the port used to connect.

For example:

  • forwarding port 8000 on the router to a user's machine allows Shoutcast streaming
  • forwarding ports 6881 through 6889 to a user's machine allows the use of BitTorrent

On modern Linux machines, this is achieved by adding iptables rules to the nat table: with target DNAT to the PREROUTING chain, and/or with target SNAT in the POSTROUTING chain.

Some common caveats with port forwarding include:

  • the need to forward the packets that come to the router's forwarded port as well as the need to rewrite them so that the machine to which the port is forwarded to can reply to the original source address, which in turn leads to
  • the inability of the destination (private) machine to see the actual originator of the forwarded packets, and instead see it as if the router was the source of the traffic

See also

External links


Retrieved from "http://www.mywiseowl.com/articles/Port_forwarding"

This page has been accessed 85 times. This page was last modified 02:48, 13 Nov 2004. All text is available under the terms of the GNU Free Documentation License (see Copyrights for details).