Port Forwarding

Last Updated: Jan 16, 2015 11:37AM PST
This article is intended to help those who have followed the instructions for fowarding their ports on portforward.com but still find that their port refuses to open up.  So what exactly is the problem?  Possibilities include (but are not limited to):

Even after having carefully and laboriously followed all the port forwarding instructions previously written, you've found that your port simply refuses to open up. So what exactly is the problem? Possibilities include (but are not limited to):
 
  • Intentional ISP interference: Some ISPs are known to simply block connections to unauthorized ports, in which case your entire network is essentially placed into a firewalled state.
  • Internet connection type: One prominent example of this being the source of the problem are Internet connections that are received wirelessly (though satellite or something similar). Customers of wireless connections are very often not given WAN IP addresses, and so are permanently in a firewalled state. In fact, any kind of connection where you are not in control of the NAT will generally leave you in an unfirewalled state. Such is the case with university-provided connections, where network administrators generally block connections to unauthorized ports.
  • Proxy service: Some ISPs place their users behind a transparent proxy, whereby the port checker might be unable to detect the forwarding state properly. In that case, try a test torrent and let it run for a while. If the network status light turns green, then everything's probably configured properly. Even then, though, being behind a proxy essentially places one behind a firewall, so you might still suffer problems as if you were behind a firewall.
  • Network hardware blocking: Some modems are known to cause issues with your computer being in a firewalled state even though they technically aren't routers. One notorious example is the Motorola SurfBoard brand of modems, which you can read up about at the PortForward.com forums.

User error is also a very common problem when it comes to port forwarding issues, but assuming that everything in the basic port forwarding guide was followed carefully, and none of the above possibilities are applicable, then the problem very likely lies with another issue called double NAT. Unlike any of the other issues listed above, double NAT problems can often be taken care of, provided the user follows the necessary steps as described below.


Double NAT

Double NAT occurs when your computer is sitting behind two or more routers. In most double NAT cases, it turns out that the user has a dedicated router, but was also unknowingly provided with a modem by their ISP that came with router or firewall capabilities. When that is the case, the user simply forwards ports from the router to the computer, leaving the modem alone, and this is exactly where the problem lies. Because the modem acts as a router as well, if it is not configured properly, it essentially means that the user remains in a firewalled state, since the dedicated router that the user did configure is not actually receiving incoming connections on the forwarded port due to everything being blocked by the outermost router -- the modem. Be aware that this is a specific case of the issue at hand. In more severe cases, users can have more than just two routing devices, and rectifying the problem can become that much more difficult, depending on the solution taken.

Removing or Disabling the Extraneous Router

In the simplest of cases, ridding yourself of the double NAT situation comes down to simply removing the extra routers, or disabling their routing capabilities. Using this method assumes that the extraneous routers being operated upon are absolutely unneeded on the network. If that is not the case, then the only solution you have is to chain port forward. With the method being described in this section, only one router should end up on the network, that router being the one that your computers are actually connected to. Some examples are as follows:
 
  • You have a modem that acts as a router, a dedicated router that is connected to the modem, and then your computers that are connected to the router. In this case, you should disable the routing capability in the modem, so that you're left with only the dedicated router as the sole router on the network (which is the one connected to your comptuers).
  • You have a modem that acts as a router, two routers, and all of the computers connected to the same router. In this case, you should disable the routing capability on the modem, and remove the router that no other computers are connected to.

As you can see, the general rule of thumb is that you remove all extraneous routers. You'll notice, though, that the modem with routing capability never gets removed -- that's because the modem function is important for allowing you to actually connect to the Internet. In any case, to disable the router in the modem, you have to physically connect a computer directly to the modem, then visit the configuration page for the modem. Before actually disabling the routing capability, you must be sure to check whether your modem contains login information for your ISP. If it does, then you are going to have to make sure you have a copy of that information on hand. This is most often the case for people using a DSL modem and router, where login information is usually stored where the PPPoA/PPPoE configuration page is. That aside, setting the modem to bridge mode is what you should be combing through its configuration page for. After you do this, everything should hopefully be fine. If you find that your Internet connection no longer works, you should fill the login information you copied into the appropriate location in the remaining active router on your network (if you copied PPPoA/PPPoE settings from the modem, copy it into the PPPoA/PPPoE settings in the router).

Chain Port Forwarding

This method can be very annoying, as it requires that you set static IPs for and forward the desired port through each and every one of them. Basically, you need to follow the basic port forwarding guide for each and every router, except that the IP you're forwarding to is the IP of the next router in the chain of routers leading up to your computer. Each router must be assigned a static IP address, which can normally be set in its configuration pages. While specifics can't be delved into because of the sheer number of different routers available, the following case example might be of use to illustrate the process more clearly:
 
  • You have a modem that acts as a router. A dedicated router (router A) is connected to it. Another dedicated router (router B) is connected to router A. Your computer is connected to router B.
  • The modem's routing subnet starts with 192.168.1.x. It forwards the port specified in µTorrent to router A, which is at IP address 192.168.1.5 on the modem's subnet.
  • Router A has a static IP set to 192.168.1.5. Its own subnet starts with 172.16.1.x. It forwards the port specified in µTorrent to router B, which is at IP address 172.16.1.3 on router A's subnet.
  • Router B has a static IP address set to 172.16.1.3. Its own subnet starts with 10.0.0.x. It forwards the port specified in µTorrent to your computer, which is at IP address 10.0.0.6 on router B's subnet.
  • Your computer has a static IP address set to 10.0.0.6, and because the port was forwarded from the modem to router A, and from router A to router B, then from router B to this computer, the port checker considers your client to be connectable.

Please be aware that that was just an example. Many conditions, including the IP addresses, the number of devices on your network setup, or how everything is connected, will most likely differ from the example. All you can do is adapt the example to your situation and configure everything accordingly. Setting the static IP addresses up properly is extremely important when chain port forwarding. Any mistakes (or failure to do so) means more troubleshooting in trying to figure out which device's IP address changed if your port suddenly becomes unforwarded.
Are you a Pro customer? Contact our support team