Solved

Regarding Opening Ports on a Router.

Posted on 2004-10-25
226 Views
Last Modified: 2013-11-09
I am attempting to open the ports on my d-link router. What is the difference in private and public ports on the router? The d-link 704p.
0
Question by:mathieu_cupryk
    15 Comments
     
    LVL 69

    Accepted Solution

    by:
    Private ports are the ports seen inside your network, on your side of the router.  Public ports are the ports seen by the outside world.  Here's an example: http://support.dlink.com/faq/view.asp?prod_id=1339#704
    0
     
    LVL 8

    Assisted Solution

    by:holger12345
    Normally you want to open a public port to access internal/private network equipement (a webserver maybe). These ports must be forwarded, as there has to be a translation in IP adresses - the private adresses aren't visible from the outside.. only the router knows about them. So in normal cases you tell the router what outside port will be translated to what ip+insidePort.

    If you are unsure what port means: That's not the hardware-port of the router (even if "outside" means the router hardware port to the outside). But in the case of opening port it's meant the TCP/IP-ports.  i.e. the program telnet listens on port 25: If you ever telnet to an adress for example 192.168.0.1 then you really do a telnet to 192.168.0.1:25 (as only on port 25 listens someone to telnet requests). A browser/webserver uses port 80 for HTTP-requests and so every service uses its own ports
    0
     
    LVL 1

    Assisted Solution

    by:doneck8
    If you wanted to open ports for PCA you would user port 5631 TCP for the internal and external port in the entry, and a second entry for 5632 UDP.  These are the ports current versions of PCA use by default.  Unless your changing the default ports things work on the internal port is going to be the same as the external port.  Program/service are you "opening" ports for?
    0
     

    Author Comment

    by:mathieu_cupryk
    File sharing.

    What is PCA?
    0
     
    LVL 1

    Expert Comment

    by:doneck8
    I was just using it as an example.  PCA is Symantec PC Anywhere.  
    0
     
    LVL 1

    Expert Comment

    by:doneck8
    For file and print sharing you would have multiple entries.  One for each of the following.
    TCP 139, 445; UDP 137, 138, 445
    In each entry the internal and external port would be same.  Say you want to open the ports to a computer at 192.168.0.100
    the first entry would look like
    Name: Whatever you want to call it.
    private IP: 192.168.0.100
    Protocal: TCP
    Public port: 139
    Private port: 139
    you would repeat this 3 more times.
    when you get to 445, you can use one entry and chose both for the protocol.
    0
     

    Author Comment

    by:mathieu_cupryk
    ok that sounds good however if I what to connect from the outside world either from ftp port 21(to download from ftp server)
    or http port 80. (to see persons web site). and there are two other computer running XP. and the main first one is running windows 2003.
    There is a firewall in the router? and what should I do with the setings of the public and the private protocols. I am increasing this to 500.

    0
     
    LVL 1

    Expert Comment

    by:doneck8
    you would use port 21 as the public and private port and the prive ip is the address of the FTP server in your network.  Same with the webserver.  port 80 is the public and private port.  Private IP is the address of the web server on your network.  Off the top of my head I don't remember the protocols for port 21 and 80 , but if you set the protocol to both, it will work until you find out.
    0
     
    LVL 1

    Expert Comment

    by:doneck8
    The router does Network address translation so it is a defacto firewall.
    0
     
    LVL 8

    Expert Comment

    by:holger12345
    Pay attention: after you have opened the ports for public access, you'll have no firewall features on this ports ! These ports are visible and attackable from outside - you should choose well, how much and why you want to open your internal LAN.

    With standard Firewalls, you can setup a so called DMZ (DeMilitarizedZone), that is a special network to get access to the public and private range of your IP.
    0
     
    LVL 1

    Expert Comment

    by:doneck8
    The Dlink does have a DMZ, but I wouldn't recommend using it.  Any IP in the DMZ has all ports visible and attackable from outside, not just the ones you need open.  There is also a way in the Dlink to open the ports so they only except traffic from a specified IP address.
    0
     

    Author Comment

    by:mathieu_cupryk
    I need to do port forwarding?
    0
     
    LVL 8

    Expert Comment

    by:holger12345
    But the difference from DMZ to port-forwarding to inner LAN is:

    In the DMZ, you place only those servers, that would have public traffic anyway, and the open ports would be open in any case... so you have to be sure, the server isn't open on the other ports!
    If you place the server into the LAN, a successful attacker to the server (and if someone really wants to, he could find some means!) could easily crawl the WHOLE NETWORK... so what do you think is more dangerous?

    I leave this up to you

    regards Holger
    0
     
    LVL 1

    Expert Comment

    by:doneck8
    Holger has a point.  Using the DMZ setting in the router would be easiest if the server isn't open on the other ports.

    mathieu:  In a Dlink Router it is done in Virtual server or Firewall.  In a Linksys Router it is Port Forwarding, in a Netopia it is Pin Holing.  If you are going to lock down the ports on the server and only leave open the ones your using, then Holger's suggestion of using the DMZ is the way to go.  
    0
     
    LVL 8

    Expert Comment

    by:holger12345
    pls split points at least - the question is answered
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Lean Six Sigma Project Manager Certification

    There are many schools of thought around successful project management, but few as highly regarded as the Six Sigma and Lean methods. With 37 hours of learning, this training will explain concrete processes for increasing efficiency and limiting wasted time and effort.

    Suggested Solutions

    Hello to users to the new age of computers. There are so many products to choose from nowadays that you maybe confused to understand which product is the correct product for you. Let me explain briefly what should be the idea product for your best n…
    Is it worth it to buy an Echo? In a word, yes! For me it was definitely worth it. I use mine on a daily basis. Prologue & Privacy At first, I was very skeptical about the Amazon Echo. In general, I don't like voice assistants. I don't li…
    This video Micro Tutorial is the second in a two-part series that shows how to create and use custom scanning profiles in Nuance's PaperPort 14.5 (http://www.experts-exchange.com/articles/17490/). But the ability to create custom scanning profiles a…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    911 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now