Jump to content

Search the Community

Showing results for tags 'Port Forwarding'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • General
    • Announcements
    • Emby Premiere Purchase/Subscription Support
    • Feature Requests
    • Tutorials and Guides
  • Emby Server
    • General/Windows
    • Android Server
    • Asustor
    • FreeBSD
    • Linux
    • NetGear ReadyNAS
    • MacOS
    • QNAP
    • Synology
    • TerraMaster NAS
    • Thecus
    • Western Digital
    • DLNA
    • Live TV
  • Emby Apps
    • Amazon Alexa
    • Android Mobile
    • Android TV / Fire TV
    • Emby Theater
    • iOS
    • Apple TV
    • Kodi
    • Raspberry Pi
    • Roku
    • Samsung Smart TV
    • Sony PlayStation
    • LG Smart TV
    • Web App
    • Windows Media Center
    • Plugins
  • Language-specific support
    • Arabic
    • Dutch
    • French
    • German
    • Italian
    • Portuguese
    • Russian
    • Spanish
    • Swedish
  • Community Contributions
    • Ember for Emby
    • Fan Art & Videos
    • Tools and Utilities
    • Web App CSS
  • Other
    • Non-Emby General Discussion
    • Developer API
    • Hardware
    • Media Clubs
    • Legacy Support


