WWW FAQs: How do I set up my router to forward ports from the Internet to my computer?

2008-08-18: Your router allows all of your computers to share a single "real" IP address on the Internet. It also protects you by preventing incoming connections from the outside world from causing harm to your computers. But to accept web server or BitTorrent connections, you'll need to open a hole in your router's firewall to pass traffic through to a computer of your choice on the ports you have chosen.
"But I don't have a router!" Oh yes you do... well, most people do.

If you have WiFi, or more than one computer connected to the Internet by any other means, then you definitely have a router (even though it might be built right into your modem) and you must not skip this step. Note that even if you have just one computer, the presence of more than one jack to hook up additional computers or the presence of a wifi antenna on your Internet connection device means that it is definitely a router.

Here I'll assume your goal is to forward traffic on port 80, for a web server. If you are following my BitTorrent article, you'll want to forward traffic on port 40156 instead; just substitute 40156 for 80 in the instructions that follow. If you need to forward more than one port, as in the case of BitTorrent traffic and BitTorrent tracker traffic, just set up more than one forwarding rule.

To begin, log in to the built-in web server of your router as you have most likely done in previous articles. Typically you'll do this with your web browser, by going to an address like http://192.168.2.1/ (for an SMC Barricade G) or http://192.168.1.1/ (for a Linksys WRT54G). But check the manual for your router to be sure. If your router requires a password, and you have lost it, see your router's manual for information about performing a "hard reset" (not just a power cycle) to restore it to factory settings. Sometimes there is a default password which is listed in the manual. I recommend setting a well-chosen, secure password for your router.

Every router is slightly different, so you'll need to consult the manual to find out how to enable "port forwarding" or a "virtual server." Both of these terms refer to the same thing: configuring the router to accept connections on certain ports and forward them to certain ports on your own computer.

About TCP and UDP: TCP traffic (Transmission Control Protocol) is the most common kind of traffic. It's all you need for a website. UDP (User Datagram Protocol) is also used by some types of BitTorrent programs, so enable both TCP and UDP for BitTorrent.

Here's what you need to do: configure the router to forward connections on port 80 to your computer. The exact procedure varies.

There are many routers out there. I can't possibly cover the steps for every single one in detail. Read the manual for your router, which is available on your manufacturer's website if you have lost it. Here I'll give specific instructions for my own SMC Barricade G, and for the popular Linksys WRT54G. If you're following along in your manual, you'll have no trouble adapting these instructions to your own router.

Port Forwarding Steps for the SMC Barricade G

1. Log into your router. Usually the URL is http://192.168.2.1/ and the password is what you chose when you first set it up. Consult the manual if you have never set it up before or need to reset the password.

2. Choose "Advanced Setup"

3. Choose "NAT" (Network Address Translation)

4. Choose "Virtual Server"

5. Add an entry with "LAN IP Address" 192.168.2.11, "Protocol Type" TCP&UDP, "LAN Port" 80, "Public Port" 80, and the "Enable" box checked. This assumes you gave your server - that is, the computer that you're forwarding connections to - the static local IP address 192.168.2.11. If you don't understand this, first follow the steps in my article how do I give my computer a static local IP address?

6. Click "Add." Forwarding should begin immediately.

Port Forwarding Steps for the Linksys WRT54G

1. Log into your router. Usually the URL is http://192.168.1.1/, the username is blank, and the password is what you chose when you first set it up. If you have never set a password, the password (which you should change) is admin. Consult the manual if you have never set up your router before or need to reset the password.

2. Click on the "Applications & Gaming" tab.

3. Click on the "Port Range Forward" tab (in the second row).

4. In the "application" field, type "web" (if you are forwarding wb traffic on port 80) or "torrent" (if you are forwarding bittorrent traffic on port 40156). This is just a "nickname" so that you can recognize what you were trying to do when you come back to it.

5. In the "Start" field, enter: 80

6. In the "End" field, also enter: 80

7. Set "Protocol" to TCP. Web and Bittorrent servers use only TCP, so there's no reason fo forward UDP traffic too and create an unnecessary security risk.

8. In the "IP Address" field, enter: 192.168.1.11

9. Click "Save Settings." Forwarding should begin immediately.

Here I assume that you gave your server - that is, the computer that you're forwarding connections to - the static local IP address 192.168.1.11. If you didn't, it won't work. If you don't understand this, first follow the steps in my article how do I give my computer a static local IP address?

Web visitors see the login prompt of my router when they connect to my hostname!

You are trying to set up a website at home, and visitors see your router's logon prompt instead of your home page. There are two possible explanations for this problem. One isn't really a problem at all. The other is easy to fix.

Problem #1: You Are Testing From Behind Your Own Router

You are trying to access your website by name from behind your router (from one of your own PCs, such as the server itself). With many routers, this does not work because the router automatically assumes any web connection to itself from inside your network is an attempt to log into the router's configuration interface. Test from outside your own network or have a friend do that for you. If you can access your home-hosted website from someone else's computer, you don't have a real problem.

One great way to test your site from the outside world is to use a dialup account. As of this writing, many DSL ISPs offer a limited amount of dialup telephone modem service as a backup and a convenience while traveling. Check your ISP's pages to find out whether you already have access to a dialup account without spending extra money. If you do, you can temporarily disconnect one of your PCs from the network, plug a phone line into your computer's modem (most laptops have a built-in modem), and dial out. Do a sanity check first by visiting a well-known site such as Google to make sure your dialup connection is working. Then try to connect to your home-hosted website. The connection will be at dialup speed, of course, but every website should be tested at dialup speed anyway! Thanks to Stephen Gallagher for this suggestion.

If you want to access your site from a computer behind your router, you'll have to access it at its static local IP address instead of by name (just an example: http://192.168.2.11/ is correct if you followed the suggestions in my articles for an SMC Barricade G).

Problem #2: Remote Router Access Is Enabled

You're testing from a computer outside your network and you still get the router's logon page! What's going on?

Your router has an optional feature that lets you log in and make configuration changes from the Internet. This is not setting up a website. It is remote access to your router's built-in configuration pages. The Linksys WRT54G calls this "remote router access." It is turned off by default for very good reasons.

In your early attempts to figure out how to set up a web server at home, you probably enabled this feature on port 80 by mistake. Disable it now. It's not what you want and it's dangerous too. Turn it off and port 80 will become available for port forwarding purposes instead.

If you really want remote access to your router's configuration interface (and trust me, you don't, it's dangerous), configure it on an alternative port instead of port 80 so it won't conflict with your web server. Then you can log in remotely to your router at http://yourdynamichostname:8080/, (if you choose port 8080). But again, you don't want this. If you're an exception, you probably understand why already.

Conclusion

Now traffic from the outside world can reach your computer on port 40156 (or 80, if you are setting up forwarding for a web server rather than a bittorrent peer). For most readers, the next step is to allow traffic on port 40156 through the firewall software on your own computer.

Share |

Legal Note: yes, you may use sample HTML, Javascript, PHP and other code presented above in your own projects. You may not reproduce large portions of the text of the article without our express permission.

Got a LiveJournal account? Keep up with the latest articles in this FAQ by adding our syndicated feed to your friends list!


Follow us on Twitter | Contact Us

Copyright 1994-2014 Boutell.Com, Inc. All Rights Reserved.