Networks and Port Forwarding

Hey guys so today we are going to talk about What exactly is port forwarding ? Why we need it ? And how to do port forwarding ? We will also cover some alternative NAT traversal techniques. Firstly, to understand port forwarding we need to learn about how your data travels over INTERNET. I hope you have read basics of networking and interacting with ports. Let’s suppose you are behind a router and accessing internet. Now what happens when you request a web-page from a server? Your browser first asks the DNS server for the ip address of the website via a UDP packet. Now your browser initiates a client side socket with source ip, random source port (source ports are random as discussed here) and a protocol which is HTTP in this case and sends a HTTP request to the server. Now there are 2 types of ip addresses viz public and private. As the name suggests one is publicly routable while other is only accessible within private networks. When you are inside a network like behind wi-fi router or LAN or behind any NAT (Network Address Translator) your device is assigned a private ip address. This can be 192.168.x.x or 172.16.0.0 to 172.31.255.255 or as big in size as class B networks with 65,534 hosts per network with range of 10.x.x.x . In most wi-fi networks you will see ip address like 192.168.x.x . You can check ip address assigned to your device by entering “ifconfig” on your linux terminal or “ipconfig” on windows command prompt (cmd).

In the above screen-shot the device is connected to a wi-fi network and it has been assigned ip- 192.168.x.x by DHCP (Dynamic Host Control Protocol). It automatically assigns ip address and sends other information like default gateway, and access to the network.

What does a NAT do?

Network Address Translator as the name suggests translates the addresses i.e. ip address. A NAT changes your private ip address to a public ip address. A NAT has two interfaces viz a public interface which is assigned a public ip and is accessible to public networks and one Internal network interface which is on the internal/private network. The default gateway of devices is set to be NAT’s address cause that’s where all the data leaves internal network and enters public network. In bigger networks it may contain more routers, bridges, switches, repeaters, etc.

How NAT works?

When a device in internal network requests something for example a web-page from a server it first sends a SYN (Wanna talk?) packet to the server. The packet reaches NAT router. It changes the private ip address of the packet to it’s public ip address and initiates a new connection from it's public interface sends packet forward according to the routing table. The source port may be random or not that depends on type of NAT. Meanwhile it saves this information on it’s NAT table, that data coming on this port is to be forwarded to this internal ip on this port, so when the server sends SYN-ACK (Sure!) back, it will check the table and send the data back to the client who made the initial request inside the network. The TCP 3 way-handshake is completed when client sends ACK (Okay) packet back. So a NAT-table ensures that data is forwarded back to appropriate client.

Internal source ip	Source port of device	Destination ip	Source port of NAT
192.168.43.239	53,662	(site’s ip)	54,395

Why NAT ?

The internet was originally made to be peer to peer (p2p) network. But NATs violate that since they act as a middle-man. Initially people thought the number of unique 32 bit ipv4 addresses will be enough to meet everyone’s need. but with the increase in internet devices there seemed to be a lack of ip addresses. Also only a smaller set of ip addresses is available to use because of different classes of network and some being reserved for research or other purposes. The number of ip addresses can be significantly increased with ipv6 addresses. Although it’s require few changes in internet infrastructure. So the solution was NATs. The NATs cover a large range of devices with private ip addresses to a single publicly routable address. This means all device within internal network will have same public ip address. It means people can now even reuse the internal ip addresses in different networks. NATs act as firewalls too by only allowing desired packets to enter in the network and also hiding the whole internal network from public, this means a person can only see public ip of devices but not their network. Data from all devices inside the network seem to come from single public ip address. Well with increase in use of ipv6 addresses now, it seems like P2P will be back.

Where’s Port Forwarding ?

Let’s assume a case now where your device is behind a NAT router and you want to set up a server, whether a web server, game server, ssh server, ftp server, or a server for reverse shell, etc. Basically a server is just application running on computer providing some kind of service on a specific open port. Of course the port is open to allow exchange of data and identify which service is binded to which port.

