0

I was wondering why we have to do port forwarding for every local resource that we need to access from the outer world (by outer world I mean someone else internet connection then ours) For instance, to access ssh of our local machine we have to port forward so that we can access it from outer world. Same goes for CCTV cameras to access them from outer world we have to port forward.

My question is why we have to port forward? Why it can't be done without it?

Improve this question
1
  • Based on your comments, you may be interested in this answer.
    – Ron Maupin
    Commented Nov 24, 2019 at 5:39

1 Answer 1

Reset to default
1

It can certainly be done if the devices have their own "public" IP addresses – that is, addresses that every client knows how to reach. That's already how many online services work, if the server has a dedicated IP address then it needs no port-forwarding at all.

But in most cases on home (and small business) internet connections, the ISP only provides one public IPv4 address for the customer's entire network, and that address is assigned to the customer's main router. All other devices (computers, printers, CCTVs) only get "private" addresses that only make sense within the same network.

So in that situation, when the router receives a connection to its IP address, it has no way of knowing which device you meant to connect to – the only information it has is the TCP port number (service), which says nothing about the intended destination device. Your LAN might have 5 or 10 different devices answering to the same port 80 (HTTP).

So "port forwarding" is needed to create a lookup table from TCP port to internal IP address (usually). If the devices have public IP addresses and not internal ones, then port forwarding is not necessary.

(More accurately, port-forwarding is a packet rewriting feature which literally changes the destination address and/or port number inside the packets, but that doesn't say much about why it's needed.)


Recently many ISPs have started adopting IPv6, which has plenty of IP addresses available – allowing each internal device even on a home LAN to have its own publicly reachable address. This again makes port forwarding unnecessary.

(Although on the other hand, you still need to add firewall rules allowing incoming connections – port-forwarding would do this automatically on most routers, but now you need to do it manually, so in the end it's the same amount of configuration...)

Improve this answer
8
  • Ok, so from what I have understood. It's necessary because for all incoming connections to my public IP, router won't know where to forward this traffic to my laptop or to my phone? So by port forwarding we explicitly tells it that if an incoming connection is on port XX let it reach to my laptop. Am I correct?
    – Ron
    Commented Nov 23, 2019 at 15:26
  • Yes, that's correct.
    – grawity_u1686
    Commented Nov 23, 2019 at 15:28
  • Have you ever thought how great it would have been if we got an option to specify our ip this way. <public_ip>:<local_ip> former part would have identified my connection and later part would have identified my device.
    – Ron
    Commented Nov 23, 2019 at 15:30
  • 1
    I have thought of it, but logically, if you have two 32-bit addresses, that's no different from a single 64-bit address. Indeed I think there were some early IPng proposals to do what you suggest (using IP 'options'), but either way it would have required changes to IPv4 all over the internet – and if you're going to change it, might as well just make the actual address field larger in the first place...
    – grawity_u1686
    Commented Nov 23, 2019 at 15:42
  • I guess you can think about it in the opposite way too. In IPv6, we have 128-bit addresses, but since each customer gets at minimum a /64 address prefix, logically you could think of it as 64-bit public address + 64-bit internal address. (And if a business customer gets a /48 prefix, then you can think of it as 48-bit public + 16-bit subnet + 64-bit internal.)
    – grawity_u1686
    Commented Nov 23, 2019 at 15:45

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .