POrt FOrwarding

Hi All

Got a question about port forwarding

simple really - IS it safe ?

From what I have read I understand that you are opening ports for certain programs to accept incoming connections from the internet.

Well if you have got ceratin ports open for certain programs, what is stopping someone hacking that port ?

 

If you enable port forwarding, you simply tell the router to forward a certain port to your computer as if it were directly connected to the internet. A computer connected directly to the internet has all ports forwarded to his PC (not really forwarded, but you get the point). An application needs to be listening on a certain port to be able to connect to it. So it is impossible to connect to ports that are closed. Forwarding ports is not the same as opening ports. If you have a decent firewall installed, you're safe.

I prefer to use UPnP enabled hardware/software. This way the program itself can set up port forwarding on the router and remove the ports when it shuts down.

 

Please see this link for a simple explanation of port forwarding.

Yes, you are correct, this does seem like you are opening holes in your security. I'd have to ask what you intended to do with this to give you a complete answer. If you had intended only to connect to your home machines via say a laptop outside your network, you could enable MAC address filtering, so only the network adapters you specify are able to connect. I think this would be most secure, as MAC addresses are unique to the network adapter.

And/Or, you could also run a packet sniffer like Ethereal on these ports to analyze exactly what traffic is passing through, but that's really getting down to the nitty gritty.

In any case, I would strongly recommend that you couple your router's hardware firewall with software firewalls like Sygate Personal Firewall on each of your clients.

Edit: Sorry, erikske, seems you're faster than I!

 

Cheers for the responses as always guys

I see what you mean now - it is the router that is forwarding the data to the specified port on the client - the routers port is still actually closed - Just one thing though - if certain popular programs use a certain port or port range, the port range will be widely publicised. What is stopping a hacker pretending to be such a program scanning my ports within that range and getting through? After all my client will be listening for connections on a specific port from a specific program! - Perhaps I am being a little paranoid here but it is just a thought I have had


erikske -Yeah UPnP progs/hardware would be preferable but the programs I am using that require port forwarding are Azurues & Shareaza. As far as I am aware only Azureus has UPnP and I have read a bit about UPnP and it has mixed views in terms of how effective it actually is - Point taken though & thanks for your response

Mada_Milty - Point also noted about the firewall - at present I am using the Hardware firewall as part of my router I have performed online port scans and I appear to be ok - my plan is to configure both my clients so that everything works how I want it to then I will add the software firewall, that way I know that when everything stops working (which it is bound to) it is only my newly installed software firewall that needs playing with! Also thanks for your response

 

For all the best help and step by steps on port forwarding, you can't go past
http://www.portforward.com/default.htm
Best bar none.