Port forwarding
|
|
Port forwarding (sometimes also referred to as tunneling) is the act of forwarding a network port from one machine to another. One use of this technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside via a NAT-enabled router.
This allows remote computers (e.g. public machines on the Internet) to connect to a specific computer within a private LAN, depending on the port used to connect.
For example:
- forwarding port 8000 on the router to a user's machine allows Shoutcast streaming
- forwarding ports 6881 through 6889 to a user's machine allows the use of BitTorrent
Modern Linux machines achieve this by adding iptables rules to the nat table: with target DNAT to the PREROUTING chain, and/or with target SNAT in the POSTROUTING chain.
Some common caveats with port forwarding include:
- the need to forward the packets that come to the router's forwarded port as well as the need to rewrite them so that the machine to which the port is forwarded to can reply to the original source address, which in turn leads to
- the inability of the destination (private) machine to see the actual originator of the forwarded packets, and instead see them as if originating from the router
See also
External links
- Portforward.com (http://www.portforward.com/)pl:Forward portów