A Port-Forwarding Primer

Contributing Writer
Updated

Behind the scenes, every time a computer connects with the internet to go to a website, grab a file or display a video, the data travels through a specific port on that computer. Controlled by the network's router, the use of such ports can cause conflicts and give hackers a way to break in. 

Credit: ShutterstockCredit: ShutterstockSimply put, a port is a gateway that brings data in and sends it out in a, hopefully, secure manner that doesn't conflict with other things the system is doing. For instance, two or more webcams might want to use the same port, causing a traffic jam, or an enterprising hacker might recognize that an open port is a vulnerability waiting to be exploited.

The good news is that there's a way to solve both problems: Use port forwarding. It's a networking trick that lets you pick which ports the traffic travels through. Like with phones, you can try an alternate number if you get a busy signal and you can make the call from a different phone number to be anonymous. 

Port Forwarding 101

The unsung heroes of the internet age, ports are used for everything from viewing a webcam to watching YouTube videos to playing online games. Set up by the International Assigned Numbers Authority (IANA), which regulates much of the web's internal rules, the current list has more than 60,000 ports. Some are assigned to specific tasks, like waking up a network connection (Port 9) or using file-transfer protocol (Port 20). Others are left open for future use.
 
If you think of a computer's IP address as akin to a ZIP code on a mailing address, the port is the actual street address of the building where the data will travel. The ports on your computer are typically referred to by listing the IP address followed by the port number. For instance, email using the simple mail transfer protocol (SMTP) uses Port 25. The port address would look something like this: 192.168.1.101:25.
 
The real danger is that a hacker, knowing that a certain port is in use, could use it as a backdoor to slip malware onto a networked device. Or the attacker could go a step further and watch the stream coming off a webcam. Stripped of its complexity, port forwarding (or as some call it, port mapping) switches the data stream's route from one port to another one.

A Storm in Any Port

Before we get started on setting up port forwarding, a word of warning: Your router will almost certainly be able to make the changes required, but many older (as well as some newer) networked devices can't change their port addresses. As a result, the devices are not particularly safe to use.
 
While the general procedure is the same regardless of the equipment used, the details differ based on the actual hardware. I'll show you how to set up port forwarding for a Linksys WRT32X router and a 2GB Western Digital My Book Live networked-storage system (NAS). The key to making it all work is to change the port settings on both the router and the device, so they continue to communicate.
 
Because I have a My Book Live that uses two ports (80 and 443), I need to make two port-forwarding changes. Here's how to do it.
 
Start with the My Book Live NAS:

1. Log in to the NAS system with your password.

2. Open the Settings, and then go to Network.

3. Click on Remote Access.

4. On the Configure page, fill in your choice of new port numbers in the left column, from Port 80 to 8080 and from Port 443 to 33,435.

5. It's very important to write your new port information down.

6. Click Save.

Then, move on to the WRT32X router:

1. Log on to the router's setup screens and enter your password.

2. Open Advanced Settings and then Port Forwarding.

3. Click to add a new port-forwarding rule.

4. From the note you wrote, enter the current port (443) and the new one (33435), along with the forwarding rule's name and the NAS's IP address.

5. Click on the Protocol and select "TCP (transmission control protocol)" and "UDP (user datagram protocol)."

6. Repeat Steps 4 and 5 to change Port 80 to 8080.

7. Save the changes and restart the router.

First Time's a Charm

When I did this, once everything restarted, the port changes worked on the first try. Now, my networked storage is hiding in plain sight. It's available to me at home and when I travel.
 
If you are like most people and use the dynamic host configuration protocol (DHCP) to automatically assign IP addresses to networked devices, you might find yourself repeating the port-forwarding process if the address of the device changes. It's easy to get around this problem by assigning the device a static (nonchanging) IP address. If your router doesn't allow this, try reserving an IP address instead. Chances are that your router supports one or the other technique.

My network is now safe, secure and — hopefully — free of conflicts. It helps me sleep soundly at night.

Credit: Tom's Guide