Port Forwarding and VPNs: A Complete Guide
What is port forwarding?
Port forwarding refers to the way your router is set up to transfer data more directly. Let’s start with a simple explanation, and then we’ll go deeper.
When you set up port forwarding, you’re essentially telling your router to send some data directly to a specific device on your network, bypassing some security processes. This can increase your speeds, and provide a number of benefits.
At the same time, it is not without risks. We do not encourage you to use port forwarding, and it is important to remember that NordVPN is not compatible with port forwarding. However, let’s explore the technical side of port forwarding in a little more depth.
How does port forwarding work?
To understand port forwarding, you first need to understand what your router does. You can think of it as a mix between security guard and mail sorting. Your NAT firewall, which lives on your router, sends incoming connections to the devices you request, thus also blocking unwanted incoming data. It does this automatically, but if you want your home devices to connect to a remote machine, you need to set up port forwarding.
Your router has more than 60,000 ports. About the first 1000 are usually reserved for specific standard jobs. The rest can be customized to whatever hardware or software you want.
You can do this by opening a port on your router and assigning it to a specific device. Now, when a device sends a connection request to your router, it will automatically establish a direct connection. Here’s more on how to find your port number.
Again, it’s worth noting that port forwarding won’t work with NordVPN, and we don’t encourage people to use this process.
What is the purpose of port forwarding?
Port forwarding is useful when you need to make a direct connection between a device in your home network and a remote device. For example:
- watching a surveillance camera or baby monitor when you are away from home;
- connect to your home server remotely;
- Use remote desktop software to access your home computer;
- allow other users to connect to your public web server;
- Connect to an IoT device on your home network;
- configure a direct connection to the game server;
- Maintain direct and uninterrupted access to the VoIP call server.
There are many other legitimate uses for port forwarding, but many of them are advanced and beyond the scope of this introductory article.
How to set up port forwarding
The specific instructions for port forwarding can be different for each router or brand, so here’s a general overview of what the process might look like:
- Log in to your router. You can do this by entering the IP address of the router (in other words, the default gateway) in the address bar.
- Open the port forwarding settings panel. There, you will see a list of empty port configurations.
- Choose one configuration and enter the internal and external port numbers (your best bet is above 1000 and below 65000). In most cases, the external and internal ports do not actually have to match each other, as long as the external and internal devices know which devices to use.
- Once the ports are set, enter the local IP address of the device you want the port to connect to on your network (the local address will be different from your router’s IP address, since one of your router’s tasks is to hide your individual IPs under the router’s public IP) .
- Now the router can forward any request sent to that specific port directly to your device without revealing its IP address. But what does this request look like?
Let’s say your router’s IP address is 123.456.789. If the port you set to connect to your home security camera is 3579, a request will be sent to your router to connect directly to the camera by forwarding the port to this address: 123.456.789:3579. It’s like asking for a phone number with an extension!
Is port forwarding safe?
Imagine that your router’s ports are doors, most of which are closed. Information from the Internet can still be accessed – it only needs to be checked and allowed by the router. But when one of these doors is opened, anyone who tries to open that door can enter it directly.
In a sense, it’s not as bad as it sounds – this open port (or unlocked door) only leads to the device it was directed to. But as we will explain, there are many ways port forwarding can make you vulnerable to online threats.
Is port forwarding dangerous?
If your security camera’s password, for example, is weak (or there is no password), an intruder can see or even control what the camera sees. An open port directly on your computer can be used to infect your computer or to unlock the rest of the network. It is therefore essential to protect your devices with strong passwords (see What makes a strong password here).
On the other hand, there are exceptions. You may not want the web server that hosts your website to be completely password protected, as some pages must be public, but you will need to make sure that you can secure these pages and any data should remain private.
Another problem is that manually configured ports stay open until you manually close them. They can be used and abused while sleeping or while traveling. It is usually impossible to use a port that is already occupied, but hackers will have a much easier time trying to connect to an open and unused port.
Does port forwarding work with a VPN?
VPN port forwarding allows incoming data to get around your NAT firewall, speeding up your Internet connection. There are several reasons to use VPN port forwarding. It can increase your download speed, help you access your computer when you are away, and set up a direct connection to your game server.
Port forwarding and porting can work with the VPN protocol in general, but not with NordVPN. Our apps block almost all port connections from within your device except for those most used by popular apps. This was a difficult decision and might upset some users, but we’d like to explain why we’re doing this.
Browsing the Internet using open ports exposes you to a number of security risks. Blocking access to all ports except for those that are essential for VPN functionality is part of how NordVPN keeps you secure. Otherwise, we cannot guarantee your online safety.
If you are not covered by a VPN yet, download the NordVPN app for free and find the subscription that works for you. Once you launch the app, you will be protected with some of the best encryption in the industry.
NordVPN is very easy to use. It will also provide you with a variety of features and many servers to choose from.
Online security starts with one click.
Protect your traffic with NordVPN.
What is UPnP Protocol?
You may have previously used port forwarding without configuring ports manually or even realizing them. how? Your device has used Universal Plug and Play (UPnP), which allows apps on your device to open ports on the router when needed and close them when done.
UPnP may be convenient but it does add its own potential security issues. It assumes that every device on your local network is trustworthy. So if you get infected with malware and want to start a direct connection with a remote hacker, your UPnP router will allow it without a doubt. Opening such a connection would be much more difficult with UPnP disabled.
Routers that are outdated or have weak UPnP implementations can be vulnerable to a number of UPnP exploits. Some of these devices can open all the ports on your router or use UPnP to change your DNS server (you can read about DNS spoofing and other common hack attacks here).
port forwarding vs port operation
Port operation is very similar to port forwarding, but with some key differences. Some of these help support some of their own security vulnerabilities, but they also limit the instances in which port running can be useful.
First, when you set up port triggering, the port of your choice stays locked. It will only open if it is powered by the external connection.
When the outgoing connection that opened the port ends, the port will be closed after a specified period of time. This makes the connection more secure because it makes the local machine control the opening of the connection. However, it also means that it is difficult or almost impossible to initiate these connections from the outside.
Second, triggering the port does not require you to configure the IP address of a specific device when creating the launcher. This means that any device on your network can initiate the connection, although only one person can use it at a time. In port forwarding, you have to select the specific device using the connection. Depending on your router and your hardware, this can make port triggering a more or less secure option than forwarding.
Does port forwarding improve speed?
Yes. Going back to our analogy of a router as a mail sorter, port forwarding allows you to reduce the time you spend on the sorting stage. If you program your router to forward data from specific ports to predefined devices on your network, you can speed up your Internet connection by several milliseconds and reduce download time dramatically.
Port Forwarding vs VPN: Which Should You Prioritize?
Like we said, port forwarding will not work with a VPN. This raises the question: If you can only have one or the other, which is more important?
Although every situation is different, we always urge you to use a VPN. The limited benefits of port forwarding do not balance well with the serious risks of surfing the Internet without proper encryption. A premium VPN can guarantee a level of security and privacy unmatched by any other service, and it can actually speed up your internet without any port forwarding.
It does this by protecting your browsing activity from your Internet Service Provider or ISP. Many ISPs will limit your bandwidth during peak times, slowing down your internet if they see you’re doing anything that uses large amounts of data. However, if they don’t know what you’re doing, you’ll be protected from bandwidth throttling.
For speed, security, and peace of mind, we recommend using a VPN whenever possible.
Check out NordVPN on YouTube.
Get the latest cyber news and tips