What happens to other computers on a network when you forward a port?

networking router port-forwarding port
6,099

In order to answer this, you need to know how network traffic works between a client and server.

When you have a client-server program, the server sets up a listening port.

Any client can then connect to this listening port and ask to be connected. Because you can only make one single connection to a port, as soon as the server accepts the connection (goes in a split second) the server then starts a new connection back to the client (usually via uPNP, optionally specifying which port it will use) to do the actual data transfer. The initial port from the client to the server is dropped to free the listening port.

Because the server is behind a NAT (router), when the client connects to the public ip with the portnumber, the router answers, not the server behind it. Because the router doesn't have the software of the server (in your case a webserver) it doesn't know how to answer and the connection fails because the router simply ignores the request.

By adding a portforward, you tell the router what to do when someone tries to connect to the public ip with that specified port. In your case, the rule says: relay the traffic to the raspberry pi.

Now, as you can see, the only thing that happens is that the router learns what to do when a request is being made to the public ip and port. PC's inside the network do not request access by the public ip, but by the private ip instead. In addition, the router allows to setup which public port it listens to. So if you have 3 raspberry pi's, each having their own ip address, you could setup 3 rules: 

- port 8081 to pi1, port 80
- port 8082 to pi2, port 80
- port 8083 to pi3, port 80

A client then connects to your public ip appending :8081 to open that port instead, and all still works.

There are no physical links laid, so all ports remain as they are. Its just that the router understands what to do with a port now, and where the traffic should head.

Do note that not all routers are capable of loopback traffic, meaning, they expect connections on the NAT with public ip address to be coming from the WAN port, not any of the LAN port, so it may not be possible to test the forward rules on your router from inside the network.

Share:
6,099

Related videos on Youtube

Hadrian Hughes
Author by

Hadrian Hughes

Updated on September 18, 2022

Comments

  • Hadrian Hughes
    Hadrian Hughes over 1 year

    I'm just reading up on port forwarding, as thinking about using a RaspberryPi to host a web server.

    One thing that's occurred to me is this. All requests on a certain port get forwarded to a particular internal IP address. Are responses forwarded in the same way? As surely this would prevent other computers on the network from accessing the internet, as all responses from visited websites would go to the server.

    • Admin
      Admin about 7 years
      You should be fine, don't worry, you forwarding incoming port to the local network, it will not effect internal network in no ways
  • Hadrian Hughes
    Hadrian Hughes about 7 years
    I've read that port 80 is conventionally used for HTTP, and I see you've used it in your example. Should it be port 80 on the router or should the router use some other port which then forwards to port 80 on the Pi?
  • LPChip
    LPChip about 7 years
    That depends. If there is no other server in your network that you really want port 80 to be using, you will likely want to use port 80. If not, and you start using a domain name in the future such as example.com, and you use a public port of say.... 12345, then you will have to go to example.com:12345 in order to reach the website on your rasphberry pi. This can be both a security feature and it can be annoying. Depends on what you want.
  • Hadrian Hughes
    Hadrian Hughes about 7 years
    Okay. But if there's only one server on the network and I use port 80 on the Pi and the router, does the user's browser assume to use port 80 when they type example.com with no port specified?
  • LPChip
    LPChip about 7 years
    Yep. A rule of thumb, when no port is specified, almost always the default port will be tried. 80 is http, 21 is ftp, etc.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Ports closed when checked with canyouseeme.org
Port forwarding not working for port 9
Scanning my public IP address with Nmap finds TCP port 1720 open, is this a security concern?
Are there good alternative HTTP ports rather than port 80?
Why do I see router and not my real IIS?
Cannot open port 443 on modem
Can a people DDOS a block Port?
My repeater is not letting me port forward
Mysql port forward and access from any pc outside network
port forwarding alternatives?