Greg Van DyneDecember 4, 2007

AgendaIntroductionTechnical OverviewProtocols DemonstrationFuture TrendsReferences

IntroductionPort Forwarding

Opening a port in a router or firewall residing in a private network in order to let a party from the outside world contact a user inside. For example, opening ports for VoIP and videoconferencing traffic makes two-way communications easier no matter which side initiates the call. Also called "port mapping," port forwarding can be done by manual configuration or by software.

*definition courtesy of PCWorld.com

What is a port?represents an endpoint or "channel" for network

communicationsOne computer sends data from port of one IP address

to anotherPort numbers can theoretically range from 0 to 65535Only one application can be used at a time on any

given portWhy forward a port?

With routers, firewalls prevent direct comm. between IPs

Ports

A Few Common Ports21 – FTP22 – Secure Shell (SSH)23 – Telnet80 – HTTP110 – POP3 mail3389 – Remote Desktop Protocol (RDP)6112 – Blizzard’s Battle.net gaming service

(Unofficial)*Unofficial – not registered with IANA (Internet Assigned Numbers Authority)

Some Familiar ConceptsTCP – Transfer Control Protocol - 2 computers

directly connect, and remain connected for duration of session *similar to a telephone call

UDP – User Datagram Protocol – sends data and relies on devices in between to deliver properly. Not as reliable *like putting mail in mailbox

NAT – Network Address Translation – determines destinati0on of packets sent to network. This is where port forwarding comes into play.

Static vs. Dynamic IPStatic

Usually ocnfigured within OSEnsures that internal IP never changesPorts can be forwarded once, and will not

require any changes in the futureDynamic

Internal IP fluctuatesCan cause port forwarding not to work

Port TriggeringDynamic port forwarding

Port triggering allows for port to to open only when a certain application is running

Once application stops, access to that port is turned off

Slightly more secure

Things to considerThe need to forward the packets that come to the

router's forwarded port, and the need to rewrite them so that the private machine sees them as originating from the router

Only one networked machine can use a specific forwarded port at one time

Traditional port forwarding allows the entire world access to the port, thus security is reduced

Ports can be changed within registry if unofficial

Reverse Port ForwardingAlso called reverse tunnelingComposed of session server (SS) and session client

(SC)SS connects with session port, SC connects with

session server componentSS tunes in to port that needs forwardedWhen connection is done, it’s forwarded directly to SC

with an accessible destination to that SCUsually needed when a port is behind a router or

firewall but that router or firewall is not configurable with normal port forwarding for one reason or another

ReferencesCadden, C. (2006) “MP3 Player Market to Reach

286 Million Units by 2010.” In-Stat.com. Retrieved Nov. 23, 2007. http://www.instat.com/press.asp?ID=1648&sku=I

N0603155ID.Snell, J. (2004) “How AirTunes Works”

Macworld.com. Retrieved Nov. 23, 2007. http://www.macworld.com/weblogs/editors/archi

ves/000212.php.Wikipedia. (2007) “Digital Living Network

Alliance.” http://en.wikipedia.org/wiki/Digital_Living_Network _Alliance