  • Emby Blog

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 25 results

  1. Emby is running on windows For starters I have recently moved to a new location after having my emby server accessible via its domain for a month or so. I can access emby remotely with my WAN IP along with my HTTP port number (HTTPS port isnt working). Im using cloud flare as for my SSL and DNS provider. when I attempt to connect using my domain I get a Error 522 (cloud flare cant connect to my server) I have updated my WAN IP to the one ive been assigned by my ISP. Tried changing the ports being forwarded (80,443,8920,8096) I have rebooted my computer and emby multiple times and updated my DNS A name a few times as well. AName: emby|MyWanIP (Domain is being proxied by cloud flare) Any tips on how to narrow down what is causing my issue? Could it be that my ISP is blocking the ports im using or is it cloud flare?
  2. I recently migrated my server from a Windows machine to a Mac mini. I have everything back to how I want it, except for my ability to allow remote connections while I have my VPN (Private Internet Access) running. On my Windows machine, I would use the Split Tunnel to bypass the VPN. Unfortunately, Mac OS seems to have an issue with split tunneling which stops all internet traffic when enabled (a real bummer). So now I am trying to use Port Forwarding as a way to allow connections through my VPN, though I am admittedly not very knowledge about this. I have searched these forums and read numerous threads about this topic, but I have still come away empty-handed. Perhaps someone can look at my specific situation and give me tailored guidance (and perhaps this may serve someone else in the future who faces a similar setup). To begin: I have SSL setup and can allow access to my server via https://mydomain.com. I have forwarded the ports on my router (Google Nest) to allow connections from port 8920 and 443 (as well as 8096 and 80 non-secured ports). When I turn on my VPN with Port-Forwarding enabled, PIA has reserved port 47853, as well as the new IP address of 456.456.456.456. What do I do with this port number and/or VPN IP? On the Emby Network tab I see the local and public https ports are set to 8920. Does one of these change? Or do they stay the same and I need to add a new Port Forwarding rule for 47583? And if I need to add a new rule to my router, do I forward 47583 to 47583 or do I forward 47583 to 8920? Lastly, since I am using SSL and I have my DNS record setup (in Google Domains) to direct mydomain.com to (my ISP assigned IP address), do I also need to update this record so it points to 456.456.456.456 (the VPN IP address when the application is enabled)? (For all intents and purposes, we can treat my ISP IP address as static, technically it is dynamic, but I have a pretty good handle on that part of the process, so I don't want to get caught up in questions away from my main topic regarding the port-forwarding.) If anyone can give me the exact steps of what I need to do, I would very much appreciate it. These forums have been very helpful in the past and I hope to be able to contribute to them in meaningful ways in the future. Thank you.
  3. Hello, I have Emby Premiere, and I have issues with remotely connecting to my server. I've tested this with my more tech-savvy brother, but no luck so far. We tried everything, which is why I'm finally giving in and opening a thread about it in the hopes of someone helping me out. I've read other threads about this, and the one most closely resembling my case is this one. However, the solution of that case does not look to be relevant in my case because I have no such "VOIP box OOMA". The issue is likely with port forwarding and not with Emby itself because I get an Error if I check the ports on https://www.canyouseeme.org, but I don't know where to start. I will give as much info as I can. My setup is like this: Emby server running on my PC > Ethernet cable to a simple 5 port switch > Ethernet cable to my Router > Ethernet cable to my ISP modem I have opened ports 8096 and 8920 on my Windows Firewall in both the Inbound Rules and Outbound Rules. These are my Outbound Rules: These are my Inbound Rules: I have also port forwarded both the 8096 and 8920 ports on my Router and ISP modem. The "Allow remote connections to this Emby Server." setting is ticked on. So what gives? Any ideas are really welcome 😰
