Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Regarding Opening Ports on a Router.

Posted on 2004-10-25
18
Medium Priority
?
238 Views
Last Modified: 2013-11-09
I am attempting to open the ports on my d-link router. What is the difference in private and public ports on the router? The d-link 704p.
0
Comment
Question by:mathieu_cupryk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 3
  • +1
18 Comments
 
LVL 69

Accepted Solution

by:
Callandor earned 672 total points
ID: 12403021
Private ports are the ports seen inside your network, on your side of the router.  Public ports are the ports seen by the outside world.  Here's an example: http://support.dlink.com/faq/view.asp?prod_id=1339#704
0
 
LVL 8

Assisted Solution

by:holger12345
holger12345 earned 664 total points
ID: 12405910
Normally you want to open a public port to access internal/private network equipement (a webserver maybe). These ports must be forwarded, as there has to be a translation in IP adresses - the private adresses aren't visible from the outside.. only the router knows about them. So in normal cases you tell the router what outside port will be translated to what ip+insidePort.

If you are unsure what port means: That's not the hardware-port of the router (even if "outside" means the router hardware port to the outside). But in the case of opening port it's meant the TCP/IP-ports.  i.e. the program telnet listens on port 25: If you ever telnet to an adress for example 192.168.0.1 then you really do a telnet to 192.168.0.1:25 (as only on port 25 listens someone to telnet requests). A browser/webserver uses port 80 for HTTP-requests and so every service uses its own ports
0
 
LVL 1

Assisted Solution

by:doneck8
doneck8 earned 664 total points
ID: 12453535
If you wanted to open ports for PCA you would user port 5631 TCP for the internal and external port in the entry, and a second entry for 5632 UDP.  These are the ports current versions of PCA use by default.  Unless your changing the default ports things work on the internal port is going to be the same as the external port.  Program/service are you "opening" ports for?
0
WEBINAR - Latest Cyber Tips for Defense

Join the WatchGuard Threat Research Team on October 26th for an informative webinar featuring expert tips and tricks for defending your organization from today's latest cyber threats. Don't leave yourself vulnerable to attack. Register for the webinar today!

 

Author Comment

by:mathieu_cupryk
ID: 12453605
File sharing.

What is PCA?
0
 
LVL 1

Expert Comment

by:doneck8
ID: 12458027
I was just using it as an example.  PCA is Symantec PC Anywhere.  
0
 
LVL 1

Expert Comment

by:doneck8
ID: 12458045
For file and print sharing you would have multiple entries.  One for each of the following.
TCP 139, 445; UDP 137, 138, 445
In each entry the internal and external port would be same.  Say you want to open the ports to a computer at 192.168.0.100
the first entry would look like
Name: Whatever you want to call it.
private IP: 192.168.0.100
Protocal: TCP
Public port: 139
Private port: 139
you would repeat this 3 more times.
when you get to 445, you can use one entry and chose both for the protocol.
0
 

Author Comment

by:mathieu_cupryk
ID: 12458163
ok that sounds good however if I what to connect from the outside world either from ftp port 21(to download from ftp server)
or http port 80. (to see persons web site). and there are two other computer running XP. and the main first one is running windows 2003.
There is a firewall in the router? and what should I do with the setings of the public and the private protocols. I am increasing this to 500.

0
 
LVL 1

Expert Comment

by:doneck8
ID: 12458185
you would use port 21 as the public and private port and the prive ip is the address of the FTP server in your network.  Same with the webserver.  port 80 is the public and private port.  Private IP is the address of the web server on your network.  Off the top of my head I don't remember the protocols for port 21 and 80 , but if you set the protocol to both, it will work until you find out.
0
 
LVL 1

Expert Comment

by:doneck8
ID: 12458198
The router does Network address translation so it is a defacto firewall.
0
 
LVL 8

Expert Comment

by:holger12345
ID: 12458382
Pay attention: after you have opened the ports for public access, you'll have no firewall features on this ports ! These ports are visible and attackable from outside - you should choose well, how much and why you want to open your internal LAN.

With standard Firewalls, you can setup a so called DMZ (DeMilitarizedZone), that is a special network to get access to the public and private range of your IP.
0
 
LVL 1

Expert Comment

by:doneck8
ID: 12474351
The Dlink does have a DMZ, but I wouldn't recommend using it.  Any IP in the DMZ has all ports visible and attackable from outside, not just the ones you need open.  There is also a way in the Dlink to open the ports so they only except traffic from a specified IP address.
0
 

Author Comment

by:mathieu_cupryk
ID: 12480661
I need to do port forwarding?
0
 
LVL 8

Expert Comment

by:holger12345
ID: 12488866
But the difference from DMZ to port-forwarding to inner LAN is:

In the DMZ, you place only those servers, that would have public traffic anyway, and the open ports would be open in any case... so you have to be sure, the server isn't open on the other ports!
If you place the server into the LAN, a successful attacker to the server (and if someone really wants to, he could find some means!) could easily crawl the WHOLE NETWORK... so what do you think is more dangerous?

I leave this up to you

regards Holger
0
 
LVL 1

Expert Comment

by:doneck8
ID: 12507780
Holger has a point.  Using the DMZ setting in the router would be easiest if the server isn't open on the other ports.

mathieu:  In a Dlink Router it is done in Virtual server or Firewall.  In a Linksys Router it is Port Forwarding, in a Netopia it is Pin Holing.  If you are going to lock down the ports on the server and only leave open the ones your using, then Holger's suggestion of using the DMZ is the way to go.  
0
 
LVL 8

Expert Comment

by:holger12345
ID: 12713850
pls split points at least - the question is answered
0

Featured Post

WEBINAR - Latest Cyber Tips for Defense

Join the WatchGuard Threat Research Team on October 26th for an informative webinar featuring expert tips and tricks for defending your organization from today's latest cyber threats. Don't leave yourself vulnerable to attack. Register for the webinar today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

pc, laptop  monitor connection configurations
Great sound, comfort and fit, excellent build quality, versatility, compatibility. These are just some of the many reasons for choosing a headset from Sennheiser.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

598 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question