Port Forwarding

Published: 6 Apr, 2021

#VPN#Tutorial#HOW-TO#Feature#VPN Plus

Port forwarding is a widely adopted technology that enables you to grant access to certain ports on you local device behind a firewall or a router to the Internet.

What's port forwarding?

Let's say you wanted to host a photo-sharing service on your own laptop so that you may browse photos of your loved ones while you're travelling. So you installed a software on your laptop listening on port 8080 for your connection requests.

However, your laptop was behind a router. That means whenever you tried to connect to the port 8080 on the IP address of your home network, you could only access the router instead of reaching your laptop. Your router doesn't know what to do with the connection to its port 8080, therefore it would just discard that.

Connection to servers behind router is blocked

In order to pass through the router and send connection requests to your laptop, your router has to support the function called "Port Forwarding".

It is basically some kind of instructions given to the router, telling it that it should forward any connection to its port 8080 to your laptop instead of ignoring the connection or sending it to your smart TV.

Only then, when you try to connect to the port 8080 on your home network IP, the router would forward your requests to your laptop which could send you back the photos you're trying to view.

That's the power of port forwarding.

Why port forwarding?

Other than the case we described just now, there're many other scenarios that you may want to enable port forwarding. For example, parents would want to connect to a camera at home to ensure the safety of their babies; home owners may want to connect to IoT devices from outside; and gamers may want to host a live show to their friends etc.

As long as you want to accept connections from outside your home network, you have to enable port forwarding in one way or another.

How about with VPN?

Once you're connected to VPN, you're like connected to a router. All the traffic in and out of your device will pass through the VPN server. Similar to the router, when you try to connect to your device with VPN server's IP address, you're in trouble as the VPN server doesn't know what to do with the connection.

To solve this issue, we have to enable port forwarding on the VPN server so that it would forward any connection to its port 8080 to your laptop.

Can we do that then?

Yes we can. Although not many VPN providers allow that for various reasons, here at OneMole VPN we have implemented such functions to give you the most flexibility.

Port forwarding with VPN

What's even better, you'll get a fixed IP on your VPN server so that you could easily point your domain to the IP address. You could now access your home servers using the beautiful domains you registered, instead of the random numbers of the IP address.

So how to do that?

Port forwarding is provided to VPN Plus users only.

First you'll have to connect to your OneMole VPN server via IKEv2.

Login to OneMole VPN and you'll find a Port forwarding button for each VPN server you have.

Port forwarding button

Just click on it and you'll be taken to the port forwarding setting page after you have confirmed your connection to the VPN server via IKEv2.

Confirm connection to VPN via IKEv2

You'll see the port forwarding setting page as below.

Port forwarding setting page

It would list down all the existing ports that are being forwarding, as well as some instructions on port forwarding.

Let's use some random numbers as an example here. Assume we want to forward whatever connection to the port 80 on the VPN server to port 8000 on our laptop. So let's scroll down to the two input boxes, and enter the port numbers accordingly.

Enter the port numbers

Once we click on submit, the setting page will refresh. The port 80 is now shown in the list.

Connection to port 80 will be forwarded

Let's test it.

We're going to start a very basic web server on the laptop using Python's http.server module. Our laptop will now wait for connections to its port 8000.

Now let's try to access the laptop by connecting to the VPN server via a browser. That is basically initiating a connection to the port 80 on the VPN server. Here we go. The laptop is showing us a webpage returned by the http server, which also generates a log telling us someone accessed the root page (GET /) and it has successfully returned the page with a response code 200.

Connection established

HTTP server on laptop successfully accepts the connection

We have now a successful port forwarding setup. Please take note that you can only forward the port on the server once. You can't forward the same port to multiple devices, nor can you forward to multiple ports on the same device. Meanwhile, once you disconnect your device from your VPN server, all existing port forwarding setup related to that device will be deleted. You'll have to setup again after you reconnect to the VPN.

Security

We would like to highlight the risks of port forwarding here. Exposing open ports to the Internet for long time will definitely impose a risk. There're tons of attackers out there, constantly scanning for any vulnerabilities. So do exercise cautions when enabling port forwarding.

You should ensure that your system and all softwares are up to date. At the same time, enable port forwarding only when it's needed, and only forward to the ports that're necessary to be open to the Internet. Make sure you know which software will accept connections to the ports and it is ready to do so when you port forward.

 

Don't let your VPN stop you sharing your loved moments.

Sign up today for a VPN with port forwarding enabled.


Authored by OneMole on https://www.onemole.com/blog
Licensed under CC BY-NC 4.0 except otherwise stated. © 2021