For most people, networking is a complex, nuanced knowledge space; the only thing more abundant than the general state of confusion is the sheer volume of acronyms.
It’s not an easy topic to understand, and frankly, there’s so much going on within that space that it’s hard to have in-depth knowledge without decades of study and experience.
We don’t all have that kind of time on our hands. What we need is a simpler way to understand the basics and easily visualize a concept so that we can better understand networking impacts. We’re here to help you with that. Specifically, let’s explore the concept of port forwarding, check out some applications, and hopefully, by the end of the journey, you’ll feel a just little more comfortable with this acronym fiesta of a concept.
TIP: Learn how port forwarding and backup software can work together for you to access your files and data from any network-connected device.
What is port forwarding?
Before we dive too deep, let's define it.
Port forwarding defined
Port forwarding, sometimes called port mapping, allows computers or services in private networks to connect over the internet with other public or private computers or services.
Port forwarding achieves by creating an association called a map between a router’s public, wide area network (WAN) internet protocol (IP) address and a private, local area network (LAN) IP address for a device on that private network.
The mouthful of acronyms is a little confusing, so let’s give ourselves a simpler frame of reference.
Think of the router for your private network like a switchboard, or, maybe a little more up to today’s speed, an auto-attendant. The voice you hear when you call somewhere that gives you options for whom to speak with...
“Press zero to speak to a representative.”
“If you know your party’s extension, please enter it now.”
...that’s an auto-attendant.
When a call comes into the auto-attendant, it has to be redirected. The auto-attendant uses your input, the extension, as an identifier to help redirect the call to the correct target. Once that extension is received, the call is passed through to that extension’s phone.
Likewise, if you want to place an outbound call from within the switchboard network to a different number, the switchboard can display your internal phone number as the main switch’s phone number instead. This is called an external phone number mask and is used to protect the internal phone number and extension from being shared. After the internal number is masked, the call goes out, and the receiver sees only the switchboard number.
Port forwarding, explained
A “private LAN” could be your home Wi-Fi, your office Wi-Fi, or even the free Wi-Fi at a coffee shop. It typically (but not always) requires a password or some form of authentication to connect. Once connected, your device — laptop, cell phone, tablet, etc. — is assigned an IP address on that network through a process called DHCP (Dynamic Host Configuration Protocol). That IP address is unique to your device on the network, which is important for the router in identifying the device.
When you’d like to connect to the internet — say, to check your email, visit social media, or access cloud file storage — a connection request gets sent from your device to the router, detailing your device’s IP address and an associated port for the request. Your device is the host or source for the connection. The router then reads the request and masks (maps) your device’s IP address and port with the router’s public-facing IP address and a relevant port. (If you’re particularly curious, here’s the full ICANN port registration list.) After masking your host IP address with the router’s public-facing IP address, it sends the connection request forward to its destination.
There’s an important detail involved in sending that connection request: The router has to remember how it mapped your device’s IP address and port to its own. This is where a Network Address Translation (NAT) table comes into play. NAT tables store information about what maps are made during a connection.
Once a request reaches its destination, that destination is going to need to send information back to your device so you can see it. The destination makes a connection request back to the router with the router’s IP address and a specified port. The router checks the NAT table for the specific IP address/port combination to see if there’s an open connection. If there is, the request is then passed along to the correct device on the internal network. Once that connection closes, the connection’s entry on the table is deleted.
Why is port forwarding important?
Port forwarding is critical for remote access to items on private networks. Since firewalls exist to keep unwanted visitors out, the visitors you want to get in are going to need a way to do so. Knowing the IP address isn’t enough: Requests need to be directed to the correct port as well. This extra required information helps keeps unwanted visitors out and adds a further layer of security against DDoS (direct denial of service) attacks.
Port forwarding functions incredibly well alongside various identity management software. Multi-factor authentication software, single sign-on solutions, and the like create an extra layer of security towards allowing visitors into particularly secure areas like file servers and databases.
Where is port forwarding used?
While the below examples are far from comprehensive, they should give you a good idea of some areas where port forwarding adds to efficacy and improves daily function for both clients and your company.
Whether files, servers or hard drive clones, there’s something to be said for being able to access your backups from anywhere with an internet connection. Port forwarding makes it so even some of your harder-to-reach backups can be accessed from anywhere by those with proper authentication.
Not all computer desktops are stored locally. In large-scale technical implementations like hospitals or universities, computer desktops are more effectively stored in cloud environments. Port forwarding helps users access their own virtual desktops or VDI from any computer they need on-site.
Zack is a former G2 senior research analyst for IT and development software. He leveraged years of national and international vendor relations experience, working with software vendors of all markets and regions to improve product and market representation on G2, as well as built better cross-company relationships. Using authenticated review data, he analyzed product and competitor data to find trends in buyer/user preferences around software implementation, support, and functionality. This data enabled thought leadership initiatives around topics such as cloud infrastructure, monitoring, backup, and ITSM.