Please explain port forwarding..

Discussion in 'Computer Security' started by Leythos, May 19, 2004.

  1. Leythos

    Leythos Guest

    In article <F_Iqc.15$kK3.6@newsfe6-win>, says...
    > I have a NAT router with an SPI and several PCs on a peer network. I have a
    > good understanding of networks but....
    >
    > I have never been able to get what is really happening with port forwarding.
    > Even though I have usefully configured my router to forward ports, I don't
    > *really* know what I am doing.
    >
    > So, If I configure my NAT router to forward port 10,000 to 192.168.0.26 on
    > my network does that mean?....


    Forwarding, means that the port specified that arrives inbound on the
    specified public IP address (in case you have more than one) will be
    forwarded to the specified internal IP address - no filtering, just all
    data on port X will be forwarded to that IP.

    So, assuming that you are using a simple NAT router on a DSL/Cable
    connection with 1 public IP address:

    Forwarding -

    IP Address PORT Enable
    192.168.10.200 80 X
    192.168.10.200 443 X

    In the above example, all inbound traffic on your Public IP address for
    ports 80/443 will be forwarded to the internal IP of 192.168.10.200.

    If you had more than 1 public IP and a router that handles it, you can
    create rules that allow you to specify the public ip, port, internal ip,
    port, and enable/disable.



    --
    --

    (Remove 999 to reply to me)
     
    Leythos, May 19, 2004
    #1
    1. Advertising

  2. Leythos

    Leythos Guest

    In article <3AJqc.19$kK3.9@newsfe6-win>, says...
    >
    > "Leythos" <> wrote in message
    > news:...
    > > In article <F_Iqc.15$kK3.6@newsfe6-win>, says...
    > > > I have a NAT router with an SPI and several PCs on a peer network. I

    > have a
    > > > good understanding of networks but....
    > > >
    > > > I have never been able to get what is really happening with port

    > forwarding.
    > > > Even though I have usefully configured my router to forward ports, I

    > don't
    > > > *really* know what I am doing.
    > > >
    > > > So, If I configure my NAT router to forward port 10,000 to 192.168.0.26

    > on
    > > > my network does that mean?....

    > >
    > > Forwarding, means that the port specified that arrives inbound on the
    > > specified public IP address (in case you have more than one) will be
    > > forwarded to the specified internal IP address - no filtering, just all
    > > data on port X will be forwarded to that IP.
    > >
    > > So, assuming that you are using a simple NAT router on a DSL/Cable
    > > connection with 1 public IP address:
    > >
    > > Forwarding -
    > >
    > > IP Address PORT Enable
    > > 192.168.10.200 80 X
    > > 192.168.10.200 443 X
    > >
    > > In the above example, all inbound traffic on your Public IP address for
    > > ports 80/443 will be forwarded to the internal IP of 192.168.10.200.
    > >
    > > If you had more than 1 public IP and a router that handles it, you can
    > > create rules that allow you to specify the public ip, port, internal ip,
    > > port, and enable/disable.

    >
    > Thanks for your reply.
    >
    > So is port forwarding a security risk?
    >
    > If I understand you correctly, **any** packet arriving at my routers WAN
    > address destined for port 10,000 will be forwarded straight on to
    > 192.168.0.26.
    >
    > So would someone scanning my network see port 10,000 as open or closed?
    >
    > Or if there was a worm going around that tried to get in via port 10,000
    > would it get straight through to 192.168.0.26?
    >
    > ..still confused.. :eek:/


    Any data sent to port 10000 will be forwarded directly to the internal
    address - there is no filtering, nothing, it just goes directly to it.
    it would be considered OPEN to anyone.

    So, if you opened port 1433/1434 (MS SQL PORTS) and forwarded them to
    your MS SQL server, you would be compromised in a short time since there
    are still many traces of the SQL Slammer worm running around.

    If you need port forwarding you need to secure the machine that is the
    destination of the forward - meaning that if you were running a web
    server behind the router, you had better have locked it down (based on
    the Web Server OS vendor suggestions), be running a strong Anti-virus
    package, and have changed all accounts/passwords so that they don't
    match any accounts/passwords on your other machines.