  4. I have been trying for hours to try to get emby to connect to devices not on my home network. I have been unsuccessful so far and I think that it is due to me not necessarily understanding and being able to set up port forwarding. Not only that my home network is a bit confusing, I have a modem connected to a router, and another router connected to that router which is outputting a completely seperate wifi network which is where the emby server is located. I don't know which router I should set port forwarding up on, and whenever I try on either one with my supposed public IP address, I get the error the ip address and the lan ip address should be in the same subnet, which I have no idea what the means. I would appreciate help and I will try and give any information that I can.
  5. Hi everyone, I am new to the subject and at the moment Emby Connect does not work for me, locally I have no problems, it is worth mentioning that administering the server remotely is not of my interest, I just want my girlfriend to connect and see the content from her House. I have a Huawei HG8245H modem from my Totalplay internet provider in Mexico to which I entered and went to the Port Forwarding section and opened port 8096 with the TCP protocol choosing the IP of my Linksys WRT32X router as internal Host, hence I went to the settings From my router and in Port Forwarding I chose the IP of my Synology NAS and also port 8096 with the TCP protocol. I validate my public IP for remote access (WAN) and it is the same that appears in the Emby Control Panel, when trying to connect from another network, the page is loading and as the minute indicates that you can not set the connection, I also tried from the Android application on my cell phone using mobile data, I login with the Emby Connect user but I also see Connection Failure. In the Network configurations in Emby I have enabled “Allow remote connections to this Emby Server” and “Enable automatic port mapping." The user who creates for my girlfriend in Emby has his Emby Connect account added. Do I need to perform any additional configuration on the Synology Modem, Router or NAS? I enclose captures with the details of the configurations that I mention, I remain attentive to your comments, best regards. @@Dibbes
  6. Hi all My first post I'm really struggling to connect externally to my network. I've tried using the Emby Connect functionality and failed miserably. Whenever i try to login I just get the sign in error image attached. I even click the forgot password button and just get some page does not exist message attached. I know the password and username is correct as I've logged into this forum. The user is setup in the server to allow remote connections too. So in my wisdom I assumed that perhaps the router is blocking the access after reading the connectivity help. I'm not an expert on router port forwarding so hopefully you can help me please. My Synology NAS has a reserved internal IP of I have setup a forward as attached in the image. I think I've done this correctly?? My router is a talk talk sagem router and is fairly decent at offering forwards and things. I did it with Plex and worked fine. Please can someone help me as I'm really struggling with this and what else to try. I can take more screenshots of anything you need to see. Thanks in advance
  7. Port Forwarding is new to me, so I would greatly appreciate any assistance. I've read many posts and viewed videos on this topic, but still not able to get it to work. Here is my 2-Router setup: ISP Router/Modem [Zyxel VMG 4381-b10a] LAN IP: WAN IP: 50.5.xxx.xxx Linksys Router/Wifi [EA8300] LAN IP: WAN IP: Emby Server LAN IP: 192.168.x.x I'm trying to forward 8096 on ISP Router (LAN IP) -- to Linksys Router (WAN IP) -- Emby Server (LAN IP) and it "appears" to work. However, when I test the port (8096) on CanYouSeeMe.org, it displays the WAN IP Address from my ISP Router/Modem and I get an Error: "I could not see you service on 50.5.xxx.xxx". I'm sure as a newbie to this that I'm doing something wrong, but I haven't been able to figure it out. Any suggestions on how I can get this working would be greatly appreciated. Let me know if you need any additional information. Thank you.
  8. mfortuna1975

