NAT is a handy tool but comes with a huge drawback: no servers behind the firewall are accessible to the outside world. Port forwarding allows opening in your NAT-enabled router in a limited way to provide access.
- So I've got myself this really cool web camera here, and it actually has a built-in web server, so if I want to actually see what's on the screen, let me plop this down, all I got to do is go to the URL, see that right there, and I am in my camera. Hey, I see the folks in the control panel, wave to me, hi, there you are, okay, whee. All right, so this is great when I'm here in my house, 'cause it's easy for me to get to these cameras because I'm all on the same internal local area network. The problem comes into play, is that if I want to get to the camera that's actually over at my real house, not, it feels like home here. At my real house, I'm not there right now, and the only way I'm connected to the internet is through a NAT-ed router, which basically means I have one legitimate IP address on the WAN side, but everybody else is using private IP addresses, so normally you can't get past a NAT-ed router to be able to see anything behind it. Well, you can, and that's through something called port forwarding. Port forwarding simply means that your NAT-ed router, and pretty much all of these home routers have this built in, is going to be watching for certain port numbers. Now normally, for example, if I'm going to a website, I'm sending out port 80 requests, that's fine, but I pretty much constantly block incoming port 80 because there's no web server inside my private network. We don't want people doing that. However, with port fprwarding, we kind of turn it on, and what we're going to be doing, is we're going to go, look, anytime there is an incoming request for port 80, I open up a web browser, and I get to my WAN-ed IP address of my router, it's going to send it to the camera. So this is port forwarding, let's make sure we have the setup here proper. Okay, first of all, somewhere on here is Port Forwarding, and I just happened to look earlier, and I found it, and here's Port Forwarding right here, so what I'm going to do is I'm going to say, I need to come up with a name for this, I'm going to call it Timmy. The protocol, I'm using HTTP, which is a TCP protocol. The Source Net means, is there a particular IP address in the outside world? I'm going to say no here, I'm just going to leave it blank, which means any computer can do this. Anything that asks for port 80, (keyboard clicking) send it to my internal address, and leave it as port 80. I'm going to Enable that, I'm going to Save it, Apply Settings. This router's strange, the way it makes you do that. So what I've just said, is anybody coming in on port 80, send it to this guy, and leave it at port 80. So why is it saying port 80 twice? Well, there's a very good reason for that. This little camera is listening on port 80, which is fantastic, but I don't want just anybody scanning around, opening up a web browser, and trying to get to my system. So what we can do instead is something like this, let me show ya. Here's my router, and here's my camera, which is listening on port 80, that's fantastic, but what I want to do is make this listen not on port 80, but on something really non-standard that people aren't going to be thinking about. How about 11,461? So what I can do now, if somebody's out on the internet, and they want to get to me, they're going to have to type in the WAN address, I'll pretend and say that's 22.214.171.124, and then they have to type in :11461. That's the only way they're then going to get to my camera. So let's make a couple of changes in the port forwarding to reflect this non-standard port number. So this is really all I got to do. (keyboard clicking) So the only question left is, what IP address am I typing in to get to my camera? Well that really just depends on how you're connected to the internet. So, for example, we can go to Status on this guy, then click over on WAN, and this is my IP address for the WAN side. Yeah, I know, I know, I'm actually using an internal address on the WAN side, but when you're back at your office, you're going to have a legitimate public IP address in there, so you just type that in and you go. Now the only downside to all this is that your WAN IP address is DHCP, almost guaranteed. If you're using cable modems, pretty much any DSL, your IP address will change from time to time, so what we need to do is something called Dynamic DNS. What Dynamic DNS does, is it basically is some software on your router that gives you a DNS name, and then with that DNS name, no matter what your IP address changes to, your router will call home back to a service, and it will update, full-blown, legitimate DNS. I think we got DNS settings in here, let's take a look. So, right under Setup on this particular one, there's something that says DDNS. So right now it's disabled. There are all of these different companies that provide DNS names, so I could type in Dynamic DNS. I would have to type in a User Name and Password from this company, and then a Host Name that I already had pre-setup. So what I could do, is in a webpage, I would type in mikecamera1.DymDNS.org:11461, and I could get to my camera. Now, I need to qualify a few things here. Dynamic DNS is a powerful tool. The only time you're going to be using Dynamic DNS is number one, if you have a NAT-ed router, which just about everybody does these days, and number two, you're doing some kind of port forwarding which motivates you to know what your WAN IP address is. These Dynamic DNS tools are built into routers, and it will always know what your WAN IP address is, and it will phone home to DNS, and anytime you type in whatever, mikecamera1.DynDNS.org or whatever it is, it automatically gets to the WAN IP address of your system. Keep in mind that these can often be charged services, I think they're well worth it. You can also find routers, for example, ASUS brand is famous for providing free Dynamic DNS options. The bottom line is, the only time you're doing port forwarding is because you've got something behind a NAT-ed router that you want to get to from time to time. Port forwarding is no substitution for robust, serious, public IP addresses, and it's only done for scenarios when you want to get to a doorbell, or a thermostat, or a camera, something nicely tucked behind a NAT router. (introspective bass guitar music)
This Total Seminars course covers the exam certification topics. For information on additional study resources—including practice tests, lab simulations, books, and discounted exam vouchers—visit totalsem.com/linkedin. LinkedIn Learning members receive special pricing.
This course was created by Total Seminars. We are pleased to offer this training in our library.