    Port forwarding is not a security threat, it's a normal way of doing
    business - a threat would be the unsecured machine that is the
    destination of the port forwarding. The best rule is that if you don't
    know what you are doing, if you don't know how to secure it, if you are
    unsure in any way, don't forward.

    --
    --

    (Remove 999 to reply to me)
     
    Leythos, May 19, 2004
    #2
    1. Advertising

  3. Leythos

    Paul H Guest

    I have a NAT router with an SPI and several PCs on a peer network. I have a
    good understanding of networks but....

    I have never been able to get what is really happening with port forwarding.
    Even though I have usefully configured my router to forward ports, I don't
    *really* know what I am doing.

    So, If I configure my NAT router to forward port 10,000 to 192.168.0.26 on
    my network does that mean?....

    1. Any request **initiated** from the internet on port 10,000 to my WAN
    address will go straight through the router to 192.168.0.26?

    2. The above is wrong and only data that 192.168.0.26 has specifically
    requested and initiated on port 10,000 will get into my LAN.

    3. If number two is correct then I am more confused, because I thought that
    if an internal machine initiated the request then the router would be aware
    of that fact and let the *reply* come back in through the appropriate port.
    If this were true then there would be no need to forward ports!! Arghh!

    You can see my confusion :O(

    Help!

    thx

    Paul
     
    Paul H, May 19, 2004
    #3
  4. Leythos

    Paul H Guest

    "Leythos" <> wrote in message
    news:...
    > In article <F_Iqc.15$kK3.6@newsfe6-win>, says...
    > > I have a NAT router with an SPI and several PCs on a peer network. I

    have a
    > > good understanding of networks but....
    > >
    > > I have never been able to get what is really happening with port

    forwarding.
    > > Even though I have usefully configured my router to forward ports, I

    don't
    > > *really* know what I am doing.
    > >
    > > So, If I configure my NAT router to forward port 10,000 to 192.168.0.26

    on
    > > my network does that mean?....

    >
    > Forwarding, means that the port specified that arrives inbound on the
    > specified public IP address (in case you have more than one) will be
    > forwarded to the specified internal IP address - no filtering, just all
    > data on port X will be forwarded to that IP.
    >
    > So, assuming that you are using a simple NAT router on a DSL/Cable
    > connection with 1 public IP address:
    >
    > Forwarding -
    >
    > IP Address PORT Enable
    > 192.168.10.200 80 X
    > 192.168.10.200 443 X
    >
    > In the above example, all inbound traffic on your Public IP address for
    > ports 80/443 will be forwarded to the internal IP of 192.168.10.200.
    >
    > If you had more than 1 public IP and a router that handles it, you can
    > create rules that allow you to specify the public ip, port, internal ip,
    > port, and enable/disable.


    Thanks for your reply.

    So is port forwarding a security risk?

    If I understand you correctly, **any** packet arriving at my routers WAN
    address destined for port 10,000 will be forwarded straight on to
    192.168.0.26.

    So would someone scanning my network see port 10,000 as open or closed?

    Or if there was a worm going around that tried to get in via port 10,000
    would it get straight through to 192.168.0.26?

    ...still confused.. :eek:/
     
    Paul H, May 19, 2004
    #4
  5. Leythos

    Leythos Guest

    In article <L4Lqc.26$kK3.9@newsfe6-win>, says...
    > Thanks a million for this, the penny is starting to drop..;O)
    >
    > One more thing..
    >
    > A common reason for a home user to mess with port forwarding is for gaming.
    > Given what I now understand, why should a gamer have to do this? I can
    > understand why exchange or SQL server would need port forwarding but why
    > would a game need this just for multiplayer purposes, especially if he is
    > **not ** running a server just a workstation and wants to join in the online
    > fun?
    >
    > Thanks, last question..(promise)


    Most games do not require PF, they only require it if they are acting as
    a listen/dedicated server. I play a couple games online with up to 32
    players and no PF is needed - unless I run a server.

    For games that require PF to be setup, they are just poorly implemented
    - they should know that people need to sit behind some form of NAT.


