Port forwarding

Port forwarding

Port forwarding, sometimes referred to as port mapping, [citeweb|title=Definition of: port forwarding
url=http://www.pcmag.com/encyclopedia_term/0,2542,t=port+forwarding&i=49509,00.asp|publisher="PC Magazine"|accessdate=2008-10-11] is the act of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside via a NAT-enabled router. [citeweb|title=Using ssh Port Forwarding to Print at Remote Locations|author=Rory Krause|url=http://www.linuxjournal.com/article/5462|publisher="Linux Journal"|accessdate=2008-10-11]

Purposes

Port forwarding allows remote computers (e.g. public machines on the Internet) to connect to a specific computer within a private LAN. [citeweb|title=How to set up a home web server|author=Jeff "Crash" Goldin|url=http://www.redhat.com/magazine/022aug06/features/webserver/|publisher="Red Hat"|accessdate=2008-10-11]

For example:
* forwarding port 80 to run an HTTP webserver
* forwarding port 22 to allow Secure Shell access
* forwarding port 21 to allow FTP access

Modern Linux machines achieve this by adding iptables rules to the "nat" table: with target DNAT to the PREROUTING chain, and/or with target SNAT in the POSTROUTING chain.

BSD and Mac OS X machines use a similar tool named ipfw. The ipfw tool is likely already running as a built-in part of the operating system's kernel.

Some common s with port forwarding include:

* The need to forward the packets that come to the router's forwarded port as well as the need to rewrite them so that the machine to which the port is forwarded can reply to the original source address, which in turn leads to the inability of the destination (private) machine to see the actual originator of the forwarded packets, and instead see them as if originating from the router
* Only one networked machine can use a specific forwarded port at one time
* Traditional port forwarding allows the entire world access to the forwarded port, slightly reducing network security

Port forwarding can also be used within a single machine. Port forwarding is necessary for a standalone computer if any of the following conditions are true:
* The computer is using a shared IP address.
* Internet Connection Sharing is enabled.
* A router is being used with NAT enabled.

In a typical home networking setup, internet access is through a DSL or Cable modem. That modem may be connected to a router, which is then connected to the networked computers by Ethernet or WiFi. The router is the device that the Internet sees; it holds the public IP address. The computers behind the router, on the other hand, are invisible to the Internet as they hold a local IP address each. Port forwarding is necessary in the router because computers will send information directed to the public IP address and the router needs to know where to send that information. [citeweb|title=Warp Speed Web Access: Sharing the Bandwidth|url=http://pcworld.about.com/magazine/1901p102id35287.htm|author=Alan Stafford|publisher="PC World"|accessdate=2008-10-11]

Port forwarding is commonly done on Unix computers where port numbers numbered below 1024 can only be accessed by software running as the root user. Running as root can be a security risk, so some people use port forwarding to redirect incoming traffic from a low numbered port to software listening on a higher port. For example, a web server may be listening on a port such as 8080 for traffic redirected from the restricted port 80. A port may be forwarded for use by either the TCP protocol, the UDP protocol, or both.

Double port forwarding

"Double port forwarding" can be done on a network with multiple routers. From the first router, ports from the public IP address are forwarded to another router/gateway's external IP address which in turn forwards them on to a host on the private network.

Reverse port forwarding

"Reverse port forwarding", or "reverse port tunnelling", is done by two components, usually software-based, where one component acts as a session-server - listening on a session-port, while the other component acts as a session-client to the session-server component - connecting to the session-server. After a session is established, the session-server will often listen on (accept connections on) a port that is to be forwarded, and when a connection is made to this port, the connection traffic will be forwarded to the session-client (through the session-connection that was previously initiated by the session-client), usually with a destination of the session-client machine or another machine accessible from the session-client. A common situation where this type of forwarding is used is where a port needs to be accessed that is on a machine located behind a gateway/router or firewall that is not configurable by those wanting to access that port. This functionality is built-in to some implementations of SSH (Secure Shell), and there are also software systems available that are designed more specifically for this type of forwarding.

ee also

* Secure Shell
* Port triggering

References


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Port forwarding — Redirection de port La redirection de port ou port forwarding ou port mapping en anglais, consiste à rediriger des paquets réseaux reçus sur un port donné d un ordinateur ou un équipement réseau vers un autre ordinateur ou équipement réseau sur… …   Wikipédia en Français

  • Port-Forwarding — Eine Portweiterleitung (engl. port forwarding) beschreibt die Möglichkeit, eine über Netzwerk eingehende Verbindung auf einen bestimmten Port zu einem anderen Computer innerhalb eines Netzes weiterzuleiten. Da die entsprechenden Dienste von einem …   Deutsch Wikipedia

  • Port Forwarding — Eine Portweiterleitung (engl. port forwarding) beschreibt die Möglichkeit, eine über Netzwerk eingehende Verbindung auf einen bestimmten Port zu einem anderen Computer innerhalb eines Netzes weiterzuleiten. Da die entsprechenden Dienste von einem …   Deutsch Wikipedia

  • port forwarding — noun The forwarding of a network port from one device to another; especially, such forwarding when done to provide an external user with access to a port on a private IP address …   Wiktionary

  • PC-Port-Forwarding — Company Verigio Communications http://www.verigio.com PC Port Forwarding performs a port forwarding (port translation) of TCP ports on Windows platform allowing transparent redirection of traffic from a range of ports to a specific port. The port …   Wikipedia

  • Port Triggering — ist eine Technik, die das Port Forwarding erweitert. Beim Port Forwarding werden Daten, die auf bestimmten TCP/IP Ports eingehen, auf eine einzelne IP Adresse weitergeleitet. Es ist nicht möglich, einen Port oder Portbereich auf mehrere lokale… …   Deutsch Wikipedia

  • Port triggering — is a configuration option on a NAT enabled router that allows a host machine to dynamically and automatically forward a specific port back to itself. In layman s terms, port triggering opens an incoming port when your computer is using a… …   Wikipedia

  • Forwarding — may refer to:*Call forwarding, a telephony feature that allows calls to one phone number to be forwarded to another number *Cisco Express Forwarding, an advanced layer 3 switching technology used mainly on the enterprise core network or the… …   Wikipedia

  • Port (Protokoll) — Ein Port ist ein Teil einer Adresse, der Datensegmente einem Netzwerkprotokoll zuordnet. Dieses Konzept ist beispielsweise in TCP, UDP und SCTP vorgesehen, um Protokolle auf den höheren Schichten des OSI Modells zu adressieren. Ein Port ist auch… …   Deutsch Wikipedia

  • Port number — In computer networking, a port is an application specific or process specific software construct serving as a communications endpoint in a computer s host operating system. A port is associated with an IP address of the host, as well as the type… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”