Why Port Forwarding?

So for clients in public network to connect to you, you must provide your unique ip address to them. But since you are inside a network your device has been assigned a private/internal ip address. If they try to connect to your router’s public ip address, the packets will simply be converted to heat, means dropped as the router doesn’t know where to forward that data to among the devices in the internal network because the information regarding it isn’t available in NAT table, which is reverse of the case we saw earlier when we requested data from internal network and the path to client who sent the initial request was saved in NAT table.

How Port Forwarding works ?

In port forwarding we set up a rule in NAT table of router to forward data coming from public network on ‘this specific port’ to a server in internal network with ‘this internal ip’ and on ‘this specific port’. The NAT then translates destination ip to your internal ip. Now let’s say your internal ip is 192.168.43.239 and you set up a web-server on port 80. Your clients know your public ip and you tell them to connect port 80 on your public ip. All their requests will reach port 80 of public interface of router. You now setup port forwarding in router and tell it to forward all requests on port 80 of public interface to 192.168.43.239 on port 80 of your server. Hence your clients can make connections to your server.

Port on public interface	Ip of internal Server	Destination port on Internal server
80	192.168.43.239	80

It’s just representation to make it easier to understand.

Finding your network configuration and setting up port forwarding.

It can be very crucial to find your network configuration properly for port forwarding. If you are on some network then you can ask the network administer or even check the ip your device has got if it’s private or public. You can also do “traceroute” to find the path of your data packets and the NATs and routers you face on it’s path. If it’s just one NAT you can ask the network admin to set up port forwarding. If you own a router then click here. Find and select your router and follow the steps. You can verify it’s working from canyouseeme.org If you still face problem then contact your ISP. It may be blocking connections or you may be behind ISP’s NAT. In-case of Dynamic ip you can use services like no-ip which gives your clients a URL to connect to you and also its software updates the destination ip when your ip changes. Now lets take the case when you’re using mobile network. Mostly mobile network provider ISPs keep you behind a NAT. You can check the ip assigned to your device by typing ‘ifconfig’ in a terminal emulator or it may be in “Settings/About Device/”

This pic shows the result of “ifconfig” on a smart-phone on a JIO Network. The interface “rmnet0“ has got ip- 10.93.118.246 , this is private set of ip address. In Airtel, Reliance, etc you may get like 100.x.x.x These are also reserved and used in Internal Networks.

Here “netstat -an” shows ip address of all the ips which the phone is connected to. Since it’s behind NAT it shows local address and the public ips it’s connected to in Foreign address. Now how do you port forward and listen connections in this case ? Well there are some NAT traversal techniques you can use. (I am giving just a brief description now. We will talk about them in detail in future articles.) You can use a Relay server with publicly routable ip. The client and the server can connect to it and hence initiate a connection with relay server as a proxy. This is sometimes done in SOCKS proxy or there are some vpn providers which allow to open specific ports on their server and route data to you. A tool called ngrok uses this technique. First it initiates a live long connection with it’s servers and uses it to give a publicly routable sub-domain to users and forwarding all data to users. Torrent uses p2p connection. But how does it connect to devices which are behind a NAT ? It uses a tracker in .torrent file to find swarm of computer servers uploading and downloading a particular file. Then it uses those servers to initiate connections. Once connected the data can be transferred bi-directionally. You can use some other techniques like reverse ssh-tunnelling which uses a public ssh-server to send the packets on specific port to you. Another one is Hole Punching. It doesn’t work on all NATs. First the devices initiate connections to one another. This technique relies on guessing the source port of server’s NAT router so that when it makes connection the packets to the server can use the same path to reach the server. Well that’s all for now. We will see working and how to use these techniques in next article. You can research more deeply on these topics and things you may not have understand on the Internet. You will come across many new things while research. Thanks for reading. :D