So why do we sometimes open port in Windows Firewall and forward in router interface? I am just trying to understand what exactly happens when port forwarding is done at router level and when a port is opened in Windows firewall and how are they same of different?
It depends. Often, they are the same for all intents and purposes. "Opening a port" would technically be the process of allowing traffic to pass on that port, while "port forwarding" is forwarding traffic that is received by one device on a given port, to a different device.
Port forwarding is typically used to, for example, forward incoming traffic on port 80 (HTTP), from your firewall/router to your web server.
Opening a port could be used to describe the same process, or it could refer to simply allowing that port to be accessed on the local device (i.e. open the port on your web server) without the "forwarding it on to another device" component.
But, yes, especially when talking about a SOHO setup, many people will use the terms interchangeably.
If a port is "closed" in regards to a firewall, then traffic on that port is not allowed. So a firewall on a web server, with port 80 closed, would mean web traffic isn't allowed. Open port 80, and web traffic is allowed. There is no forwarding involved here.
But when the web server is behind an external firewall or router, that router has to forward the traffic coming on port 80, on to the web server, which must have the port open to allow it.
You could kind of think of it like, a port forward is a signpost showing you which path to take, and an open port is like opening the door to let you walk inside.
Port forward would normally happen through a NAT router where a specific port on the WAN interface is forwarded to an IP address on the internal LAN, whereas opening a port would happen on a firewall where connections are normally blocked, just to let traffic through.
So why do we sometimes open port in Windows Firewall and forward in router interface? I am just trying to understand what exactly happens when port forwarding is done at router level and when a port is opened in Windows firewall and how are they same of different?
Hmmm. Ok, you didn't specify "open a port in firewall" and "forward a port in router". I gave a generic answer based on a the limited question posed.
So here is the long one, now that we have all information: a firewall will prevent communication passing through it, while allowing other. By default firewalls will block communications. "Opening a port" in this context" means allowing connections to happen.
Consumer routers are usually configured in a way that it will relay communications from many devices to the Internet and it does so in a way that allows it to return the response to a request that was sent out to pass to the original device. But unsolicited incoming requests need to be directed to a point inside your network. By default routers won't let unsolicited incoming requests to get into the network, basically because it wouldn't know where to send it to. In this context forwarding a port means configuring the router to pass incoming requests to a device that can handle those.
Another way of doing it is by placing a device in the DMZ. A device in the DMZ will by default receive all unsolicited incoming request (obviously if a firewall is running on that device then you should also configure it to allow the connection to be established).
Thanks everyone for the explanations. I was trying to set up FTP server at home just for some testing and it wouldn't work for external access. My router has a static ip from ISP so I thought it would work without any other changes or additions. Finally it worked by opening/forwarding port 21 etc and adding the FileZilla server to Windows Firewall. Now, the reason I asked this question is because I want to know what minimum port opening/forwarding is required for ftp server to be accessed from outside of my Home network as I might have done a bit extra than what was required.
If someone can put the steps in few points that would be great.
stitch: Thanks everyone for the explanations. I was trying to set up FTP server at home just for some testing and it wouldn't work for external access. My router has a static ip from ISP so I thought it would work without any other changes or additions. Finally it worked by opening/forwarding port 21 etc and adding the FileZilla server to Windows Firewall. Now, the reason I asked this question is because I want to know what minimum port opening/forwarding is required for ftp server to be accessed from outside of my Home network as I might have done a bit extra than what was required.
If someone can put the steps in few points that would be great.
Assuming you have a typical home setup with a broadband connection of some kind coming in to a modem/router, with the FTP server running on a PC of some sort connected to the LAN port / wifi of the router, then you will need to forward port 21 in the router to your FTP servers LAN address, and allow port21 in the firewall on the FTP server.
Here's how I understand it (and I'm not a network guy, but I know enough to be dangerous). You have a public IP address on your router, each PC has a private IP. On your router you can set up a port forward, so every packet sent to that port on your public IP gets sent to a specified IP/port on the private network range. This could be useful for P2P connections like bit torrent, or hosting an FTP server.
Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:
Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly
to your computer or smartphone by using a feed reader.
Administrator
Trusted
Geekzone
