- What is port forwarding
- Does port forwarding work with a VPN?
- What is UPnP?
- Port forwarding vs. port triggering
- Does port forwarding improve speed?
- Port forwarding vs. a VPN: which should you prioritize?
What is port forwarding?
The term port forwarding refers to a way of setting up your router to move data a little more directly. Let’s start with a simple explanation, and then we’ll go a bit deeper.
When you set up port forwarding, you essentially tell your router to send some data straight to a specific device on your network, bypassing certain security processes. This can potentially increase your speeds, and offers a number of benefits.
At the same time, it’s not without risks. We do not not encourage you to use port forwarding, and it’s important to remember that NordVPN is not compatible with port forwarding. That being said, let’s explore the technical side of port-forwarding in a bit more depth.
How does port forwarding work?
To understand port forwarding you first need to understand what your router does. You can think of it as a mix between a security guard and a mail sorter. Your NAT firewall, which lives on your router, sends incoming connections to the devices that requested them, by extension also blocking unwanted incoming data. It does this automatically, but if you want your home devices to connect to a remote device, you need to set up port forwarding.
Your router has over 60,000 ports. About the first 1,000 are ordinarily dedicated to standard specific functions. The remaining can be assigned to any device or program you want.
You can do so by opening a port on your router and assigning it to a specific device. Now, when a device sends a connection request to your router, it will automatically create a direct connection. Here’s more about how to find your port number.
Again, it’s worth noting that port forwarding will not work with NordVPN, and we don’t encourage people to use this process.
What is the purpose of port forwarding?
Port forwarding is useful whenever you need to make a direct connection between a device in your home network and a remote device. For example:
- Watch a security camera or baby monitor when away from home;
- Connect to your home server remotely;
- Use remote desktop software to access your home computer;
- Allow other users to connect to your public web server;
- Connect to an IoT device on your home network;
- Form a direct connection to a gaming server;
- Maintain uninterrupted and direct access to a VoIP call server.
There are many other legitimate uses for port forwarding, but many of them are advanced and beyond the scope of this introductory article.
How to set up port forwarding
The specific instructions for port forwarding can be different for each router or brand, so here’s a general overview of what the process might look like:
- Log into your router. You can do so by entering your router’s IP (or in other words, default gateway) into the address bar.
- Open the port forwarding settings panel. There, you should see a list of empty port configurations.
- Choose one configuration and enter internal and external port numbers (your best bet is to go over 1,000 and under 65,000). In most cases, the external and internal ports don’t actually have to match each other, as long as the external and internal devices know which ones to use.
- Once the ports are set, enter the local IP address of the device you want the port to connect to on your network (the local address will be different from your router’s IP address, since another one of your router’s jobs is to hide your devices’ individual IPs under the router’s public IP).
- Now the router can redirect any request sent to that specific port straight to your device without revealing its private IP address. But what does that request look like?
Say your router’s IP address is 123.456.789. If the port you set to connect to your home security camera is 3579, then a request to your router to connect directly to the camera via port forwarding would be sent to this address: 123.456.789:3579. It’s just like dialing a phone number with an extension!
Is port forwarding safe?
Imagine that your router’s ports are doors, and most of them are locked. The information from the internet can still get in – it just has to be checked and allowed in by the router. But when one of those doors is unlocked, anyone who tries that door can open it and walk right in.
In one sense, it’s not as bad as it sounds – that opened port (or unlocked door) only leads to whichever device it was pointed at. But as we’ll explain, there are many ways in which port forwarding can leave you vulnerable to online threats.
Is port forwarding dangerous?
If, for example, your security camera has a weak password (or no password), an intruder could see what the camera sees or even control it. A port opened directly to your PC could be used to infect your computer or to unlock the rest of your network. Therefore it’s essential to protect your devices with strong passwords (see what makes a strong password here).
On the other hand, there are exceptions. You may not want a web server hosting your website to be completely password protected, as some pages will have to be public, but you’ll need to make sure that you can secure those pages and any data that needs to remain private.
