laurentio
28th October 2008, 01:07 PM
The internet works using two main address units: the IP Address and the port. When your computer makes a call on the internet--trying to load www.dd-wrt.com (http://www.dd-wrt.com) for example--it starts by asking the IP address of www.dd-wrt.com (http://www.dd-wrt.com) for the webpage. However, it can't just ask dd-wrt.com's IP address for the webpage files--that would be like leaving off the apartment number when mailing someone. It needs to ask dd-wrt.com's IP address on port 80--the universal webpage port. Your computer instructs the response to be sent back to your IP address on some port that you opened to recieve that data. By using ports, your computer can keep track of which stream of data belongs to what.
For example, when requesting a webpage with some text and 1 image, your web browser might ask that the main text content be sent back to it on port 10345 and the image be sent back on 10548. It might also be recieving instant messages on other ports and e-mails on yet other ports. The ports here don't matter because your computer just makes them up on the fly.
What does matter are server ports. A web server doesn't announce that it's waiting for webpage requests on port 80, that's just known. It's a standard. In fact, all of the ports from 1-1024 are set asside for such standardization.
On the internet there are two types of addresses: public IP addresses and private IP addresses. Public IP addresses are those addresses that are routable on the internet. These consist of the bulk of all IP addresses.
Addresses that begin with 10.x.y.z or 192.168.x.y (where x, y, and z can be anything 0-255) are strictly private addresses and cannot exist on the internet. Additionally, 127.x.y.z is set asside as the local loop back address and, depending on your computer, 127.x.y.z will reach your own system. On most computers this is limited to 127.0.0.1, but that needn't be so.
There are only 232 possible IP addresses, and worldwide there are many more than 232 devices (computers, printers, scanners, etc) that would like to have internet IP addresses. Private Addresses and, more specifically, NAT were setup to solve the problem of a limited number of IP addresses. The new IP Protocol specification, IPv6 intends to solve this problem by increasing the number of addresses.
Network Address Translation (NAT) works by making an entire network of privately addressed devices appear as just 1 device on the internet. NAT is usually done inside of a router, like the WRT54G, but can also be done on a computer running Linux, MAC OS, or Windows provided you have more than 1 network adapter.
When a computer behind a NAT device makes a call to the internet, it sends it's packet to the NAT device just as though it were going to send it directly to it's destination. To the privately addressed device, the NAT device appears to be any ordinary router.
When the NAT device recieves a packet destined for the internet, it reconstructs the packet taking note of the original sender IP and Port and then resends that packet as though it were making the request. When the information comes back, it sends it back to the original device as though it had come from the computer on the internet.
____________________________________EXAMPLE_______ _______________________________________
___ ___
__\ /____/ \ Broadband | WRT54G |
www.dd-wrt.com------/(The (http://www.dd-wrt.com------/%28The) Internet)\-----Connection----|WAN 64.125.x.y |
(207.234.129.65:80) \__/\__/\______/ |LAN 192.168.1.1|-----Computer A
(Cloud) ;) 192.168.1.100
1. Computer A tries to connect to www.dd-wrt.com (http://www.dd-wrt.com), it sends a packet like:
To=207.234.129.65:80 From=192.168.1.100:16848 Get index.html
2. The WRT54G intercepts this packet and sends the following:
To=207.234.129.65:80 From=64.125.15.256:15846
and makes a note:
Anything recieved on port 15846 goes to 192.168.1.100 on port 16848
3. www.dd-wrt.com (http://www.dd-wrt.com) responds with
To=64.125.15.256:15846 From=207.234.129.65:80 <Contents of Index.html>
4. The WRT54G sees the information is addressed to 15846, so it sends:
To=192.168.1.100:16848 From=207.234.129.65:80 <Contents of Index.html>
In this way neither www.dd-wrt.com (http://www.dd-wrt.com) nor Computer A knew that they weren't talking directly to each other.
(all ports except 80 were completely made up and were simply for illustration<br>
64.125.15.256 is an invalid ip address on purpose)
__________________________________________________ __________________________________________________ ____________________
Configuring Port Forwarding
It's a good idea to set static IP addresses for any computers you would like to forward ports to. This can be done using Static DHCP or by manually configuring IPs in your OS. Be sure to set your static IPs outside of your automatic (DHCP) address range. This range is 192.168.1.100-192.168.1.149 by default.
Port Forwarding using the Webinterface
Port Range Forward
http://www.dd-wrt.com/wiki/images/thumb/2/25/PortRangeForward.jpg/300px-PortRangeForward.jpg (http://www.dd-wrt.com/wiki/index.php/Image:PortRangeForward.jpg) http://www.dd-wrt.com/wiki/skins/common/images/magnify-clip.png (http://www.dd-wrt.com/wiki/index.php/Image:PortRangeForward.jpg)
Portforwarding for a web server and a bittorrent client
This is the most common port forwarding and always forwards ports to the same machine (LAN IP) on the network.
Browse to the web interface.
Click on the "NAT/QoS" tab.
Click on the "Port Range Forward" subtab.
Enter any Application name you'd like. This is for your own reference and does not matter to to the router.
Enter the Start port in the range you'd like to forward.
Enter the End port in the range you'd like to forward. If you're just forwarding 1 port, set them both equal.
Enter the local IP Address of the machine you'd like to forward the port to.