    --
    --

    (Remove 999 to reply to me)
     
    Leythos, May 19, 2004
    #5
  6. Leythos

    Jim Watt Guest

    On Wed, 19 May 2004 17:31:25 +0100, "Paul H" <>
    wrote:

    >
    >"Leythos" <> wrote in message
    >news:...
    >> In article <3AJqc.19$kK3.9@newsfe6-win>, says...
    >> >
    >> > "Leythos" <> wrote in message
    >> > news:...
    >> > > In article <F_Iqc.15$kK3.6@newsfe6-win>, says...
    >> > > > I have a NAT router with an SPI and several PCs on a peer network. I
    >> > have a
    >> > > > good understanding of networks but....
    >> > > >
    >> > > > I have never been able to get what is really happening with port
    >> > forwarding.
    >> > > > Even though I have usefully configured my router to forward ports, I
    >> > don't
    >> > > > *really* know what I am doing.
    >> > > >
    >> > > > So, If I configure my NAT router to forward port 10,000 to

    >192.168.0.26
    >> > on
    >> > > > my network does that mean?....
    >> > >
    >> > > Forwarding, means that the port specified that arrives inbound on the
    >> > > specified public IP address (in case you have more than one) will be
    >> > > forwarded to the specified internal IP address - no filtering, just

    >all
    >> > > data on port X will be forwarded to that IP.
    >> > >
    >> > > So, assuming that you are using a simple NAT router on a DSL/Cable
    >> > > connection with 1 public IP address:
    >> > >
    >> > > Forwarding -
    >> > >
    >> > > IP Address PORT Enable
    >> > > 192.168.10.200 80 X
    >> > > 192.168.10.200 443 X
    >> > >
    >> > > In the above example, all inbound traffic on your Public IP address

    >for
    >> > > ports 80/443 will be forwarded to the internal IP of 192.168.10.200.
    >> > >
    >> > > If you had more than 1 public IP and a router that handles it, you can
    >> > > create rules that allow you to specify the public ip, port, internal

    >ip,
    >> > > port, and enable/disable.
    >> >
    >> > Thanks for your reply.
    >> >
    >> > So is port forwarding a security risk?
    >> >
    >> > If I understand you correctly, **any** packet arriving at my routers WAN
    >> > address destined for port 10,000 will be forwarded straight on to
    >> > 192.168.0.26.
    >> >
    >> > So would someone scanning my network see port 10,000 as open or closed?
    >> >
    >> > Or if there was a worm going around that tried to get in via port 10,000
    >> > would it get straight through to 192.168.0.26?
    >> >
    >> > ..still confused.. :eek:/

    >>
    >> Any data sent to port 10000 will be forwarded directly to the internal
    >> address - there is no filtering, nothing, it just goes directly to it.
    >> it would be considered OPEN to anyone.
    >>
    >> So, if you opened port 1433/1434 (MS SQL PORTS) and forwarded them to
    >> your MS SQL server, you would be compromised in a short time since there
    >> are still many traces of the SQL Slammer worm running around.
    >>
    >> If you need port forwarding you need to secure the machine that is the
    >> destination of the forward - meaning that if you were running a web
    >> server behind the router, you had better have locked it down (based on
    >> the Web Server OS vendor suggestions), be running a strong Anti-virus
    >> package, and have changed all accounts/passwords so that they don't
    >> match any accounts/passwords on your other machines.
    >>
    >> Port forwarding is not a security threat, it's a normal way of doing
    >> business - a threat would be the unsecured machine that is the
    >> destination of the port forwarding. The best rule is that if you don't
    >> know what you are doing, if you don't know how to secure it, if you are
    >> unsure in any way, don't forward.
    >>
    >> --
    >> --
    >>
    >> (Remove 999 to reply to me)

    >
    >Thanks a million for this, the penny is starting to drop..;O)
    >
    >One more thing..
    >
    >A common reason for a home user to mess with port forwarding is for gaming.
    >Given what I now understand, why should a gamer have to do this? I can
    >understand why exchange or SQL server would need port forwarding but why
    >would a game need this just for multiplayer purposes, especially if he is
    >**not ** running a server just a workstation and wants to join in the online
    >fun?
    >
    >Thanks, last question..(promise)
    >
    >:O)


    Port mapping allows inward connections through the NAT.