    Port Forwarding Issue Resolved

    So about a week ago my Nightgear Nighthawk Cable Modem that died suddenly. Luckily I still had an old ARRIS Cable Modem that I was able to reconnect until the replacement NightHawk comes in. Once I did this though, I was having connection issues and could not connect to the Emby server from anywhere in the house or phone other than my PC. I entered the Port Forwarding info from my router settings, but still no luck. Luckily Carlo was able to help me out, turns out that the router/modem did not like the external IP address and had to use the default of . Once that was added, whala! All good to go!!! Thanks Carlo for the support dude! Manny
  9. The PC that I have set up an Emby server on uses Mullvad VPN often, but not always. My goal is to be able to watch the server's media files through other devices, no matter if the VPN is active or inactive. When the VPN is active, the connection fails. When the VPN is inactive, the connection succeeds. Mullvad allows port fowarding, and I've read a few guides on that, as well as the Connectivity Wiki for Emby but am still having trouble, either because I don't quite understand how it works or because the guides weren't specific enough for my issue. So far, I have only tried to connect through a Fire Stick and it works only when the VPN is inactive. If the VPN is on, entering either the LAN and WAN address still gives a connection error. Emby Connect has connected my user account to the server, but the server still does not show on the app after entering the pin. I appreciate any suggestions that you can give.
  10. brentcoleman

    Cannot access server outside LAN

    Hi all. I know this same question has been asked a number of times, but I have so far been unable to find a fix for my situation/setup. I recently purchased a lifetime membership for Emby based on using the software to watch movies/shows locally (through my chromecast) at home. My 'server' is a PC running Windows 10 and I have my media located on an external hdd. I am using a TP-Link Archer C3200 router. I have been trying for the last week or so to figure out how to access my library remotely with no luck. I have tried via the iOS app (sign in with Emby Connect and no dice) as well as on a couple different laptops. So far I have tried/looked into the following: - confirmed uPnP is enabled on my router - confirmed automatic port mapping is enabled on Emby - created inbound rules for Windows Firewall to allow ports 8096 and 8920 on my server - assigned Reserved IP address for my server - set up 'port forwarding' via virtual servers (external port = 8096; internal IP = 'Reserved IP address from above'; Internal Port = 8096; Protocol = TCP) (also did the same for 8920) - confirmed that 'allow remote connections to this Emby Server' is enabled - canyouseeme.org CANNOT see my service at ports 8096 or 8920 Any help would be greatly appreciated.
  11. I'm running emby on 218+ with Linksys ea8500. emby worked great out of the box when playing locally, however when I looked into remote access, I ran into problems. I could not access the server remotely, so obviously like recommended, I had to port forward. I have done that before so I'm familiar with it. So I open the port in the router and remote access works. However, local playback is now crippled. It constantly buffers or won't play at all. If I remove the port forwarding in the router, local playback works again. I have tried port forwarding the default 8096 port and also other different port numbers. Same result. Local playback is crippled. Does anyone know what problem could be? To me this looks to be some kind of port conflict. Local vs remote.. I don't know. Thanks
  12. Hello I want to access my Emby server remotely and I need some help with port forwarding. I have my own router (TP-link in my room) and also a WiFi antenna/router from my ISP (Mikrotik on the roof of my house). I tried to set up port forwarding on my TP-link router, but I can't access it. Protocol TCP, port from 8096 to 8096, IP Address The problem is that I don't have access to the Mikrotik antenna from my ISP. I contacted them and they said they can't give me access, but they can do port forwarding for me. So my question is, what do I need to tell them to make my server accesseble from WAN? Is it the same thing I had setup in my TP-link router? Protocol TCP, port from 8096 to 8096, IP Address (address of the server, my PC)? I have never done port forwarding, so I just want to be sure before I message them. Is this correct? Thanks!
  13. h1smajesty

