• FAQs
• Articles
• Tutorials
• Web Tools
• Reference
• Blog
• Proxy
• Software
• Cell Phones

• Network Security FAQs
• What is a firewall?
• How does firewall protection work?
• Where can I download a free firewall?
• What is a personal firewall?
• Where can I download a free personal firewall?
• What is a mobile firewall?
• How do I configure wireless security?
• What is a DMZ?
• What is an Intrusion Detection System (IDS)?
• What is a packet sniffer?
• How do I monitor Wireless Traffic?
• What is a port scanner?
• What is port forwarding?
• What is a VPN (Virtual Private Network)?
• What is a IPsec?
• What is a ISAKMP?
• What is a IKE?
• What is TLS (Transport Layer Security)?
• What is a TCP sequence prediction attack?
• What is packet fragmentation?
• What are possible defenses against a botnet attack?
• What is a honeypot?
• What is a Denial of Service (DoS) attack?
• What is IP address spoofing?
• What is cyber-warfare?
• What is identity management?
• What is federated identity management?
• What is single sign-on?
• What is role based access control?
• What is AAA?
• What is authentication?
• What is authorization?
• What is accounting?
• What is RADIUS?
• What is SAML?
• What is Kerberos?
• What is LDAP?
• What security issues does LDAP have?
• What is two factor authentication?
• What are biometrics?
• What is a honey monkey?
• What are the rainbow books?
• How do I disable the XP firewall?
• What are the main online security threats?
• How do I disable the Netgear Router firewall?
• What is Cisco VPN error 412?
• What is Peer Guardian?
• What is a RADIUS Server?
• What is Access Control?
• Main Menu
• » Networking
• » Physical Layer
• » Data Link Layer
• » Network Layer
• » Network Security
• » Wireless Networks
• » VoIP
• » Telephony
• » Mobile Telephony
• » Electronics
• » Radio
• » Television
• » Cryptology
• » Passwords
• » Smart Cards
• » Privacy
• » Malware
• » Vulnerabilities
• » Unix
• » Macintosh
• » Microsoft Windows
• » The Web
• » Web Publishing
• » E-mail
• » Instant Messaging
• » Databases
• » Computer Hardware
• » CPU's
• » Memory
• » Storage
• » Video
• » Audio
• » Multimedia
• » Satellite
• » Java
• » IT Management
• » Science
• » Miscellaneous

What is Port Forwarding?

Port forwarding, also known as tunneling, is basically forwarding a network port from one node to the other. This forwarding technique allows an outside user to access a certain port (in a LAN) through a NAT (network address translation) enabled router.

Advantages of Port Forwarding

Port forwarding basically allows an outside computer to connect to a computer in a private local area network. Some commonly done port forwarding includes forwarding port 21 for FTP access, and forwarding port 80 for web servers. To achieve such results, operating systems like the Mac OS X and the BSD (Berkeley Software Distribution) will use the pre-installed in the kernel, ipfirewall (ipfw), to conduct port forwarding. Linux on the other hand would add iptables to do port forwarding.

Downsides of Port Forwarding

There are a few downsides or precautions to take with port forwarding.

• Only one port can be used at a time by one machine.
• Port forwarding also allows any machine in the world to connect to the forwarded port at will, and thus making the network slightly insecure.
• The port forwarding technology itself is built in a way so that the destination machine will see the incoming packets as coming from the router rather than the original machine sending out the packets.

Common Applications of Port Forwarding

Port forwarding is widely used, especially in offices, schools, and homes with many computers connected to the Internet. This is basically when computers are doing port forwarding within itself. If a computer is using a shared IP address it must do port forwarding within itself. If the internet connection is being shared among many computers, all these computers must do port forwarding in its own system. Also, if a router has NAT enabled, the computers connected to it must also do port forwarding within itself.

For example, in a household with a local area network setup, there basically will be a DSL or a cable modem connected to a router. This router is then connected the computers either by Ethernet or through a wireless, Wi-Fi. As explained, in this port forwarding situation, the router is like the ambassador of all the computers connected to it in the eyes of the Internet. Basically, to the Internet, the computers are invisible behind the router. Obviously, port forwarding is necessary as then the computers will send in requests to the router, who will then present those requests to the Internet. Without port forwarding, the Internet would not be shared among multiple computers.

Port forwarding is also commonly done with Unix systems, as ports below 1024 can only be accessed by the root administrator. As running as a root user can be risky, people will often redirect the incomings of a low number to a higher port number. An example of this is when server administrators redirect the traffic from port 80 (a restricted port) to a safer port, 080. This is done through either or both the TCP protocol and the UDP protocol.

Double Port Forwarding and Reverse Port Forwarding

There are many variations to port forwarding too. One of them is the double port forwarding. As its name suggest, double port forwarding is networking computers using multiple routers. So, one router's ports would be forwarded to another router or a gateway (with an external IP address) which would then again forward to a host on a local area network.

There is also reverse port forwarding, also known as a reverse port tunneling. This is basically composed of usually a session server and a session client. The session server connects with the session port and the session client connects with the session server component, thus a session server. For example, when a connection is established, the session server will tune into a port is to be forwarded. When a connection is done, this connection would be directly forwarded to the session client, with a destination accessible to that session client. This is usually done when an access needs to be made to a port behind a router or a firewall, but that router or that firewall is not allowing such access. In this case, reverse port forwarding would be necessary.

Free White Papers on Networking

Vulnerability Management for Dummies

Our friends at Qualys are offering free copies of the electronic version of Vulnerability Management for Dummies to Tech-FAQ readers. Vulnerability Management for Dummies: Explains the critical need for vulnerability management Details the essential best-practice steps of a successful vulnerability management program Outlines the various vulnerability management solutions - including the advantages and disadvantages of each Highlights the award-winning QualysGuard vulnerability management solution Provides a ten point checklist for removing vulnerabilities from your key resources

Latest Blog Posts

• Windows 7 Forum

• Boston College: Ability to Use a Command Line is a Sign of Criminal Activity

• Google Hacked?

• Recycle your old phone – Make some money, and save the environment too!

• SourceForge vs. Freshmeat

• Fastest Web Browser: Google Chrome

• New Webmaster Forum

• Ubuntu Security Tools

• Terrorists Go Hi-Tech

• How to Dry a Cell Phone That's Come in Contact with Water