NAT & port forwarding
Once your router is online, it will be assigned a unique internet IP address. This address will be shared between all your network clients, via a system called network address translation (NAT). This works by assigning each client on your network its own local IP address, which is valid only within your LAN. When a client wants to communicate externally, the router forwards the connection via its external IP address, and forwards any response back to the client that initiated the connection.
This setup is fine for the typical household, but the catch is that sharing one internet address across the whole LAN makes it impossible for a remote computer to initiate a connection to a particular PC on your network. This makes it difficult for worms and hackers to reach a potentially vulnerable system; but if you want to run an online service such as a web or FTP server, your router must be configured to forward incoming traffic to the particular PC that’s hosting the service.
The process is called port forwarding, since it involves forwarding all traffic that arrives on a particular “port” to a particular client. In reality, all network packets arrive via the same physical connection, but different notional ports are associated with different services. Web servers, for example, ordinarily operate on port 80, while FTP servers use port 21. You can find the official list of standard ports at www.iana.org/assignments/port-numbers.
A computer can run services on any number of different ports concurrently, and your router can be configured to forward whichever ports you wish to whichever clients you choose – while dropping other unwanted requests.
It isn’t always necessary to configure port forwarding manually. Almost all routers support universal plug-and-play (UPnP). This allows compatible applications such as web servers and BitTorrent clients to automatically configure your router to allow traffic through: simply ensure the box is ticked in your router’s configuration pages. Your router may also support port triggering: if enabled, the router will remember when a client makes an outgoing connection on a particular port, and will automatically direct incoming connections on that port to that same client.
If you do need to set up port forwarding manually, the option should be readily available in your router interface. Typically, you only need to enter the local IP address of the PC hosting the service, then specify the port – or, on some routers, the type of service you want to run, which will then automatically be translated to a port or range of ports. You may also be asked to choose whether to forward TCP packets, UDP packets or both. TCP is normal internet traffic; UDP is a simpler protocol that’s sometimes used by audio and video streaming applications, as well as online games.
Port forwarding is normally a simple matter of specifying a service or port, and a local IP address to forward traffic to.
Reserved IP addresses
There’s one potential “gotcha” with port forwarding. When you create a port forwarding rule, you associate a port with a local IP address. But these local addresses are allocated dynamically – using the dynamic host configuration protocol (DHCP) – so if you regularly turn your devices on and off, they can end up with different addresses from one day to the next.
The solution is to “reserve” an IP address for your local PC, so it always gets the same one. The way you do this varies from router to router: typically, it will be listed under “LAN setup” or “DHCP settings”. If you see a list of connected clients, you may see the option to click “reserve” to permanently assign an address to a particular client. Otherwise, you may need to enter details manually.
It’s also possible to specify a static IP address at the client end. But this option is provided chiefly for compatibility with older systems that don’t support DHCP. With a modern router, there’s no advantage to doing it this way, and it involves more fiddly configuration, so we suggest you steer clear.