    Issues connecting

    Hello, I set up my emby server recently and immediately ran into the "We're unable to connect to the selected server right now" error message. I googled around, made sure my firewall had these ports open. The real problem was what I feared most: my university has all of the incoming ports closed. I can stream between devices on the same network, but can't stream between different networks (e.g. Uni wifi and Uni LAN). They don't allow port forwarding im pretty sure, but what I am really confused about is that it worked when I tried connecting my server/pc to the internet through NordVPN. That was a few days ago, and I have since been unable to reconnect, but I am pretty sure the connection was from Lan to wifi, so cross-network streaming. Why did it work? Weren't the ports still closed within the university network even with the VPN? Did I hallucinate streaming those 3 episodes of 30 rock? If the VPN did allow to bypass my university restriction somehow, do I have to manually check all their servers to find the right one now (they dont support port forwarding I think)? Very new to servers and port forwarding in general, maybe I missed something. Thanks in advance!!
  14. Hello, looking to get my home network figured out and then have it reachable externally. I thought I hit all the points - guess not. My setup: My install of Linux Mint. My fstab has been modified to mount at boot another drive so Emby sees it at startup and that part works. Going to http://localhost:8096/web/index.html#!/home.htmlshows the Emby homepage with my media. Problem is I cannot access outside of the box. I have samba installed too for file sharing and here is the section relating to the shared files [Movies] comment = Emby Movies path = /home/toast/Videos/Movies browsable = yes guest ok = yes I have also setup port forwarding as well. Emby TCP 8096 8096 N/A Edit x However as http://www.canyouseeme.org/ states my port is not open and cannot see me. The devices I am sharing to are a Roku 3 and my phone, neither of which are making connections when on my home network.
  15. Hi Guys, I've recently ran into a little snag when using Emby / Plex. (I was using Plex before but decided to move over to Emby) It seems to be an incredibly specific issue and from what I can tell, it may be to do with my router, but I just wanted to throw this out there and see what other people think. So up until recently I've been able to run my Plex/Emby server from my QNAP with no issues. I was able to stream locally to my Android TV, local computers, iPhones etc. All working perfectly. I was even able to access my media remotely due to the port forwarding I've got set up on my BT router. Then out of nowhere, I'm unable to access my media on my iOS devices. Just flat out doesn't work. With Plex, I was getting a redirected connection (because Plex acts as a middleman if your direct connection dies) but Emby just wouldn't see my server at all. Needless to say I was confused as nothing has changed. After some digging and testing I was able to see that I can still access my media on local machines and my TV, but only able to access my media remotely on iOS devices (or if my iOS device is routed through a VPN). So, I logged on to my router and killed my port forward. I was instantly able to access my media on my iOS devices locally. I put the port forward back on and I can no longer access my media on my iOS device locally. From the looks of things, if I add a port forward (which I've done countless times) the port stops working locally (for iOS devices) I can still access it through the browser etc... Needless to say, I'm baffled and I was wondering if someone here has come across a similar problem before. I've even tested setting up a new Emby server on my mac. Works perfectly locally for iOS devices, then when I add the port forward, stops working locally. Any thoughts or ideas? I'd be interested to know. Thanks guys.
  16. Hey all! I'm attempting to set up Emby to run externally. However, whenever I attempt to connect with my Android device in either Chrome or the Emby app, I can see the server but get the message "We're unable to connect to the selected server right now. Please ensure it is running and try again." I've been doing a fair bit of research on this issue and haven't been able to find anything that has solved the problem (though plenty of others with similar issues). I've gone through the entire Connection Troubleshooter with no luck. I'm uncertain if my router is blocking traffic and how to check if so. I'm on AT&T U-verse. The combined modem/router that AT&T gave us should be in bridge mode, and I'm using my own router for WiFi and ethernet connections. I've set up a static IP for my PC that's running Emby Server. I've also set up port forwarding on my router for 8096 and that static IP address. Now it shows up as the local address. The remote address, however, is different: [image removed] I can connect to the local one from inside my network, no problem there. Still having problems connecting remotely. I've tried both signing in with Emby Connect (the server shows up but gives me the error message when I attempt to connect) and adding a server manually for both the remote and in-home addresses (same message) on my Android from both Chrome and the Emby app. canyouseeme.org is showing my public IP address at port 8096 is not connecting ("Connection refused"). I suspect the problem is due to the difference between the two IP addresses, possibly due to the AT&T U-verse modem. I am unable to use that IP address, however, in my port forwarding (my router insists upon 10.166.*.*, which is different from the public IP). I did set "External domain" to the same IP as the In-Home (LAN) access just for kicks and that didn't seem to work either. The attached log file does have an "error processing request" but I don't know if it's related. I did some digging on the forum, on port forwarding in general, and so forth, and now I'm here. Has anyone else run into this particular problem when connecting remotely? Thanks.
  17. hugo0814

