0

I am trying to open a port in my Linux machine but I am having some trouble. I looked up some information about port forwarding and I found this What is port forwarding and what is it used for? and jcrowfordor's post (the long post with a picture) helped me understand it better.

But I still have some trouble opening a port. I looked up tutorials and videos and it always says:

  • 1-Forward the port in the router
  • 2-Download ufw
  • 3-Create a rule in ufw that allows inbound traffic to that port

I did all that and it didn't work. Maybe I am doing something wrong? I still have some doubts about port forwarding so I think that clearing those doubts might help me figure out what I am doing wrong.

Also, the whole firewall configuring+router portforwarding might be unnecessary, because I have a Linux Mint VM that accepts inbound traffic to any port I bind using netcat (I use sudo nc -l portnumber). Why is that? I haven't configured anything, except for disabling the Linux Mint's firewall. If I disable the other Linux's firewall it still refuses connections.

My doubts regarding port forwarding are:

  1. When a computer from a network wants to communicate with another computer in that network does the packet it sends to the router count as inbound traffic? If so, in order for the destination computer to receive it I have to forward a port on the router, right?
  2. What if I want 2 or more computers to be able to receive connections on the same port? Do I have to forward that port in the router for all those computers?
  3. If yes, how does the router know to which computer it should send the inbound traffic? What happens when it comes from the network and when it comes from out of the network?
Community
  • 1
Mark Read
  • 503

2 Answers2

1

1) no. it goes straight to the LAN server without crossing the router (it never gets recieved on the routers WAN). Most commercial routers will not let an internal host connect to the routers WAN. Those that do support whats called NAT Hairpinning. To test a NAT port forward rule without hairpinning, you must do so from another network.

2) If you want tcp\80 on two differant boxes to forward, you will have to use differant external port numbers so that WAN:80 -> PC1:80 and WAN:81 -> PC2:80. Port numbers on teh WAN side must be unique, or it could not tell which server you want to use, and NAT forwarding is always unicast, so you could not send the packet to both internal servers.

3) NAT rules require you to specify the local IP address of the LAN server that will recieve the packets incomming on the port.

Frank Thomas
  • 37,476
0

Solution to the netcat problem:

Use nc -l -p port instead of nc -l port. That simple.

Mark Read
  • 503