Port forwarding

[DelJo63]

How to setup Portforward(ing) in three steps.

(I) First, the system to receive this data must always be at the same IP address on your LAN.
There are two ways to do this:

​

a) use your router to RESERVE an address specifically for that system​

b) manually set all the TCP fields (not recommended, too easy to get it wrong and then too it's easy to forget that you did it).​

(II) Once you have a fixed IP address for your system, you can then add the Portforward.

(III) The system receiving the data from the portforward needs to have the FIREWALL allow inbound traffic

To implement (I.a), you need to have the MAC address for the target system NIC,
and you get that by getting a command prompt and entering: IPCONFIG /ALL
It will show you something like:

Ethernet adapter Local Area Connection:
 
  Connection-specific DNS Suffix  . : socal.rr.com
  Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
  [color="BLUE"]Physical Address. . . . . . . . . : AA-BB-CC-DD-EE-FF[/color]
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  IPv4 Address. . . . . . . . . . . : [color="red"]192.168.0.5(Preferred)[/color]
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Lease Obtained. . . . . . . . . . : Friday, August 03, 2012 3:42:03 PM
  Lease Expires . . . . . . . . . . : Tuesday, September 10, 2148 1:53:49 PM
  Default Gateway . . . . . . . . . : 192.168.0.1
  DHCP Server . . . . . . . . . . . : 192.168.0.1
 
  DNS Servers . . . . . . . . . . . : 216.116.96.2
                                      216.52.254.1
                                      209.18.47.61
  NetBIOS over Tcpip. . . . . . . . : Enabled

You need the Physical Address for the portforwarding setup.

Now use your browser to access your router configuration;
You need the Router Address, USER/PWD and Physical Address above.
The Router Address is shown above as the Default Gateway.
The USER/PWD is specific to every brand of router; try this link to find it.
http://www.routerpasswords.com/

You will need to hunt and peck about the tabs or links to find the page
you need. On my Netgear, reservations are on the Lan IP Setup page.

There are two required entries for an address reservation,
the IP Address to be given to the specific MAC Address.

Note: The address you are assigning should be within the DHCP Range.
On my Netgear, I've set the DHCP to 192.168.0.2 thru 192.168.0.32.
My Laptop has the association of 192.168.0.5 -> AA-BB-CC-DD-EE-FF
Once you've entered the data, be sure to SAVE it. If this reservation is
for the same system you are performing this setup on, you may see the browser disconnect,
so you will need to login again.

Now we can address (II) Portforwarding.
Find the proper page in your router.
The task is to forward Port X(-thru-Y) to your Reserved Address from above.
My Netgear portforwards a range of ports X-Y so if I need only one, then make X=Y.
Be sure to [x] ENABLE the settings you create and SAVE the page when you are done.

(btw: HIGHLY recommend you change the default router password before you exit.
Perhaps something like GW-yourPcPWD).

SAVE (and or RESTART your router).

To verify that {I} has taken effect, disconnect the server system from the router,
wait 30 seconds and reconnect. You should see that 192.168.0.5 -> AA-BB-CC-DD-EE-FF has forced
this systems IP address to what you wanted.

The setup for (III) is dependent upon the firewall you are using.
The concept is to:

​

ALLOW IN/OUT TCP/UDP From ANY Local Port X-Y​

​

Now start the program that needs this port forwarded data.

To test that the portforward is correct, go to WWW.GRC.COM
(Home->Services->ShieldsUP! click proceed)
Just above User Specificed Custom Port Probe there is an input field:
enter the PORT NUMBER of your router portforward setp and click
User Specificed Custom Port Probe

If you have setup the firewall and portforwarding correctly,
then this test will show FAILED Status OPEN.
[from a security standpoint, GRC is saying SECURITY FAILED as the port is OPEN,
but that is the whole point of what YOU wanted to do ]

 

[boybrushdred]

Good day. I've read that port forwarding can improve online gaming and downloads. So I looked up portforward.com and searched for port forwards for specific programs. I'm using a Dlink DIR-300 router that is flashed with DD-WRT. I've already set up static IPs for my main PC and PS3 using the router interface.

The thing that's confusing me is that there are ports that are needed to be forwarded on both PS3 and PC. For example, on PS3, PlayStation Network need ports 3478-3479. At the same time, my PC need port 3478 for steam client, and 3478-4380 for Team Fortress 2. How will I setup forwarding for those ports?

Here is the screenshot of my port forwards for my PS3 and PC. As you can see there are a number of duplicate entries. Can you help with correct entries?

thanks

 

[DelJo63]

Consider this network:

isp==modem---router---{xbox/PS3}
                |
                +---- PC

the router has NAT and (for this discussion) is the source.
the PC, Xbox or PS3 are the target devices (ie they need the data on the port(s) in question.

SO: the portforwarding is done on only the ROUTER and targets the PC, Xbox or PS3 device addresses (all fixed).
The PC, Xbox & PS3 never need portforwarding unless you try a network like this:

isp==modem---router---- PC---{xbox/PS3}

Portforwarding is done on a PER APPLICATION basis: If an application uses a range of ports,
then we can PF x->y in one line on the router. If it also needs x->y + z not in that range (oh goodie ),
then the Z port must be added separately.

If you have multiple application, then obviously you need multiple portforwards.

Lastly, applications that are on specific devices (targets) must use that device's static ip address.

 

[boybrushdred]

Ok. So I still got a couple of questions.
1. If a game on the PS3 requires port 3478, and then a game on the PC requires the same port 3478, how do you set port forwards for those?

2. And I have a port range forward entry for port 27000~27050 for PC. And then another application on PC requires a single port forward for 27015. Do I still have to enter 27015? Or is it already covered by the previous range forward entry of 27000~27050?

I'm a noob at this stuff so forgive me because I still can't get the hang of it but I really like to improve my ping for online gaming and also improve download speeds.

 

[DelJo63]

Ok. So I still got a couple of questions.
1. If a game on the PS3 requires port 3478, and then a game on the PC requires the same port 3478, how do you set port forwards for those?

2. And I have a port range forward entry for port 27000~27050 for PC. And then another application on PC requires a single port forward for 27015. Do I still have to enter 27015? Or is it already covered by the previous range forward entry of 27000~27050?

1-2 are the same question - - how can I resolve the issue that two systems need the same port?
This is a user choice - - you can have one or the other but not both at the same time.

The easiest solution is to move both applications to the same device and then just use the applications one at a time.
If that is not possible, then that's life - - make a choice.

I'm a noob at this stuff so forgive me because I still can't get the hang of it but I really like to improve my ping for online gaming and also improve download speeds.

NONE of this will improve your PING and frankly, there's nothing anyone can
do to improve it - - it is a function of how many nodes on the internet you traverse to get to your gaming host.
You can see this using a command prompt and entering tracert gamingHost.domain-name.

@boybrushdred: your questions were generic to the problem of portforwarding and thus I elected to answer them here.
I will not answer further question on the subject as I feel that this thread is sufficiently complete.