    So if a gamer needs to connect to your machine this allows
    him to do so from outside. There is not restriction on the
    outgoing connections from your network.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, May 19, 2004
    #6
  7. Leythos

    Paul H Guest

    "Leythos" <> wrote in message
    news:...
    > In article <3AJqc.19$kK3.9@newsfe6-win>, says...
    > >
    > > "Leythos" <> wrote in message
    > > news:...
    > > > In article <F_Iqc.15$kK3.6@newsfe6-win>, says...
    > > > > I have a NAT router with an SPI and several PCs on a peer network. I

    > > have a
    > > > > good understanding of networks but....
    > > > >
    > > > > I have never been able to get what is really happening with port

    > > forwarding.
    > > > > Even though I have usefully configured my router to forward ports, I

    > > don't
    > > > > *really* know what I am doing.
    > > > >
    > > > > So, If I configure my NAT router to forward port 10,000 to

    192.168.0.26
    > > on
    > > > > my network does that mean?....
    > > >
    > > > Forwarding, means that the port specified that arrives inbound on the
    > > > specified public IP address (in case you have more than one) will be
    > > > forwarded to the specified internal IP address - no filtering, just

    all
    > > > data on port X will be forwarded to that IP.
    > > >
    > > > So, assuming that you are using a simple NAT router on a DSL/Cable
    > > > connection with 1 public IP address:
    > > >
    > > > Forwarding -
    > > >
    > > > IP Address PORT Enable
    > > > 192.168.10.200 80 X
    > > > 192.168.10.200 443 X
    > > >
    > > > In the above example, all inbound traffic on your Public IP address

    for
    > > > ports 80/443 will be forwarded to the internal IP of 192.168.10.200.
    > > >
    > > > If you had more than 1 public IP and a router that handles it, you can
    > > > create rules that allow you to specify the public ip, port, internal

    ip,
    > > > port, and enable/disable.

    > >
    > > Thanks for your reply.
    > >
    > > So is port forwarding a security risk?
    > >
    > > If I understand you correctly, **any** packet arriving at my routers WAN
    > > address destined for port 10,000 will be forwarded straight on to
    > > 192.168.0.26.
    > >
    > > So would someone scanning my network see port 10,000 as open or closed?
    > >
    > > Or if there was a worm going around that tried to get in via port 10,000
    > > would it get straight through to 192.168.0.26?
    > >
    > > ..still confused.. :eek:/

    >
    > Any data sent to port 10000 will be forwarded directly to the internal
    > address - there is no filtering, nothing, it just goes directly to it.
    > it would be considered OPEN to anyone.
    >
    > So, if you opened port 1433/1434 (MS SQL PORTS) and forwarded them to
    > your MS SQL server, you would be compromised in a short time since there
    > are still many traces of the SQL Slammer worm running around.
    >
    > If you need port forwarding you need to secure the machine that is the
    > destination of the forward - meaning that if you were running a web
    > server behind the router, you had better have locked it down (based on
    > the Web Server OS vendor suggestions), be running a strong Anti-virus
    > package, and have changed all accounts/passwords so that they don't
    > match any accounts/passwords on your other machines.
    >
    > Port forwarding is not a security threat, it's a normal way of doing
    > business - a threat would be the unsecured machine that is the
    > destination of the port forwarding. The best rule is that if you don't
    > know what you are doing, if you don't know how to secure it, if you are
    > unsure in any way, don't forward.
    >
    > --
    > --
    >
    > (Remove 999 to reply to me)


    Thanks a million for this, the penny is starting to drop..;O)

    One more thing..

    A common reason for a home user to mess with port forwarding is for gaming.
    Given what I now understand, why should a gamer have to do this? I can
    understand why exchange or SQL server would need port forwarding but why
    would a game need this just for multiplayer purposes, especially if he is
    **not ** running a server just a workstation and wants to join in the online
    fun?

    Thanks, last question..(promise)

    :O)
     
    Paul H, May 19, 2004
    #7
  8. Leythos

    Bill Unruh Guest

    "Paul H" <> writes:

    ]I have a NAT router with an SPI and several PCs on a peer network. I have a
    ]good understanding of networks but....

