500pts: Mapping port 80 on my router for server software behind NAT?

Posted on 2006-03-31
Last Modified: 2013-11-29
Hi there,

I wonder if anybody can help.

I have a small network with 3 pc's running fine connected to a router - the router uses NAT hence all pc's all functioning and browsing the internet fine.

I now have to add another PC to the same network that will run some server software behind the router hence i need to map ports from the router to the PC (its ip is

The ports are pretty abnormal ports so thats fine - i know i should be able to map the ports without issues but the server software also runs some mini webserver which obviously operates on port 80.

But if i map port 80 to the webserver software from the router this will mean my other standard pc's that wish to browse the network will stop functioning won't they?????

or should i be ok...??

I think i am able to map the webserver to port 81 for example but its a bit non standard so i wanted to run the webserver on a standard port 80 system..

any advice would be really appreciated

thanks in advance

Question by:ianinspain
    LVL 7

    Assisted Solution

    Without knowing anything about the router...

    Inbound port mapping on port 80 or 81 is fine, use 80 so people won't have to remember to add the port on their urls (:81).

    Outbound web access is doen from whatever port the PC picks _to_ port 80 on the outside, so the router will be seeing traffic coming back from the external webservers to ports like 3498 and 31873, not _to_ port 80.  Only traffic coming _to_ port 80 will be web requests from the outside.

    Kind of a source/destination thing.
    LVL 17

    Assisted Solution

    If you're using port 80 on your router for a web server, no problem. Machines that access websites contact port 80 of machines not on your network using ports higher than 1024. Port 80 is used for web yes, but on the _server_ end only, not the client end.

    Hope that helps.
    LVL 7

    Assisted Solution

    The routers remote administration(from the outside) is more than likely on port 8080, if not, there SHOULD be a configuration option to change it.  

    As for having 1 PC on the inside that needs to make port 80(and other ports) available outside, that is fine.  It will NOT cause any problems for people on the inside trying to surf the web.  Just map port 80 the same way you will map the other needed ports that you mentioned.
    LVL 1

    Assisted Solution

    There should be no problem with port forwarding port 80 to the web server.  The port forwarding will only apply to connections initiated externally.  

    The router is smart enough to determine whether incoming packets are part of an existing session that was initiated by a workstation inside your network.

    Just think about what you allready have set up.  You have three workstations that can access port 80 on web servers on the internet and the router is smart enought to make sure the packets all get back to the workstation that initiated the request.  You never try to go to a website and then get a page returned to you that the person on the other computer was trying to get.

    LVL 5

    Expert Comment

    Hola IanInSpain

    como esta usted? Bien yo pienso.. Hablo un poco d'espanol y voy mi reaction a

    LVL 5

    Accepted Solution

    Hola IanInSpain

    hit my enter to fast :)

    NAT only works outside in - I mean that the mapping is done when a request is made to your IP/router at port 80 at the external side. Even if you mess with your port 80 or 443 it will not make any difference to your internal traffic.

    If your router uses a internal port 80 as a webconsole then change this port first!

    What internal server are you using and what is its purpose?
    Note that a lot of scans are done on standard ports, 1-1024, and that you need to be sure no infiltration can be done before you open up port 80 to the world.

    If users do NOT need to have access or even view the webserver from outside - maybe only you need it for admin reasons - then I would a non standard port like 8080(proxy) or 10080(non service port) or any other port then 80 or 443.

    Keep in mind that ISP sometimes block port 80 to their end-users IP on gateway level. This means you can never get traffic at this port - and most of the time any other service ports,1-1024, - so it could be you have to use another port instead.

    I need to close now, at clients site and the lady here wants to go home, so I'm coming back on this when I'm at home!


    Hasta la proxima vez...




    Author Comment

    thanks everyone! great answers.. i have split the points as each answer was valuable to me...

    thanks again


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
    We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now