API Performance Optimization REST vs. GraphQL vs. gRPC
What is Port Forwarding: Is it Important?
In short, port forwarding is a networking technique that allows external devices to access services on a private network. But what does that really mean?
Think of it as setting up a specific doorway into your home network, so certain types of internet traffic — like online gaming, video conferencing, or remote desktop access — can reach the right device (like a computer or server) behind your router. By configuring your router to “forward” a specific port to a device’s IP address, you’re essentially telling it where to send incoming data for that particular service.
But what exactly are you doing when you configure your router? Why is port forwarding necessary? What else can it be used for?
We’ll cover all that below, but first, let’s look at how a router works and what these ports are.
Learn something new for free
How does a router work?
A router connects the devices in a network by forwarding data packets between them. This allows devices to communicate with each other and the internet. The router tracks all the devices on the network by assigning a local IP address to each one. In the early days of the internet, a modem sufficed for single-device connections, but with the prevalence of multiple connected devices, routers became essential.
When you browse the internet, router forwards your request to the modem. When the response comes back, the router routes it back to the right device using its assigned IP address. This forwarding is necessary because only by the router knows the local IP addresses assigned to each device in the network. Any data traveling to your device never gets there directly. It must be forwarded.
What are ports?
Local IP addresses are assigned to each device connected to a router. These IP addresses are only known by the router, unlike public IP addresses that are used by DNS servers to connect you to the right server or the one that your router uses to connect to the internet.
But there is another number that works with the IP address that allows you to connect to the website: the port number.
What is a port number?
Just like a street address tells mail where to go, a port number helps direct internet traffic to the right software on a computer. For example, when you browse an insecure site, one that begins with http, you are connecting to port 80 on the server. When you visit a secure site, one that starts with https, you are connecting to port 443.
Here are the default port numbers of some common applications:
- 22. for Secure Shell (SSH).
- 80. for HyperText Transfer Protocol (HTTP).
- 110. for Post Office Protocol (POP3).
- 443. for HTTP with Secure Sockets Layer (SSL).
- 3306. for MySQL database.
- 5432. for PostgreSQL.
When you connect to any one of these services, you have to know the port number. There could be dozens of services running on the same machine or at the same IP address, and without the port, the device doesn’t know where you want the data you are sending it to go.
What is port mapping?
Similar to how an IP address maps all the devices on a network so they can receive data meant for them, ports map all the services and applications on a computer so that data reaches the intended service. For data to be transferred across a network, both an IP address and a port are necessary.
When data arrives at your router on a specific port, port mapping tells the router which device and internal port to send it to. This is especially useful when you have multiple devices behind one public IP address and need to access a specific one remotely—like directing remote desktop requests to your home PC or hosting a game server.
Essentially, port mapping acts like a traffic director, ensuring data reaches the correct destination inside your network.
How do you set up port forwarding?
Setting up port forwarding is easier than it sounds. As an example, let’s pretend you’re setting up a server to host your website at home and you have to add port forwarding rules to your router. You do this by finding the IP address of the computer running your website and setting a rule to forward all traffic on port 80 to that IP address. You can also specify the port you forward the data to. For example, if you run the website on port 8080, you can forward it to that port.
Some applications only require one port to be forwarded, like the website example. Other applications use a whole range of ports for the many services they run, and you have to forward this range in the router to the device.
Many consumer applications have a feature called UPnP, or Universal Plug and Play, which will automatically set up these rules in your router. For other applications, you will have to log in to the admin screen of your router and enter the port forwarding rules manually.
To set-up port forwarding rules manually, first, log in to your router’s admin panel—usually by typing its IP address into a web browser. Once you’re in, look for a section called “Port Forwarding” or “Virtual Server.” Here is where you’ll need to enter the internal IP address of the device you want to forward ports to, along with the specific port number and protocol (TCP, UDP, or both) required by the service or app.
Why is port forwarding important?
Your router is designed to let you connect to any service on the internet. It routes your data to the internet with the IP address. The port then allows the router on the other end of the connection to handle the details of connecting to the right server and service. When you get a response, the router knows you made the request and routes it back to you.
But what if you wanted to host a website on your home computer? People from outside your network would have to connect to your device on port 80 using an IP address only known to the router. You can set up a DNS server to point to your public IP address, but that only gets as far as your router. And your routerl has no clue what is going on. In fact, many are designed to block connections on certain ports with a firewall by default for security.
Port forwarding with TCP compared to UDP
There are also two types of ports that you can forward:
- Transfer Control Protocol, or TCP.
- User Datagram Protocol, or UDP.
Both of these protocols run on top of the Internet Protocol. The choice between TCP and UDP for port forwarding depends on the specific requirements of the service or application being used. When you are forwarding a port number, it’s also important to specify the type of port you are forwarding.
TCP is the most common protocol on the internet. It’s the one we use to browse websites, and it guarantees the delivery of data. Every packet of data sent to a recipient is acknowledged by the recipient so the data can be put back together reliably.
UDP doesn’t care about acknowledgements. It just sends the data out and doesn’t worry about any missing data. This allows the data to stream to the device faster because it doesn’t have to go through all the back-and-forth communication that TCP does. And streaming is one of the main things UDP is used for, both for videos and video games.
What are the risks of port forwarding?
It’s important to note that while port forwarding can be incredibly useful, it also comes with security risks. Opening ports to the internet creates potential entry points for hackers, especially if the forwarded service has weak passwords or outdated software. Once exposed, these services can be targeted for unauthorized access, data theft, or malware attacks.
Poorly configured port forwarding can also accidentally expose sensitive devices like security cameras or file servers. To minimize risk, only open ports when absolutely necessary. Use strong authentication, keep your software updated, and consider enabling firewall rules or using a VPN for added protection.
What else is port forwarding used for?
Port forwarding is necessary whenever a device outside a network must connect to a service or application running on a device in the network. Its application extends to various scenarios, like facilitating remote desktop access to your home desktop from a different location, directing traffic to your server within the network when running a public website, and hosting a VPN to enable remote internet browsing using your home network’s IP address. In these instances, port forwarding is the mechanism that ensures seamless and secure communication between devices across diverse network environments.
Learn more about port forwarding
All services you connect to on the internet not only have an IP address but also a port number. Both are necessary to make sure data gets to where it is going. Port forwarding allows communication to get to the right device and application on a private network by mapping a router’s public IP to ports on devices running in the network.
If you want to host your own web application at your house, you’ll need to know how to forward a port. And if you want to learn how to build that application, check out our Full-Stack Engineer career path. It will teach you both back-end and front-end development skills you’ll need.
This blog was originally published in February 2024 and has been updated to include new resources.
