Purpose of port forwarding

nat;port-forwarding

This following article talks about Network Address Translation (NAT) and port forwarding.

What is port forwarding and what is it used for?

What is the point of port forwarding when NAT seems to do the job fine? All the router needs to know is which computer to direct the packet to, right? Let's say it directs the packet to the appropriate computer and is clueless about the port–won't the target computer know what to do with the packet, with or without the port number? And if you use port forwarding, don't you need to know the target computer anyways?

Best Answer

NAT does its job fine, but port forwarding has a different job. To understand this, it is important to remember the difference between incoming connections and outgoing connections.

Suppose that you and I are going to have a phone conversation. I might call you, or you might call me. In either case, we will be able to send messages (sentences) back and forth, but there is a difference in who starts the call. If I call you, it is an outgoing connection for me and an incoming connection for you. For this to be possible, I will need to know your phone number first. When you pick up the phone, you get my caller ID (which is my phone number). For the purpose of this explanation, let us pretend that you need to know my phone number in order to talk back to me.

Now imagine that our phonecalls are routed through two other phones (the routers), who are connected to many people:

You <----> Router 1 <----> Router 2 <----> Me
              ^               ^
              |               |
              v               v
             Many            Many
            Others          Others

To make matters complicated, I know only the phone number of Router 1 and not your personal number. Conversely, you know only the phone number of Router 2 and not my personal number. When I call you, we have two problems:

Router 1 somehow needs to know that the call must go to you and not to one of the many others it connects to.
Router 2 somehow needs to know that when you talk back, the sentence must be sent to me and not to somebody else.

Port forwarding solves problem 1. Calling about Super User is a service which is conducted through port 42 by convention. You tell Router 1 to forward all calls about Super User to you, so when I call Router 1 on port 42, I get to talk to you. If you had not explicitly told Router 1 to do this, we would not be able to call.

NAT solves problem 2. Router 2 pretends to be the caller, because neither you nor Router 1 will take up the phone if the caller ID is unknown (my phone number). It then remembers that I am the actual caller, so when Router 2 receives a response from Router 1, it knows to send it to me.

The situation on the internet is almost exactly the same. You just have to mentally replace the phones by computers, phone numbers and caller IDs by IP addresses, and unknown phone numbers by reserved IP addresses (such as the 192.168.*.* range).

Best Answer

Related Solutions

Understanding port forwarding and NAT

Port forwarding without router access how does it work

Related Question