    Connection issue

    Hey, I'm having some issues with my Emby Server. My one problem so far is that I cant connect to it using another device. I've tried your'e network troubleshooting guide and port forwaded inside the firewall. I have checked if there is any instance in the firewall that blocks it somehow. My local IP seems very strange... here is a picture of it. https://imgur.com/a/En3Q8 Please help me solve this issue. Regards Hugo
  18. Niazniaz

    Can't remote connect

    Hey I can't seem to remote connect to my Emby server. I went through the connectivity guide, and set up port forwarding but still hasn't helped. I want to double check if the port forwarding I've done is correct. My router is the Tenda 11N. Here are the settings: When I tried the http://www.canyouseeme.org/ test I got this result: Error: I could not see your service on on port (8096) Reason: No route to host FYI I'm pretty much a noob when it comes to network setups so please explain your statements. Thank you.
  19. Moleburt

    Local and Remote Access

    I have a question I'm curious if anyone knows the answer to. I currently use Emby for home use, because for some reason Plex doesn't work on my local network, but I have people that use my Plex for remote access. So yesterday I finally decided to figure and set up Emby for remote access, I added the port forwarding to my router and tested it out, it worked. Then I went to use Emby at home and it wouldn't work on the local network, kept getting errors, but as soon as I deleted the port forwarding I had added to my router it worked like normal again. Ideally I would like to be able to use just one program for both local and remote access, and I believe if I deleted the port forwarding I had setup for plex it would likely fix the issue with that as well on my local network. Does anyone have any ideas of what the issue I am having is and possible solutions? Any help would be greatly appreciated. Nick
  20. I currently have Emby Server running on Ubuntu Server 16.04. The main problem is that i am able to access the Emby sever on my LAN yet when I attempt to connect to the server for outside of the LAN I get the error "We're unable to connect to the selected server right now. Please ensure it is running and try again". I have read the Wiki of networking and have configured everything as suggested. I have already told my router to port forward port 8096, I have opened the port already through Ubuntu, and I currently have a static IP address for my server. Yet this error continues to show for all devices (Iphone, Laptop, Android) that have attempted to connect from outside of the network. Where I am having trouble with trouble shooting my problem is with how my home network is set-up. I currently have ATT Uverse which forces me to use their router, a Motorola 5268AC, which is a very poor device, so I ended up shutting down the wireless features of this modem/router to behave as a modem only, then routed my personal router to modem. When attempting to set up port forwarding on the Motorola device I have to write a new rule which allows me to select the port ranges which I set to 8096 , then application type with the choices of: FTP, DirectX Game, IRC, PPTP, SIP, or H.323. So my question would be what setting would describe Emby server best. Also there is a list of pre-created rules on the Modem yet none of these allow for the port number of 8096. I know this seems more like an ATT question, I have already contacted them multiple times and none of the Techs could help me with this set-up due to their lack of knowledge of Emby itself. Thanks in advance!
  21. Hi everyone. Instant Emby fan and new Member here. As a network geek, I wanted to ask about port forwarding and security concerns in general. I'm a little uneasy about punching holes in my home firewall and wanted to know if others have run into similar concerns, and what they've done about it. As a former Plex user, one thing I liked was that I didn't have to port forward anything...being away from home I could still log into my Plex library just fine. I don't know how they achieve this btw, maybe via proxy or a reverse connection to the client? But in Emby, I can't access my library without forwarding TCP port 8096. So...here are my questions: 1) Anybody feel the need to change the default Emby port to something else for security reasons? If so, anyone have any issues doing so? 2) I tried using TCP port 8920 for https connectivity and couldn't get my Android client app to connect. Normal http connections over 8096 work just fine. Any one else having this issue? Thanks.

