500pts: Mapping port 80 on my router for server software behind NAT?

Hi there,

I wonder if anybody can help.

I have a small network with 3 pc's running fine connected to a router - the router uses NAT hence all pc's all functioning and browsing the internet fine.

I now have to add another PC to the same network that will run some server software behind the router hence i need to map ports from the router to the PC (its ip is 192.168.0.20).

The ports are pretty abnormal ports so thats fine - i know i should be able to map the ports without issues but the server software also runs some mini webserver which obviously operates on port 80.

But if i map port 80 to the webserver software from the router this will mean my other standard pc's that wish to browse the network will stop functioning won't they?????

or should i be ok...??

I think i am able to map the webserver to port 81 for example but its a bit non standard so i wanted to run the webserver on a standard port 80 system..

any advice would be really appreciated

thanks in advance

Ian
ianinspainAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

minmeiCommented:
Without knowing anything about the router...

Inbound port mapping on port 80 or 81 is fine, use 80 so people won't have to remember to add the port on their urls (:81).

Outbound web access is doen from whatever port the PC picks _to_ port 80 on the outside, so the router will be seeing traffic coming back from the external webservers to ports like 3498 and 31873, not _to_ port 80.  Only traffic coming _to_ port 80 will be web requests from the outside.

Kind of a source/destination thing.
0
masnrockCommented:
If you're using port 80 on your router for a web server, no problem. Machines that access websites contact port 80 of machines not on your network using ports higher than 1024. Port 80 is used for web yes, but on the _server_ end only, not the client end.

Hope that helps.
0
aseusaincCommented:
The routers remote administration(from the outside) is more than likely on port 8080, if not, there SHOULD be a configuration option to change it.  

As for having 1 PC on the inside that needs to make port 80(and other ports) available outside, that is fine.  It will NOT cause any problems for people on the inside trying to surf the web.  Just map port 80 the same way you will map the other needed ports that you mentioned.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

dae3dae3Commented:
There should be no problem with port forwarding port 80 to the web server.  The port forwarding will only apply to connections initiated externally.  

The router is smart enough to determine whether incoming packets are part of an existing session that was initiated by a workstation inside your network.

Just think about what you allready have set up.  You have three workstations that can access port 80 on web servers on the internet and the router is smart enought to make sure the packets all get back to the workstation that initiated the request.  You never try to go to a website and then get a page returned to you that the person on the other computer was trying to get.



0
rikke_vpCommented:
Hola IanInSpain

como esta usted? Bien yo pienso.. Hablo un poco d'espanol y voy mi reaction a



0
rikke_vpCommented:
Hola IanInSpain

hit my enter to fast :)

NAT only works outside in - I mean that the mapping is done when a request is made to your IP/router at port 80 at the external side. Even if you mess with your port 80 or 443 it will not make any difference to your internal traffic.

If your router uses a internal port 80 as a webconsole then change this port first!

What internal server are you using and what is its purpose?
Note that a lot of scans are done on standard ports, 1-1024, and that you need to be sure no infiltration can be done before you open up port 80 to the world.

If users do NOT need to have access or even view the webserver from outside - maybe only you need it for admin reasons - then I would a non standard port like 8080(proxy) or 10080(non service port) or any other port then 80 or 443.

Keep in mind that ISP sometimes block port 80 to their end-users IP on gateway level. This means you can never get traffic at this port - and most of the time any other service ports,1-1024, - so it could be you have to use another port instead.

I need to close now, at clients site and the lady here wants to go home, so I'm coming back on this when I'm at home!

Regards

Hasta la proxima vez...

Rikke


 



0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ianinspainAuthor Commented:
thanks everyone! great answers.. i have split the points as each answer was valuable to me...

thanks again

ian
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.