Difference between port forwarding and opening a port

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Difference between port forwarding and opening a port

quebec

757 posts

Ultimate Geek

#136191 18-Nov-2013 14:19

What is the difference between forwarding a port and opening a port? Simple explanation would be much appreciated.

freitasm

BDFL - Memuneh
74189 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#936636 18-Nov-2013 14:20

They are the same thing.

freitasm on Keybase | My technology disclosure

Affiliate link: Norton 360 antivirus provides enhanced security for your connected devices, a secure VPN for online privacy, Password Manager, Firewall, SafeCam, PC Cloud Backup, Dark Web Monitoring, Parental Control, and more. An all-in-one cybersecurity solution backed by 100% Virus Protection Promise and 60 Day Money Back Guarantee.

quebec

757 posts

Ultimate Geek

#936639 18-Nov-2013 14:23

freitasm: They are the same thing.

So why do we sometimes open port in Windows Firewall and forward in router interface? I am just trying to understand what exactly happens when port forwarding is done at router level and when a port is opened in Windows firewall and how are they same of different?

Inphinity

2704 posts

Uber Geek

Subscriber

#936641 18-Nov-2013 14:24

It depends. Often, they are the same for all intents and purposes. "Opening a port" would technically be the process of allowing traffic to pass on that port, while "port forwarding" is forwarding traffic that is received by one device on a given port, to a different device.

Port forwarding is typically used to, for example, forward incoming traffic on port 80 (HTTP), from your firewall/router to your web server.

Opening a port could be used to describe the same process, or it could refer to simply allowing that port to be accessed on the local device (i.e. open the port on your web server) without the "forwarding it on to another device" component.

But, yes, especially when talking about a SOHO setup, many people will use the terms interchangeably.

If a port is "closed" in regards to a firewall, then traffic on that port is not allowed. So a firewall on a web server, with port 80 closed, would mean web traffic isn't allowed. Open port 80, and web traffic is allowed. There is no forwarding involved here.

But when the web server is behind an external firewall or router, that router has to forward the traffic coming on port 80, on to the web server, which must have the port open to allow it.

You could kind of think of it like, a port forward is a signpost showing you which path to take, and an open port is like opening the door to let you walk inside.

RunningMan

7074 posts

Uber Geek

#936644 18-Nov-2013 14:26

Port forward would normally happen through a NAT router where a specific port on the WAN interface is forwarded to an IP address on the internal LAN, whereas opening a port would happen on a firewall where connections are normally blocked, just to let traffic through.

freitasm

BDFL - Memuneh
74189 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#936649 18-Nov-2013 14:29

stitch:
freitasm: They are the same thing.

So why do we sometimes open port in Windows Firewall and forward in router interface? I am just trying to understand what exactly happens when port forwarding is done at router level and when a port is opened in Windows firewall and how are they same of different?

Hmmm. Ok, you didn't specify "open a port in firewall" and "forward a port in router". I gave a generic answer based on a the limited question posed.

So here is the long one, now that we have all information: a firewall will prevent communication passing through it, while allowing other. By default firewalls will block communications. "Opening a port" in this context" means allowing connections to happen.

Consumer routers are usually configured in a way that it will relay communications from many devices to the Internet and it does so in a way that allows it to return the response to a request that was sent out to pass to the original device. But unsolicited incoming requests need to be directed to a point inside your network. By default routers won't let unsolicited incoming requests to get into the network, basically because it wouldn't know where to send it to. In this context forwarding a port means configuring the router to pass incoming requests to a device that can handle those.

Another way of doing it is by placing a device in the DMZ. A device in the DMZ will by default receive all unsolicited incoming request (obviously if a firewall is running on that device then you should also configure it to allow the connection to be established).

freitasm on Keybase | My technology disclosure

quebec

757 posts

Ultimate Geek

#936662 18-Nov-2013 14:37

Thanks everyone for the explanations. I was trying to set up FTP server at home just for some testing and it wouldn't work for external access. My router has a static ip from ISP so I thought it would work without any other changes or additions. Finally it worked by opening/forwarding port 21 etc and adding the FileZilla server to Windows Firewall. Now, the reason I asked this question is because I want to know what minimum port opening/forwarding is required for ftp server to be accessed from outside of my Home network as I might have done a bit extra than what was required.

If someone can put the steps in few points that would be great.

quebec

757 posts

Ultimate Geek

#936663 18-Nov-2013 14:39

Oh, and I also had to forward port 21 to my Computer(FileZilla Server) from my router settings.

Inphinity

2704 posts

Uber Geek

Subscriber

#936671 18-Nov-2013 14:51

stitch: Thanks everyone for the explanations. I was trying to set up FTP server at home just for some testing and it wouldn't work for external access. My router has a static ip from ISP so I thought it would work without any other changes or additions. Finally it worked by opening/forwarding port 21 etc and adding the FileZilla server to Windows Firewall. Now, the reason I asked this question is because I want to know what minimum port opening/forwarding is required for ftp server to be accessed from outside of my Home network as I might have done a bit extra than what was required.

If someone can put the steps in few points that would be great.

Assuming you have a typical home setup with a broadband connection of some kind coming in to a modem/router, with the FTP server running on a PC of some sort connected to the LAN port / wifi of the router, then you will need to forward port 21 in the router to your FTP servers LAN address, and allow port21 in the firewall on the FTP server.

timmmay

18595 posts

Uber Geek

Trusted

Subscriber

#936799 18-Nov-2013 17:40

Here's how I understand it (and I'm not a network guy, but I know enough to be dangerous). You have a public IP address on your router, each PC has a private IP. On your router you can set up a port forward, so every packet sent to that port on your public IP gets sent to a specified IP/port on the private network range. This could be useful for P2P connections like bit torrent, or hosting an FTP server.