A couple of questions regarding port forwarding

Port forwarding is needed when an outsider(lets say 'authorized') is about to access the resources of the private network or specific hosts inside that network if those hosts are behind a NAT/PAT applying device like router cos this feature prevents incoming packets coming from outsiders accessing the private network by default while all outgoing packets are allowed.

However, there are a few things i can not figure out here.

1) For ex. we set up a server inside that private network and in order for the people in public network to access this server, incoming packets must be allowed by port forwarding. But, what if we assign a 'static public IP' to that server? that will break up the NAT also incoming connections will be permitted. So, in such a situation, why need port forwarding ?

2) lets say we downloaded a p2p client. Downloading some data from other peers. But, why the heck should we open the relevant ports for incoming connections 'as long as the person downloading are us cos this means outgoing connections and they are allowed by default ?

3) In case of online gaming. We downloaded a game client. As long as i'm the client here and the one who needs to access the server which means outgoing connections, why the hell am i supposed to open the ports for incoming connections?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Forsaken_GA

thedrama wrote: »

1) For ex. we set up a server inside that private network and in order for the people in public network to access this server, incoming packets must be allowed by port forwarding. But, what if we assign a 'static public IP' to that server? that will break up the NAT also incoming connections will be permitted. So, in such a situation, why need port forwarding ?

You don't, port forwarding to a public IP is just unnecessary complexity for no gain. If that public IP forwards to a privately addressed server in a 1 to 1 NAT scenario, then port forwarding may still be necessary, but that's largely dependant on your setup.

2) lets say we downloaded a p2p client. Downloading some data from other peers. But, why the heck should we open the relevant ports for incoming connections 'as long as the person downloading are us cos this means outgoing connections and they are allowed by default ?

Because peer to peer is about downloading from others and allowing them to download from you. How do you think you get your download of that p2p file? You initiate a direct connection to someone (or multiple someones). If they followed the same philosophy, then you'd never be able to get a connection to them, because the only connections they'd allow would be ones they initiated.

3) In case of online gaming. We downloaded a game client. As long as i'm the client here and the one who needs to access the server which means outgoing connections, why the hell am i supposed to open the ports for incoming connections?

Well, it depends on what they're trying to do. Alot of games distribute out of band data and patching data as a peer to peer service in order to save on bandwidth, so it's largely the same situation as #2.

thedrama

Forsaken_GA wrote: »

2)Because peer to peer is about downloading from others and allowing them to download from you. How do you think you get your download of that p2p file? You initiate a direct connection to someone (or multiple someones). If they followed the same philosophy, then you'd never be able to get a connection to them, because the only connections they'd allow would be ones they initiated.

2) Well, we send a connection request(syn) to the other peer/s(assuming going across TCP), for such a thing we need outgoing/external ports being allowed. Then the other peer/s makes a connection reply (syn-ack) to us, after that we send the ack to that peer and the connection is established. After that, file transfer protocol request and replies do the job concluded with downloading the file. Do you mention if i do not permit upload, the destination(peers) won't allow me to download their file ? But, what makes port forwarding an obligation for such a thing? /an obligation to allow them transferring from me?

3) didn't understand if i have to be connected to a game server. For instance, i wanna play SW TOR. Thus, establish a connection to the game server through my external/outgoing ports. But since the game server is not in need of starting a connection towards my private network/my computer, why the hell is port forwarding needed here?