Port Forwarding is something I find that we come across just about every day and a lot of technicians don’t know how to do.
It’s really quite simple when you think of it, each system we connect to a network has an IP address and communicates on a specific port (or ports) so it can find other compatible devices and software to talk to, we just need to make those ports and IP addresses visible to each other.
Doing this on a local network or LAN is mostly simple as there is rarely anything blocking the communication. (I’ll talk about Windows Firewall separately). It’s when you need to get a device talking to another across the internet and onto customer networks that problems can arise, a lot of manufacturers are trying to make things easier on us by creating cloud based services where it’s 2 outgoing connections meeting in the manufacturers preconfigured server and you don’t have to worry about a thing….. but they’re not all that nice to us!
Big Disclaimer: – You do this at your own risk, I am in no way a trained IT professional, this is just something I have learned to do, I may be doing it wrong and opening ports incorrectly, but it works and I always try my absolute hardest NOT to touch customer equipment, especially opening ports! You should always try to get the customer or their IT provider to do these things for you, they more than likely have a much better idea than you and it covers your arse if something goes wrong!
I’m going to use Ubiquiti AirControl2 in my example, for those of you who don’t know, Ubiquiti is mostly used for long range point to point Wi-Fi and AirControl2 is the awesome software to visualise, monitor and support your customer connections.
I want to connect my server in Parramatta to my customer devices in Richmond
In my example my IP addresses are as follows:
Server LAN IP address: 10.0.0.24
Server WAN IP address: xxx.xxx.xxx.114
Customer WAN IP address: xxx.xxx.xxx.223
Customer Device LAN IP address: 192.168.1.2
Ubiquiti uses the following ports for monitoring of devices as standard – these ports need to be configured at BOTH ends:
UDP: 10001 for detection
TCP: 22 for connection – I’m changing this to port 202, see note below as to why
TCP: 9081 for heartbeat
IMPORTANT: The problem with TCP port 22 is that its the ssh (Secure Shell) port and most modems don’t like you forwarding from here, so I’m going to choose port 202 instead for my outgoing connection from my server. Of course, what the software doesn’t tell you is that it needs HTTP port 80 or HTTPS port 443 to find the device, it assumes your device doesn’t have a modem in front of it so you need to change the outgoing ports on your AirControl2 software as well, I’m changing HTTPS 443 to HTTP 8287, (both port 80 and 443 forward straight to the modem from the internet and you definitely don’t want to change those), try to steer clear of system ports 1-1024.
So now I have my list of ports that are coming to Customer WAN side – UDP 10001, TCP 202, TCP 9081, TCP 8287 – these ports now need to be sent to my first Ubiquiti device at 192.168.1.2 – the method below is for using a Huawei modem, yours may differ but they’re mostly the same
I’m going to open UDP 10001
- Log into your modem
- Go to your port forwarding settings – mine is in “Advanced->NAT->Port Mapping” then I click “new” and get the window below
3. Choose my protocol (UDP or TCP or BOTH) – in my case UDP
4. My remote Host is my AirControl2 Server WAN IP Address – xxx.xxx.xxx.114 – this is only needed if you’re restricting traffic to this port to a single IP address, leave blank if connecting from multiple IP’s or a device with dynamic IP address like a mobile phone
5. External Port is the one I want to accept connections from – 10001
6. External End Port is if you’re opening more than one consecutive port – You can leave this blank but I like to put in my starting port here anyway just for my own peace of mind
7. Internal host is my Ubiquiti device’s LAN IP address – 192.168.1.2
8. Internal port is my Ubiquiti devices discovery port – 10001
9. Name the port whatever you wish but try to make it descriptive – Mine is “Ubiquiti UDP 10001”
10. click save and repeat as required
Your end result should look something like this, remembering that we have changed our server side outgoing system ports which is why the external ports are different to the internal device ports
So my example makes the network traffic from the server get forwarded like this;
- xxx.xxx.xxx.114 TCP 9081 to 192.168.1.2 TCP 9081
- xxx.xxx.xxx.114 TCP 202 to 192.168.1.2 TCP 22
- xxx.xxx.xxx.114 UDP 10001 to 192.168.1.2 UDP 10001
- xxx.xxx.xxx.114 TCP 8287 to 192.168.1.2 TCP 443
Now, remember…. This is only on the customer side, you also have to do this on the server side if you need two-way communications between device and software like I have to do with the Ubiquiti AirControl2 Software.
Hopefully this helps you and please feel free to comment if I have done something really wrong or bad, because I’m still a little unsure most of the time with this stuff 🙂
You can find a list of port assignments at the Internet Assigned Numbers Authority website. The list may not necessarily include your specific devices ports but it is a good reference if you want to check what port does what, especially system ports.