Port Forwarding or Port Mapping is an application of network address translation (NAT) that redirects a communication request from one IP Address and Port Number combination to another while the packets are traversing a network gateway, such as a Router or Firewall. This technique is most commonly used to make services on a host residing on a protected internal network available to hosts on the Internet (external network), by remapping the destination IP address and port number of the communication to an internal host’s IP Address and Port Number.
Normally, a network router will examine the header of an IP packet and send it to a linked and appropriate interface, which in turn sends the data to the destination information that’s in the header. But in port forwarding, the router reads the packet’s header, notes the destination, and then rewrites the header information and sends it to another computer, one that’s different from the one intended. That secondary host destination may be a different IP address using the same port, a different port on the same IP address, or a completely different combination of the two.
Why Port Forwarding?
Port forwarding is a applicable way to protect servers, clients and devices from unwanted access from the internet .Port Forwarding hide the Internal network services and servers from the outside world, and limit access to them from the internet. Port forwarding is transparent to the end user and adds an extra layer of security to networks.
Technically, port forwarding is used to keep unwanted traffic off networks. It allows you to use one IP address for all external communications on the Internet while dedicating multiple servers and devices with different IPs and ports to the task internally. Port forwarding is useful for home network users who may want to access their internal network’s devices from the internet, like surveillance system, or running a Web server or gaming server on one network.
Port Forwarding Flow
In the simplified example below, a remote computer (22.214.171.124) sends a request to 126.96.36.199 on port 801 (which is defined and mapped to port 8010 for 192.168.1.1, in the router’s forwarding table), then the Router intercepts the request(packet) and rewrite the header and send it to 192.168.1.1 on port 8010 (instead of 801) , with 192.168.1.254 (the router’s Internal IP Address) as sender’s IP Address.
In the opposite direction, the 192.168.1.1 answer’s (response) the request to 192.168.1.254 (the router’s Internal IP Address) on port 8010 , then the router rewrite the header and send it to 188.8.131.52 on port 801 (instead of 8010) , with 184.108.40.206 (the router’s External IP Address) as sender’s IP Address. Now, the remote computer has never actually touched the internal server’s real IP Address and Port Number and because of the way the packets have been rewritten, 220.127.116.11 sees that it has gotten a response from 18.104.22.168.
sample Router’s Port Forwarding Configuration Page