?
Solved

500pts: Mapping port 80 on my router for server software behind NAT?

Posted on 2006-03-31
7
Medium Priority
?
300 Views
Last Modified: 2013-11-29
Hi there,

I wonder if anybody can help.

I have a small network with 3 pc's running fine connected to a router - the router uses NAT hence all pc's all functioning and browsing the internet fine.

I now have to add another PC to the same network that will run some server software behind the router hence i need to map ports from the router to the PC (its ip is 192.168.0.20).

The ports are pretty abnormal ports so thats fine - i know i should be able to map the ports without issues but the server software also runs some mini webserver which obviously operates on port 80.

But if i map port 80 to the webserver software from the router this will mean my other standard pc's that wish to browse the network will stop functioning won't they?????

or should i be ok...??

I think i am able to map the webserver to port 81 for example but its a bit non standard so i wanted to run the webserver on a standard port 80 system..

any advice would be really appreciated

thanks in advance

Ian
0
Comment
Question by:ianinspain
7 Comments
 
LVL 7

Assisted Solution

by:minmei
minmei earned 400 total points
ID: 16341469
Without knowing anything about the router...

Inbound port mapping on port 80 or 81 is fine, use 80 so people won't have to remember to add the port on their urls (:81).

Outbound web access is doen from whatever port the PC picks _to_ port 80 on the outside, so the router will be seeing traffic coming back from the external webservers to ports like 3498 and 31873, not _to_ port 80.  Only traffic coming _to_ port 80 will be web requests from the outside.

Kind of a source/destination thing.
0
 
LVL 32

Assisted Solution

by:masnrock
masnrock earned 400 total points
ID: 16341629
If you're using port 80 on your router for a web server, no problem. Machines that access websites contact port 80 of machines not on your network using ports higher than 1024. Port 80 is used for web yes, but on the _server_ end only, not the client end.

Hope that helps.
0
 
LVL 7

Assisted Solution

by:aseusainc
aseusainc earned 400 total points
ID: 16342006
The routers remote administration(from the outside) is more than likely on port 8080, if not, there SHOULD be a configuration option to change it.  

As for having 1 PC on the inside that needs to make port 80(and other ports) available outside, that is fine.  It will NOT cause any problems for people on the inside trying to surf the web.  Just map port 80 the same way you will map the other needed ports that you mentioned.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 1

Assisted Solution

by:dae3dae3
dae3dae3 earned 400 total points
ID: 16342013
There should be no problem with port forwarding port 80 to the web server.  The port forwarding will only apply to connections initiated externally.  

The router is smart enough to determine whether incoming packets are part of an existing session that was initiated by a workstation inside your network.

Just think about what you allready have set up.  You have three workstations that can access port 80 on web servers on the internet and the router is smart enought to make sure the packets all get back to the workstation that initiated the request.  You never try to go to a website and then get a page returned to you that the person on the other computer was trying to get.



0
 
LVL 5

Expert Comment

by:rikke_vp
ID: 16342838
Hola IanInSpain

como esta usted? Bien yo pienso.. Hablo un poco d'espanol y voy mi reaction a



0
 
LVL 5

Accepted Solution

by:
rikke_vp earned 400 total points
ID: 16342995
Hola IanInSpain

hit my enter to fast :)

NAT only works outside in - I mean that the mapping is done when a request is made to your IP/router at port 80 at the external side. Even if you mess with your port 80 or 443 it will not make any difference to your internal traffic.

If your router uses a internal port 80 as a webconsole then change this port first!

What internal server are you using and what is its purpose?
Note that a lot of scans are done on standard ports, 1-1024, and that you need to be sure no infiltration can be done before you open up port 80 to the world.

If users do NOT need to have access or even view the webserver from outside - maybe only you need it for admin reasons - then I would a non standard port like 8080(proxy) or 10080(non service port) or any other port then 80 or 443.

Keep in mind that ISP sometimes block port 80 to their end-users IP on gateway level. This means you can never get traffic at this port - and most of the time any other service ports,1-1024, - so it could be you have to use another port instead.

I need to close now, at clients site and the lady here wants to go home, so I'm coming back on this when I'm at home!

Regards

Hasta la proxima vez...

Rikke


 



0
 

Author Comment

by:ianinspain
ID: 16353521
thanks everyone! great answers.. i have split the points as each answer was valuable to me...

thanks again

ian
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question