NAT Forwarding: Open Ports for Special Services
As you might recall from the previous article What is NAT, NAT (Network Address Translation) is a key technology for the internet connection-sharing. It makes your local devices with private IP addresses use the same public IP address to communicate with devices on the internet, which protects your private network by hiding IP addresses of your devices. However, it also brings about the problem that devices on the internet cannot initiatively communicate with your local devices because of hidden IP addresses. And NAT Forwarding feature comes to the rescue.
NAT and NAT Forwarding feature are often used in conjunction with each other. NAT Forwarding feature can penetrate the isolation of NAT with certain ports open and allows devices on the internet to initiatively communicate with local devices, thus realizing some special functions. For example, if you have a Wi-Fi camera or an FTP server that you want to be accessible via the internet, you will have to set up rules for internet traffic using NAT Forwarding feature.
The TP-Link router supports 4 forwarding rules, including Virtual Servers, DMZ (Demilitarized Zone), Port Triggering, and UPnP (Universal Plug and Play).
- Virtual Servers - Share Local Resources on the Internet
- DMZ - Make Applications Free from Port Restriction
- Port Triggering - Open Ports Dynamically
- UPnP - Make Xbox Online Games Run Smoothly
Virtual Servers - Share Local Resources on the Internet
A virtual server defines the relation between a port and a local device. When you build up a server on the local network, all requests from the internet to a specific port will be directly forwarded to the designated device, thus ensuring the free communication.
Virtual Servers can be used for setting up public services on your local network such as Web (HTTP), FTP, DNS, POP3/SMTP, Telnet or other specialized applications. Different services use different service ports.
- Web (HTML): port 80
- FTP server: port 21
- DNS: 53
- POP3 email service: port 110
- SMTP: port 25
- Telnet: port 23
For example, if you’ve built a personal website on the local network and hope your friends can visit it in some way, you can build up a server of Web (HTTP) service (port 80), after which your friends’ visit request will be redirected to your personal website. At the same time, Virtual Servers can also keep your local network safe as other services are still invisible from the internet.
To learn how to build up a virtual server on your local network:
https://community.tp-link.com/en/home/stories/detail/692
DMZ - Make Applications Free from Port Restriction
Set your device to be a DMZ (Demilitarized Zone) host on the local network, and then it becomes a virtual server with all ports open. It is totally exposed to the internet, which can realize the unlimited bidirectional communication between local devices and devices on the internet. It is helpful when you are using some online games and video conferencing applications.
Unlike Virtual Servers, a DMZ host makes all requests from the internet forwarded to one designated device by default. When you are not clear about which ports to open in some special applications, such as IP camera and database software, you can set the device to be a DMZ host.
For example, due to some port restriction, when playing the online games, you can log in normally but cannot join a team with other players. Few things are more frustrating than that. To solve the problem, set your PC as a DMZ host with all ports open, and then you can make a team to game with other players just you like.
But it may bring some potential safety hazards since it’s totally exposed to the internet. If DMZ is not in use, please disable it in time.
To learn how to set your device to be a DMZ host: https://community.tp-link.com/en/home/stories/detail/698
Port Triggering - Open Ports Dynamically
Port Triggering is a feature used to dynamically forward traffic on a certain port to a specific server on the local network. It is the same as Virtual Servers, but with an additional switch to each port. Port Triggering can dynamically open ports to any device when needed and close the ports when they are no longer needed.
Port Triggering can specify a triggering port and its corresponding external ports. When a device on the local network initiates a connection to the triggering port, all the external ports will be opened for subsequent connections. The router will record the IP address of the device. When the data from the internet return to the external ports, the router can forward them to the corresponding device that triggered it.
It is an advanced feature mainly applied to online games, VoIPs, video players and common applications including MSN Gaming Zone, Dialpad and Quick Time 4 players, etc.
To learn how to enable Port Triggering: https://community.tp-link.com/en/home/stories/detail/696
UPnP - Make Xbox Online Games Run Smoothly
The UPnP (Universal Plug and Play) protocol allows applications or host devices to automatically find the front-end NAT device and send request to it to open the corresponding ports. When UPnP is enabled, the applications or host devices on the local network and the internet can freely communicate with each other thus realizing the seamless connection of the network.
UPnP is enabled by default and is recommended to keep it enabled if you want to use applications for multiplayer gaming, peer-to-peer connections, real-time communication (such as VoIP or telephone conference) or remote assistance, etc.
For example, when you connect your Xbox to the router which has connected to the internet to play online games, UPnP will send request to the router to open the corresponding ports allowing the following data penetrating the NAT to transmit. Therefore, you can play Xbox online games without a hitch.
To learn how to enable UPnP: https://community.tp-link.com/en/home/stories/detail/694
In addition, NAT and ALG (Application Level Gateway) are also used in conjunction with each other. Similar to NAT, ALG translates the IP addresses and/or port numbers while manages specific application protocols such as FTP, SIP, and RTSP. When IP packets between local and outside network pass through the network boundary, ALG inspects the traffic (packets) and modifies it if necessary, which also providing an extra layer of your home network security.
The above is the introduction of the NAT Forwarding rules. If you are still confused, here’s a summary. Check out the differences and choose the one you need.