    Connection Failure

    As of a few days ago I have not been able to reach my Emby Server outside of my own network. I have been able to previously for a while then it just stopped. When ever I try to log into my server outside my network whether it be Android app, Android chrome or chrome on windows 7 and mac, I have been getting the same message; "Connection Failure - We're unable to connect to the selected server right now. Please ensure it is running and try again." I have tried deleting the server and creating a new one to log into but the same thing happens. I have also double and triple checked my port forwarding settings and cross reference my IP address with the port forwarding. Running my Server on Windows 7 Ultimate x64 Emby Server Version 3.0.5621.4 Chrome Version 43.0.2357.124 m Mobile Chrome Version 43.0.2357.92 Emby Version 2.2.96 Any help would be great as this is doing my head in. Thanks
  23. Hi all, First of all thanks for a fantastic piece of software and also to those of you who have helped develop such excellent plugins. I am having two problems, one of which I suspect is not due my MB3 client or server. Having said that, this is such a helpful forum I was hoping someone with a bit more technical knowledge might be able to steer me in the right direction. My setup is a Windows 8.1 machine plugged into my TV with WMC, ServerWMC, the MB3 server and Media Browser Classic installed on it. I also sometimes access my MB3 content via a web browser or the android app. I have two issues. 1. I am able to access my MB3 server from windows laptops (via web browser) and android devices (via app) on my local wireless network but not remotely. I think this is because I have not managed to open port 8096 correctly. I have run a test on canyouseeme.org and the port appears to be closed. Initially I thought the problem was because I had a netgear r7000 router running behind a billion 7800N router/modem but I have since put the Billion in bridge mode and attempted to open the port in the netgear settings but it doesn't seem to have worked. I have tried to diagnose and solve this with internet searches but I am at a loose end. 2. I am able to watch live TV in WMC but every 4 hours I get a "Refresh Guide failed" message on my dashboard stating "connected host failed to respond". I suspect that there is a problem with myLive TV settings as my ServerWMC is not located on the device at However, I have looked in the LIVE TV settings on my WM3 dashboard and can't seem to find a way to change it. I am not very proficient with computers, I just try to educate myself online and muddle my way through. Reinstalling my MB3 server did not help. Any advice would be greatly appreciated. Thanks, Lof
  24. Last Saturday I uninstalled MB2 and installed MB3. Main interest was Android app for portable access to my library, so of course I also bought the Android App. I've set up MB Server, MB Classic in 7MC, and MBforAndroid. Some quirks getting used to the new way of "serving" the media to clients, but all programs and apps are at least basically functioning. I can play movies (MKV and WTV attempted so far) via the Android MB client, but only on my own WiFi network--nothing external. I have set my ASUS RT-AC66R router to do Port Forwarding on port 8096 for the IP of my MB Server computer, per another thread here on these forums. Issue: How can I use MB Android via external networks (4G or WiFi-other-than-my-own)? Currently, when running that client app on external network, it "Cannot connect to server." Media Browser Server version: 3.0.5070.20258 Media Browser Classic version B11-19.1 Media Browser Android version 1.0.2 (191113) Many thanks to all involved in producing these programs and applications!
  25. Port forwarding; an overview This is an overview not an in depth discussion of IPv4 networking The basic’s IP addresses have to be unique on a network if they are duplicated then data may not be delivered to its intended recipient. You could think of this like a postman delivering mail on your street, if there are two houses numbered 12 then which does he deliver mail addressed for number 12 too, probably the first number 12 they get to. Needing a unique IP address causes a problem. Due to the way IPv4 works there are simply not enough of these addresses available for every one or device in the world to have a unique IP address. To overcome this limitation of IPv4 two mechanism’s are employed 1. Network Address Translation (NAT). Translates public IP addresses to private ones and vice versa. More info here http://en.wikipedia.org/wiki/Network_address_translation 2. IPv4 addresses are broken into 2 types, termed a. Public, those which can be routed across the internet b. Private, those which can’t, your LAN NAT is a form of firewall. The fact we have to use NAT to overcome the limitations described above when connecting to the internet creates two separate networks, your LAN, which is private and the internet, which is public. This added layer of complexity does offer you a benefit; your first layer of security as nobody outside of your network can access it. Well not without help but that’s another topic. Now NAT is fine if you only need to translate one public IP to private IP address (1 to 1 mapping) or vice versa but what if you have multiple devices on your LAN? You would need one public IP address for each of the devices you needed to access the internet. Fortunately, NAT has another trick up its sleeve in the form of Port Address Translation. Port Address Translation is where a single public IP address, for this discussion, the one assigned by the ISP to your internet (WAN or outside) interface of your router is prefixed with a port number. This means that one public IP address could actually allow 65,536 private devices simultaneously access to the internet. It may simplify things to think of NAT like this. If your computer was out on the street then anyone with a mind too could just walk up to it and start using it. Not very secure. But take this computer and put it in a room with many closed doors (65,536 to be exact, each door individually number) which can only be opened from inside this room (port forwarding) and now you have a more secure computer. Port forwarding Port forwarding = Game & Application sharing As mentioned above port forwarding is the process of opening up a port (a uniquely numbered door) in your router (the room) to allow traffic to access your private network from the internet. For port forwarding to work you need several bits of information · Your WAN or outside IP address. This is the IP address on the connection, connecting your router to the internet. · The