If the computer your forwarding to is configured by for automatic IP address by DHCP, you will periodically have to update the last field to reflect the machine's current Local IP Address.
Here you can see that connecting to <WAN_IP_Address>:80 will bring you to the webserver on 192.168.1.2 and connecting to any port between 6881 and 6889 on <WAN_IP_Address> will bring you to the bittorrent client on 192.168.1.2.
For example, when requesting a webpage with some text and 1 image, your web browser might ask that the main text content be sent back to it on port 10345 and the image be sent back on 10548. It might also be recieving instant messages on other ports and e-mails on yet other ports. The ports here don't matter because your computer just makes them up on the fly.
What does matter are server ports. A web server doesn't announce that it's waiting for webpage requests on port 80, that's just known. It's a standard. In fact, all of the ports from 1-1024 are set asside for such standardization.
On the internet there are two types of addresses: public IP addresses and private IP addresses. Public IP addresses are those addresses that are routable on the internet. These consist of the bulk of all IP addresses.
Addresses that begin with 10.x.y.z or 192.168.x.y (where x, y, and z can be anything 0-255) are strictly private addresses and cannot exist on the internet. Additionally, 127.x.y.z is set asside as the local loop back address and, depending on your computer, 127.x.y.z will reach your own system. On most computers this is limited to 127.0.0.1, but that needn't be so.
There are only 232 possible IP addresses, and worldwide there are many more than 232 devices (computers, printers, scanners, etc) that would like to have internet IP addresses. Private Addresses and, more specifically, NAT were setup to solve the problem of a limited number of IP addresses. The new IP Protocol specification, IPv6 intends to solve this problem by increasing the number of addresses.
Network Address Translation (NAT) works by making an entire network of privately addressed devices appear as just 1 device on the internet. NAT is usually done inside of a router, like the WRT54G, but can also be done on a computer running Linux, MAC OS, or Windows provided you have more than 1 network adapter.
When a computer behind a NAT device makes a call to the internet, it sends it's packet to the NAT device just as though it were going to send it directly to it's destination. To the privately addressed device, the NAT device appears to be any ordinary router.
When the NAT device recieves a packet destined for the internet, it reconstructs the packet taking note of the original sender IP and Port and then resends that packet as though it were making the request. When the information comes back, it sends it back to the original device as though it had come from the computer on the internet.
____________________________________EXAMPLE_______ _______________________________________
___ ___
__\ /____/ \ Broadband | WRT54G |
www.dd-wrt.com------/(The (http://www.dd-wrt.com------/%28The) Internet)\-----Connection----|WAN 64.125.x.y |
(207.234.129.65:80) \__/\__/\______/ |LAN 192.168.1.1|-----Computer A
(Cloud) ;) 192.168.1.100
1. Computer A tries to connect to www.dd-wrt.com (http://www.dd-wrt.com), it sends a packet like:
To=207.234.129.65:80 From=192.168.1.100:16848 Get index.html
2. The WRT54G intercepts this packet and sends the following:
To=207.234.129.65:80 From=64.125.15.256:15846
and makes a note:
Anything recieved on port 15846 goes to 192.168.1.100 on port 16848
3. www.dd-wrt.com (http://www.dd-wrt.com) responds with
To=64.125.15.256:15846 From=207.234.129.65:80 <Contents of Index.html>
4. The WRT54G sees the information is addressed to 15846, so it sends:
To=192.168.1.100:16848 From=207.234.129.65:80 <Contents of Index.html>
In this way neither www.dd-wrt.com (http://www.dd-wrt.com) nor Computer A knew that they weren't talking directly to each other.
(all ports except 80 were completely made up and were simply for illustration<br>
64.125.15.256 is an invalid ip address on purpose)
__________________________________________________ __________________________________________________ ____________________
Configuring Port Forwarding
It's a good idea to set static IP addresses for any computers you would like to forward ports to. This can be done using Static DHCP or by manually configuring IPs in your OS. Be sure to set your static IPs outside of your automatic (DHCP) address range. This range is 192.168.1.100-192.168.1.149 by default.
Port Forwarding using the Webinterface
Port Range Forward
http://www.dd-wrt.com/wiki/images/thumb/2/25/PortRangeForward.jpg/300px-PortRangeForward.jpg (http://www.dd-wrt.com/wiki/index.php/Image:PortRangeForward.jpg) http://www.dd-wrt.com/wiki/skins/common/images/magnify-clip.png (http://www.dd-wrt.com/wiki/index.php/Image:PortRangeForward.jpg)
Portforwarding for a web server and a bittorrent client
This is the most common port forwarding and always forwards ports to the same machine (LAN IP) on the network.
Browse to the web interface.
Click on the "NAT/QoS" tab.
Click on the "Port Range Forward" subtab.
Enter any Application name you'd like. This is for your own reference and does not matter to to the router.
Enter the Start port in the range you'd like to forward.
Enter the End port in the range you'd like to forward. If you're just forwarding 1 port, set them both equal.
Enter the local IP Address of the machine you'd like to forward the port to.
If the computer your forwarding to is configured by for automatic IP address by DHCP, you will periodically have to update the last field to reflect the machine's current Local IP Address.
Here you can see that connecting to <WAN_IP_Address>:80 will bring you to the webserver on 192.168.1.2 and connecting to any port between 6881 and 6889 on <WAN_IP_Address> will bring you to the bittorrent client on 192.168.1.2.