Sunday, 1 April 2012

Port forwarding


Port forwarding membolehkan komputer jauh (contohnya, komputer di Internet) untuk menyambung ke komputer atau perkhidmatan tertentu dalam rangkaian kawasan tempatan swasta (LAN). [3]
Dalam rangkaian kediaman biasa, nod mendapatkan akses Internet melalui DSL atau kabel modem disambungkan kepada seorang penterjemah router atau alamat rangkaian (NAT / NAPT). Tuan rumah pada rangkaian swasta disambungkan ke suis Ethernet atau berkomunikasi melalui LAN wayarles. Antara muka luar peranti NAT device's external interface is configured with a public IP . Komputer di sebalik router, di sisi lain, tidak dapat dilihat kepada tuan rumah di Internet sebagai mereka setiap berkomunikasi hanya dengan alamat IP persendirian.

When configuring port forwarding, the network administrator sets aside one port number on the gateway for the exclusive use of communicating with a service in the private network, located on a specific host. External hosts must know this port number and the address of the gateway to communicate with the network-internal service. Often, the port numbers of well-known Internet services, such as port number 80 for web services (HTTP), are used in port forwarding, so that common Internet services may be implemented on hosts within private networks.

Typical applications include the following:
§  Running a public HTTP server within a private LAN
§  Permitting Secure Shell access to a host on the private LAN from the Internet
§  Permitting FTP access to a host on a private LAN from the Internet
Administrators configure port forwarding in the gateway's operating system. In Linux kernels, this is achieved by packet filter rules in the iptables or netfilter kernel components. BSD andMac OS X operating systems implement it in the Ipfirewall (ipfw) module.

When used on gateway devices, a port forward may be implemented with a single rule to translate the destination address and port. (On Linux kernels, this is DNAT rule). The source address and port are, in this case, left unchanged. When used on machines that are not the default gateway of the network, the source address must be changed to be the address of the translating machine, or packets will bypass the translator and the connection will fail.


When used on gateway devices, a port forward may be implemented with a single rule to translate the destination address and port. (On Linux kernels, this is DNAT rule). The source address and port are, in this case, left unchanged. When used on machines that are not the default gateway of the network, the source address must be changed to be the address of the translating machine, or packets will bypass the translator and the connection will fail.

When a port forward is implemented by a proxy process (such as on application layer firewalls, SOCKS based firewalls, or via TCP circuit proxies), then no packets are actually translated, only data is proxied. This usually results in the source address (and port number) being changed to that of the proxy machine.

Usually only one of the private hosts can use a specific forwarded port at one time, but configuration is sometimes possible to differentiate access by the originating host's source address.

Unix-like operating systems sometimes use port forwarding where port numbers smaller than 1024 can only be created by software running as the root user. Running with superuser privileges (in order to bind the port) may be a security risk to the host, therefore port forwarding is used to redirect a low-numbered port to another high-numbered port, so that application software may execute as a common operating system user with reduced privileges.
The Universal Plug and Play protocol (UPnP) provides a feature to automatically install instances of port forwarding in residential Internet gateways. UPnP defines the Internet Gateway Device Protocol (IGD) which is a network service by which an Internet gateway advertises its presence on a private network via the Simple Service Discovery Protocol (SSDP). An application that provides an Internet-based service may discover such gateways and use the UPnP IGD protocol to reserve a port number on the gateway and cause the gateway to forward packets to its listening socket





Types of port forwarding

Port forwarding can divided into the following types:

  • Local port forwarding
  • Remote port forwarding
  • Dynamic port forwarding


-------------------



DIR-615 Port Forwarding

Port forwarding is required to allow other users on the Internet to access services that are hosted on computers within your private home network. This is done through the usage of the 'port forwarding' feature on the router. In order to setup port forwarding on your router :
1) Identify the port number (TCP or UDP) that you wish to forward. In this example, I will be forwarding both TCP and UDP ports 14355 to one of the computers on my private subnet (192.168.0.0/24).
2) Identify the private IP address of the system you wish to forward the port to. This guide will setup forwarding for a computer on my LAN network with the IP address of192.168.0.50. I also recommend that you set a static IP address (as opposed to dynamic/DHCP) for this computer as the DHCP server may assign a different IP to that PC in the future and 'break' your port forwarding.


 


















3) Check that your Windows or any other firewall application has whitelisted the application or port you intend to forward.


4) Navigate to your routers Port Forwarding page and enter the appropriate values :
5) The Name can be set to any value. The Public Port and Private Port fields should contain the value of the port that you wish to forward. Private IP should contain the IP address of the computer which is hosting the service. Most importantly, Public IP should be left blank.


6) Click on the "Save Settings" button and your router should now be forwarding the port. To check if it is working, run the application which utilizes the TCP/UDP port you have forwarded and visit an online port checking website such as http://www.canyouseeme.org/
7) The external port checker will inform you if the port is reachable by other WAN users. Note : Some users have complained that forwarding TCP port 80 for HTTP hosting does not work because when they visit their WAN IP from the internal LAN, it shows the management GUI for the router instead of their web server.
This is not true and the port is being forwarded properly (if the external port checker shows "success").
The reason you can't see the website you're hosting from your private LAN is due to NAT loopback. Other users on the WAN will infact be able to access your port forwarded HTTP server properly.



DIR-615 iPod/iTouch/iPad/Wifi Bug


There's basically been an issue with the default configuration of the TM DIR-615 G1 wifi router which causes certain wireless devices (mainly Apple ones) to be able to connect to the wifi hotspot but denied the ability to browse/surf the Internet. While I was testing out DD-WRT wireless configuration options, I noticed that when I changed the wireless channel width to 40 MHz, my iPod touch would be unable to connect to the wireless network or connect and be unable to browse anything.
Other users have experienced the same thing on the stock firmware so here's a possible fix for that :






By default, this channel width/bandwidth option will be on 20/40 MHz (Auto) however if you're experiencing this wifi bug, try switching it to 20 MHz. This should fix the problem (hopefully!).

The default username/password combinations for TMnet DIR-615 routers between firmware versions 7.01 to 7.05b are :

Username : admin Password : blank
Username : admin Password : telekom 


However, there is also a secondary account which must have its password changed in order to fully secure your network :

Username : operator      Password : telekom
Username : operator Password : h566UniFi
Username : operator Password : <your Unifi username in reverse order>








Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)