NAT Forwarding: Open Ports for Special Services
If you remember from our past article What is NAT, NAT (Network Address Translation) is key for internet connection-sharing. It makes your local devices with private IP addresses use the same public IP address to communicate with other devices on the internet. This’ll protect your private network by hiding the IP addresses of your devices.
However, it also brings about the problem that devices on the internet cannot initiate communication with your local devices because of hidden IP addresses. Here, NAT Forwarding will help.
NAT and the NAT Forwarding feature are often used in conjunction with each other. NAT Forwarding creates open connections, aka ports, allowing devices connected to the internet to initiate communication with your local devices.
This creates some unique functions. For instance, you might have a Wi-Fi camera needing access to the internet. Or you may want to create a server for file transfers (FTP). For both situations, you will have to set up rules for internet traffic using NAT Forwarding.
Your TP-Link router supports 4 forwarding rules:
- Virtual Servers—Share Local Resources on the Internet
- DMZ (Demilitarized Zone)—Make Applications Free from Port Restrictions
- Port Triggering—Open Ports Dynamically
- UPnP (Universal Plug and Play)—Make Online Games Run Smoothly
Virtual Servers - Share Local Resources on the Internet
A virtual server defines the relationship between a port and a local device. When you build up a server on the local network, all requests from the internet to a specific port will be directly forwarded to the designated device, ensuring free communication.
Virtual Servers can be used for setting up public services on your local network. Each service requires a specific port to be open. It’s worth mentioning here that each port has a specific number to distinguish them from each other like port 21, port 23, etc.
For example, if you want to set up a personal website on your local network, you’d use a protocol and port made specifically for that purpose. In this case, you’d use HTTP (Hypertext Transfer Protocol). HTTP’s specified port is 80. Open port 80 and your friends will be able to access your personally made webpage.
Other services that you might set up include file-sharing, such as FTP (File-Sharing Protocol); email services like POP3 (Post Office Protocol version 3) and SMTP (Simple Mail Transfer Protocol); remote-access through Telnet; or other services like DNS (the Domain Name System protocol).
That might sound like a lot, so here’s a quick list of some common protocols and their designated ports:
- HTTP: port 80
- FTP: port 21
- DNS: port 53
- POP3: port 110
- SMTP: port 25
- Telnet: port 23
To learn how to build a virtual server on your local network: https://www.tp-link.com/us/support/faq/1541
DMZ - Make Applications Free from Port Restrictions
You can set your device to be a DMZ (Demilitarized Zone) host on the local network. It’ll become a virtual server with all ports open. Completely open to the internet, your device will experience the unlimited bidirectional communication between local devices and devices on the internet.
This is especially helpful when you use online games and video conferencing applications. Some applications use random ports to establish connections between users. Rather than troubleshoot every single port to see if you can establish a connection, you can ensure every port is open.
For example, an online game might have a port restriction, you might be able to log in normally but won’t be able to play multiplayer. To solve this problem, set your PC as a DMZ host with all ports open, then you can game together with your friends.
Some potential safety hazards should be noted since your device will be totally exposed to the internet. If DMZ is not in use, make sure to disable it immediately.
To learn how to set your device as a DMZ host: https://www.tp-link.com/us/support/faq/1542
Port Triggering - Open Ports Dynamically
Port Triggering is an advanced feature used to dynamically forward traffic on a certain port to a specific server on the local network. It’s the same as a virtual server, but with an additional switch for each port. Port Triggering can dynamically open ports to any device when needed and close the ports when they are unneeded.
Basically, you create a triggering port (think of it as an on/off switch). When one of your local network devices sends data through that port, it “triggers” another port to open for devices outside your network.
So, rather than keeping a port always open for everyone to use, you control when it opens/closes. This ensures a much more secure way of opening your local network to external devices and services.
This is an advanced feature mainly applied to online games, VoIPs, video players, and common applications including MSN Game Zone, Dialpad, and Quick Time 7 players.
To learn how to enable Port Triggering: https://www.tp-link.com/us/support/faq/1522
UPnP - Make Online Games Run Smoothly
The UPnP (Universal Plug and Play) protocol allows instant connections without needing to configure each individual device. The easiest example of this would be with a network printer. With UPnP enabled, your host device (in this case, your home computer) can automatically discover the printer. You just connect and start printing.
UPnP is enabled by default and recommended to be kept enabled if you want to use applications for multiplayer gaming, peer-to-peer connections, real-time communication (such as VoIP or telephone conferencing), or remote assistance.
Let’s say you want to connect your Xbox to your router and play multiplayer online, UPnP will automatically send a request to your router to open the corresponding ports allowing data to transmit. You’ll be able to play Xbox online games without a hitch.
To learn how to enable UPnP: https://www.tp-link.com/us/support/faq/1543
In addition, NAT and ALGs (Application Level Gateway) are also used in conjunction with each other. Similar to NAT, ALG translates IP addresses and/or port numbers while managing specific application protocols like FTP. When IP packets between local and outside networks pass through the network boundary, ALG inspects the traffic (packets) and modifies it if necessary. This also provides an extra layer to your home network security.
The above is only an introduction to NAT Forwarding rules. If you’re still scratching your head, here’s a summary. Check out the differences and choose the one you need.
|
Virtual Servers |
Port Triggering |
UPnP |
DMZ |
Scenarios |
Web (HTTP), FTP, DNS, POP3/SMTP, Telnet |
MSN Game Zone, Dialpad, QuickTime 7 players |
Multiplayer gaming, peer-to-peer connections, real-time communication, remote assistance |
Online games, video conferencing |
Ports Open |
A specific port |
Triggering port & Corresponding external ports |
Automatic |
All ports
|
Pros |
Popular
|
Dynamic and safe
|
Automatic |
No need to know the port of the server
|
Cons |
Need to know the internal port and IP address of the server |
Complex but can usually be replaced by Virtual Servers |
Applications must support UPnP protocol |
Unsafe |