    ]I have never been able to get what is really happening with port forwarding.
    ]Even though I have usefully configured my router to forward ports, I don't
    ]*really* know what I am doing.

    ]So, If I configure my NAT router to forward port 10,000 to 192.168.0.26 on
    ]my network does that mean?....

    ]1. Any request **initiated** from the internet on port 10,000 to my WAN
    ]address will go straight through the router to 192.168.0.26?

    Any packet on the internet has a From address, a From port, a To address
    and a To port as part of its header. When the router sees the To address
    of your machine with To port number, it rewrites the packet to have the
    To address of the machine you are forwarding to and the To port of that
    machine you want that packet forwarded to and sends it out over the
    internal part of the lan. . Whan it gets a From address with that From
    port on the internal machine, it rewrites the packet, substituting the
    From address of your machine or router and the From port.


    So. say you are forwarding port 1000 on machine A to port 55 on machine
    B
    So the packet rewriting would look like

    External Lan Internal Lan
    From X:p To A:1000 ------> Router -----> From X:p To B:55

    From A:1000 To X:p <-------Router <------- From B:55 To X:p
    from th

    ]2. The above is wrong and only data that 192.168.0.26 has specifically
    ]requested and initiated on port 10,000 will get into my LAN.

    ]3. If number two is correct then I am more confused, because I thought that
    ]if an internal machine initiated the request then the router would be aware
    ]of that fact and let the *reply* come back in through the appropriate port.
    ]If this were true then there would be no need to forward ports!! Arghh!

    What if you want port 80 (http) on machine A to actually be handled by
    machine B instead. So you would port forward port 80 on A to port 80 on
    B.
    This would come from the outside with no prior communication.

    NAT is for translating stuff intiated internally. Port forwarding is for
    stuff initiated from outside.



    ]You can see my confusion :O(

    ]Help!

    ]thx

    ]Paul
     
    Bill Unruh, May 20, 2004
    #8
  9. Leythos

    Bill Unruh Guest

    "Paul H" <> writes:


    ]Thanks for your reply.

    ]So is port forwarding a security risk?

    ]If I understand you correctly, **any** packet arriving at my routers WAN
    ]address destined for port 10,000 will be forwarded straight on to
    ]192.168.0.26.

    Yes.


    ]So would someone scanning my network see port 10,000 as open or closed?

    Open.

    ]Or if there was a worm going around that tried to get in via port 10,000
    ]would it get straight through to 192.168.0.26?

    Yes.


    It is a security threat is things are not set up properly.

    NAT is not, since stuff coming from outside is only forwarded if it is
    to a port which perviously sent stuff to that external machine from that
    port. Ie, NAT does not respond to external requests. Port forwarding
    does.
     
    Bill Unruh, May 20, 2004
    #9
  10. Leythos

    Bill Unruh Guest

    "Paul H" <> writes:



    ]A common reason for a home user to mess with port forwarding is for gaming.
    ]Given what I now understand, why should a gamer have to do this? I can
    ]understand why exchange or SQL server would need port forwarding but why
    ]would a game need this just for multiplayer purposes, especially if he is
    ]**not ** running a server just a workstation and wants to join in the online
    ]fun?

    Because other gamers may send him packets "out of the blue"-- ie without
    him having previously intiated a particular intereaction with that
    particualar machine.
     
    Bill Unruh, May 20, 2004
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?bXJzLmdyYW50?=

    Someone please explain to me ...

    =?Utf-8?B?bXJzLmdyYW50?=, Nov 24, 2004, in forum: Wireless Networking
    Replies:
    6
    Views:
    666
  2. congoclash
    Replies:
    4
    Views:
    3,187
    congoclash
    May 14, 2005
  3. Replies:
    3
    Views:
    480
    www.networking-forum.com
    Jul 31, 2005
  4. Tim Moor
    Replies:
    7
    Views:
    1,424
    =?Utf-8?B?YnVlbmVya2VtcGVy?=
    Dec 18, 2005
  5. ToyalP2
    Replies:
    7
    Views:
    1,524
    ToyalP2
    Jan 7, 2008
Loading...

Share This Page