When is port forwarding necessary?

Asked 5/9, 2012 at 22:0 Answered 5/9, 2012 at 23:33

Solved networking client port multiplayer

I've been investigating networking for use in a two-player game I'm writing, and I'm still not clear on when a device must have a port forwarded in order to communicate with the outside world.

From what I've seen in other games, port forwarding is always required in order to host a server, but is not required on the client. In addition, there are other situations, such as skype (which, to my understanding is ultimately client to client), where neither end must forward a port.

So my question is, in over-the-Internet communication, when is and isn't port forwarding necessary, and what steps can i take as a developer to make it so my users don't have to worry about it? Thanks in advance!

Prepared answered 5/9, 2012 at 22:0 Comment(0)

Port forwarding is needed when a machine on the Internet needs to initiate a connection to a machine that's behind a firewall or NAT router. If the connection is initiated by the machine behind the firewall, the firewall/router automatically recognizes the reply traffic and sends it to the machine that opened the connection.

But if a packet arrives on the external interface, and it's not a part of such a connection, the router needs to know what to do with it. By default, it will reject it. But if forwarding is configured for the port, that tells it what internal machine to send it to.

Put another way: you need port forwarding if you want to run a server behind the NAT firewall/router, you don't need it if you're just running a client.

Evanston answered 5/9, 2012 at 23:33 Comment(10)

This is the standard answer I've been reading over and over, but I'm still confused: why don't the sender specify the private IP address of the target machine? Then the router would know which machine to send to. – Gasparo 2/4, 2020 at 17:6

It's not possible to route to private addresses, only public addresses are routable on the regular Internet. – Evanston 2/4, 2020 at 17:9

@Gasparo Think of private addresses as being like room numbers in a building. If someone tells you to send a delivery to room 104, but doesn't tell you what the building address is, how would you know where to deliver? – Evanston 2/4, 2020 at 17:14

How about building address + room number? The current way seems to be building address + port, and that's why we need port forwarding? – Gasparo 2/4, 2020 at 19:26

IPv4 addresses aren't big enough to hold every building address + room number. That's one of the reasons why NAT was created. – Evanston 2/4, 2020 at 19:32

And why IPv6 expanded the size of addresses from 32 bits to 128 bits. – Evanston 2/4, 2020 at 19:32

Why not append the room number after building address? For example, 64.233.191.255:192.168.1.1. Then we will have enough space. Is it because of convention? – Gasparo 2/4, 2020 at 19:42

That would require a redesign of the IP protocol to have two addresses in the destination. – Evanston 2/4, 2020 at 19:43

I see! So the ultimate reason is that the convention (protocol) has been set, and it's hard to change. Thank you very much! – Gasparo 2/4, 2020 at 20:5

Exactly. It's why we needed to design a new protocol IP v6, to get around these limits. – Evanston 2/4, 2020 at 20:7

Port forwarding (occurs) when a NAT, firewall or some other device blocks communication on all or some ports.

To answer your question as an example, most commercial routers use NAT to allow multiple people to use the same IP(As view from the outside world) provided by ISPs. Most ISP's use NAT to allow multiple customers to use the same IP(As viewed from the outside world). To get this to work, the NAT changes the internal IP and the port number of a communication to THE(there is only one for the entire sub network) external IP and a new port number. By doing this, the router/isp/ect can tell which internal IP and port each external communication goes to.

Anytime one of the computers communicating over the internet are behind a NAT, port forwarding is required. I'm sure there are way more situations than this, and the solution to each can be quite complicated. But this covers the vast majority.

Anthropometry answered 5/9, 2012 at 22:16 Comment(1)

Port forwarding is not required in order to connect to a server through a tunnel. I can connect a client to my server through Tailscale Funnel without forwarding any ports on my router. – Pile 22/5 at 23:43

There is reason why Skype don't (not always) need manual setting of port forwarding:

When you install Skype, a port above 1024 is chosen at random as the port for incoming connections. You can configure Skype to use a different port for incoming connections if you wish, but if you do, you must open the alternative port manually.

If the port chosen for incoming connections becomes unavailable, by default ports 80 and 443 will be used as alternatives. If another application (such as Apache HTTP server or IIS) uses these ports, you can either configure the application to use other ports, or you can configure Skype to not use these ports.

Port forwarding is must if you host a server. You can use same technique as Skype... I am not sure if there is any other option...

Ildaile answered 5/9, 2012 at 22:8 Comment(0)

Recommended topics

Hot tags