port forwarding

Posted on 2014-03-25
Last Modified: 2014-03-26
As I understand it, port forwarding is the packaging packets into an HTTP or HTTPS stream, changing the and once through the firewall, map the packet to the appropriate port

Is this correct?

And more importantly, why would you use port forwarding ?

Many Thanks
Question by:Anthony Lucia
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 35

Accepted Solution

Dan Craciun earned 167 total points
ID: 39954634
Most common use: to make an application that runs in an internal server available from the outside (Internet).

For this you either connect that server directly to the outside, or you use the router to port forward traffic from a specific port to that server's internal IP.

Bonus: you can have many internal servers available on the same external IP, as long as the external ports are different.

LVL 15

Expert Comment

by:Giovanni Heward
ID: 39954637
Port forwarding or port mapping is a name given to the combined technique of

1. translating the address or port number of a packet to a new destination

2. possibly accepting such packet(s) in a packet filter (firewall)

3. forwarding the packet according to the routing table.

The destination may be a predetermined network port (assuming protocols like TCP and UDP, though the process is not limited to these) on a host within a NAT-masqueraded, typically private network, based on the port number on which it was received at the gateway from the originating host.

The technique is used to permit communications by external hosts with services provided within a private local area network.
LVL 35

Expert Comment

by:Dan Craciun
ID: 39954645
@Giovanni Heward: please credit the source. Thank you.
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 333 total points
ID: 39954920
Port forwarding is in essence any solution which causes packets sent to one port on one IP to arrive on a (potentially different) port on another IP.

Distinctions should be made based on to what extent the packets are re-written during this process; the most basic form is called either NAT or PAT depending on vendor and work done (the terms expand to Network Address Translation and Port Address Translation, respectively; the latter implies that the target port is also rewritten). In this form, the packet arrives at its final (internal) destination with its source IP and port intact, and replies must be routed therefore back though the translating service in order that they be again rewritten to appear to come back from the original IP/Port they were sent to.  Some solutions can perform load balancing, allowing a single external IP to be used to connect to several internal hosts in order to increase the throughput for the solution.

Another common form is called reverse proxy, virtual server, or several other terms (again, vendors seem to like making up new terms for this).  This differs from NAT/PAT in that the source address is also rewritten, so that it appears to come from the internal address of the device hosting the original target IP; this simplifies routing (in that the default route to the internet need not be via the reverse proxy) but hides source data from the internal host (which can cause difficulties in logging) - to offset this, often the proxy can perform tasks "offloaded" from the internal host, such as stripping away SSL (taking on the processor load for that), performing active caching, handling session cookies and so forth.  In cases of simple rewrite, this can also be called "Double NAT" or "Double PAT" indicating the rewriting of both target and source addresses.

As an edge case, a device can act as a socket proxy - this implies active participation by the internal host in selecting and opening the external IP/Port, which then forwards the packets over its own proxy protocol back to the requesting application (socks is an example of such a socket proxy protocol)

Finally, we have solutions such as VPNs, TOR and similar proxy networks, ssh tunnels, ssl tunnels and so forth. With these solutions, a port or virtual network card on the local machine is set to listen for connections by the local client, and the packets are encapsulated in another protocol and sent over that protocol to an external host, where they are then forwarded to a destination. This can be combined with NAT/PAT, socket proxies, forward or reverse proxies and so forth, in order that the traffic from the remote node behave as expected (for example, a ssh forward tunnel link will emerge with a random source port and the external IP of the ssh server, to a predetermined external target IP and port. A reverse tunnel will open a specified port on the remote server to listen for traffic, and forward that - via the tunnel -  to the local client, where it will then be routed - from the IP of the client, plus a random port - to a predetermined target).

As for the Why, you would use port forwarding in any situation where you want to get a connection from a host, unable to connect directly to a target IP/Port, to that target IP/Port, by explicitly connecting to a different IP/Port, which then arranges for that connection to be forwarded as needed.
LVL 78

Expert Comment

ID: 39955053
While the end result is similar, the two port forwarding and reverse proxy are distinct.
Port forwarding is accomplished on the transport layer while reverse proxy is accomplished on the application layer (proxy server handles the request from the remote side and passes the request to the internal resources.  Then upon receiving a response it forwards it back to the requester)

Port forwarding is a packet redirect
Reverse proxy is a request redirect.
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 333 total points
ID: 39955273
@arnold: Yup.
However, this is in the context that this is a follow-up question so I am trying to cover a fair few bases to save further follow-up questions :)

There are actually a number of key technologies that are interwoven with the information the querient is looking for - tunnelling, vpn, packet/traffic encapsulation, forward and reverse proxy, policy evasion, possibly even uPnP and NAT-PMP - so including information on reverse proxy (as distinct from packet forwarding) saves a little time :)

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OnPage: Incident management and secure messaging on your smartphone
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
Sending a Secure fax is easy with eFax Corporate ( First, just open a new email message. In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question