Another issue is that manually configured ports remain open until you manually close them. They can be used and abused while you sleep or while you travel. It’s usually impossible to use a port that’s already occupied, but hackers will have a much easier time trying to connect to a port that is open and not in use.
Does port forwarding work with a VPN?
VPN port forwarding allows incoming data to get around your NAT firewall, speeding up your internet connection. There are several reasons to use VPN port forwarding. It can increase your download speed, help you to access your computer when you’re away, and form a direct connection with a gaming server.
Port forwarding and triggering could work with a VPN protocol in general, but not with NordVPN. Our apps block almost all port communication from within your device except for the ones most commonly used by popular applications. This was a tough decision that may inconvenience some users, but we’d like to explain why we did this.
Browsing the internet with open ports exposes you to a number of security risks. Blocking access to all ports except those that are essential for VPN functionality is part of how NordVPN keeps you secure. Otherwise, we wouldn’t be able to ensure your safety online.
If you aren’t yet covered by a VPN, download VPN app for free and find the subscription that works best for you. Once you launch the app, you’ll be protected by some of the best encryption in the industry.
NordVPN is extremely easy to use. It will also provide you with a variety of features and a multitude of servers to choose from.
What is UPnP?
You might have previously used port forwarding without actually manually configuring the ports or even being aware of it. How? Your device used Universal Plug and Play (UPnP), which allows apps on your device to open ports on your router when needed and to close them when they’re done.
UPnP might be convenient but it adds its own potential security issues. It assumes that every device on your local network is trustworthy. So if you happen to get infected by malware that wants to initiate a direct connection with a remote hacker, your UPnP router will allow it without question. Such a connection would be much more difficult to open with UPnP disabled.
Outdated routers or ones with poor UPnP implementations can be vulnerable to a number of UPnP exploits. Some of these can open all of the ports on your router or use UPnP to change your DNS server (you can read about DNS spoofing and other common hack attacks here).
Port forwarding vs. port triggering
Port triggering is much like port forwarding, but with a few key differences. Some of these help shore up some of its security vulnerabilities, but they also limit the cases where port triggering can be useful.
First, when you set up port triggering, the port you choose remains closed. It will only open in the event that it’s triggered by outbound communication.
When the outbound communication that triggered the port opening ends, the port will close after a specified period of time. This makes the connection more secure because it puts the local device in control of opening the connection. However, it also means these connections are difficult or almost impossible to initiate from outside.
Secondly, port triggering doesn’t require you to configure a specific device IP address when creating the trigger. This means that any device on your network can initiate the connection, though only one can use it at a time. In port forwarding, you have to define the specific device using the connection. Depending on your router and your devices, this can make port triggering either a more or less secure choice than forwarding.
Does port forwarding improve speed?
Yes. Returning to our analogy of the router as a mail-sorter, port-forwarding allows you to cut the time spent at the sorting stage. If you program your router to forward data from specific ports to pre-specified devices on your network, you could speed up your internet connection by several milliseconds and reduce your download time significantly.
Port forwarding vs. a VPN: which should you prioritize?
As we’ve said, port forwarding won’t work with a VPN. That raises the question: if you can only have one or the other, which is more important?
While every situation is different, we would always urge you to use a VPN. The limited benefits of port forwarding really don’t balance out well against the serious risks of browsing the internet without proper encryption. A premium VPN, unlike a free one, can ensure a level of security and privacy that is unmatched by any other service, and it can actually speed up your internet without any port forwarding.
It does this by shielding your browsing activity from your internet service provider, or ISP. Many ISPs will limit your bandwidth during peak times, slowing your internet down if they see you doing anything that uses large amounts of data. However, if they don’t know what you’re doing, you’ll be protected from bandwidth throttling.
Port forwarding is not needed if you use Meshnet. Meshnet’s architecture allows devices to communicate with each other directly, which contributes to a secure connection.
For speed, security, and peace of mind, we recommend using a VPN whenever possible.