port number you wish to open · The IP address of the device on your network (LAN) which you want to forward traffic from the internet too The way in which you use this information to forward a port is down to the manufacture of your model of router but this site http://portforward.com/english/routers/port_forwarding/routerindex.htm is a good place to start if you aren’t sure. It has guides on how to port forward for many makes of router. Bare in mind these guides aren’t necessarily accurate. Further complications DHCP. Dynamic Host Configuration Protocol is designed to help us with IP addressing but in the case of port forwarding it can be a hindrance, Why? You set up port forwarding as shown below to map traffic from the internet hitting your outside IP address with destination port number 999 to be forwarded to a device on your network with IP address listening on port 3389. Protocol TCP Outside Port 999-999 Inside Port 3389-3389 Inside IP This works great then suddenly without warning it stops working! The reason. The device on your network with IP address got this address via DHCP. When the DHCP lease is up this device requests another IP address but this time DHCP issues this device Unfortunately, no one told the router of the IP change to so the router is still trying to port forward traffic to IP address To get this working again you would have to change the configuration setup in the router to match this new IP address as the original configuration is no longer correct. Static IP the way to go Luckily there is something you can do about this. Assign a static IP address to the device you need to port forward traffic to. Static in this context means it won’t automatically change. Now the way you accomplish this will depend on how you have your network setup and the equipment in use and isn’t covered here (in most cases your router will be a DHCP server) but there are two important things to remember when assigning static IP addresses. 1. Two devices can’t have the same IP address on the same network 2. When assigning static IP addresses on a network with an active DHCP server remember to configure the DHCP server NOT to use the IP address you have assigned statically. If you don’t you can end up falling foul of point 1 It’s round about here you remember your ISP saying something about them using DHCP to dynamically assign your Internet IP address. What’s that all about and won’t that cause the same problem we just discussed above? Again, this is DHCP at work. In the UK all ISP’s I’m aware of will assign a DHCP IP address to the Internet connection (WAN, outside interface) on your router. You can get Static IP’s but they’re not free. Yes, it will cause a similar problem as just discussed and again there are way’s around this, DDNS is one. Dynamic Domain Name Service (DDNS) is a way in which you can access from the internet a device on your network when you have a dynamic IP address on your routers internet connection, using a domain name. Unlike the previous problem with dynamic IP addresses and the issue with port forwarding rules dynamic IP address changes on the internet connection don’t affect the port forwarding rule. They affect the ability to contact your router from the internet. Generally this IP address doesn’t change frequently (unless you have technical issue’s) but it does change and again it won’t tell you. DDNS services (free or paid) work by assigning the IP address issued by your ISP to a domain name automatically. Your router, if it has the functionality or a client app monitors the internet connection for IP address changes. When it sees this change sends an update to your DDNS service so the domain name has the new IP address. This way when you use the domain name instead of an IP address to contact your router it will regardless of the fact your IP address changes. Do I need DDNS? Nope, but you will still need to know if your internet connection IP address has changed. You would then have to reconfigure any apps you use to use this new information. So it’ll probably easier to use DDNS. How to find my Internet IP address There are various ways to accomplish this and Google can help but this site is good http://whatsmyip.net/. Example Media browser 3, port forwarding Hopefully you now have a better understanding of what is needed to get port forwarding to work with your router or a better idea of what to search for on Google to find your answers but just to finish off here are the steps for configuring a widely used router in the UK, a BT home hub 2. 1. Open a web browser and type the IP address of your router. In this case the HH2 default IP 2. Login 3. You should now be on the home page. Click the Settings tab 4. Click advanced settings. 5. Click Continue to advanced settings 6. Click Application sharing 7. Click Supported Applications 8. Now Click Add new game or application 9. In the Game/Application name field name the rule, MB3 for this example but you are free to choose the name 10. Choose TCP for the protocol 11. Some routers like link Linksys have different pages whether you are configuring a single port or a range of ports. HH2 routers use the same page regardless. So just enter the same port number in both of the fields for Port range and Translate To. For MB3 the default port is 8096 12. Leave the other fields as they are, then Click Add 13. Click Apply That’s it, the port forwarding rule is configured. Now we have to bind the rule to the IP address of the device we want to reach from the internet (our MB3 server). 1. Click Configuration, to the left of Supported Applications 2. Click the Game or application drop down and find MB3 which we just created 3. Hop across to the Device drop down and either select your device (the one you want to reach from the internet) from the list or scroll all the way to the bottom and select user defined 4. A new field will be displayed called Device IP address. Enter the relevant IP address, then Click Add, then Apply That’s it your done configuring, now a basic test. Hang on; what about port 8945? Yes, I know we have only configured port forwarding for port 8096 and haven’t done the same for port 8945. The reason being is you only need port 8096 to access MB3 from the internet. From a device that is out in the internet (not on the LAN) fire up a browser and enter the following. If you have a functional DDNS service http://YourDDNSname:8096/mediabrowser/dashboard/login.html If not just use your Wan IP address If all is well you should see the MB3 Login page, if not you need to check the steps above and carry out some trouble shooting. Basic trouble shooting From a device on the internet or ask a friend, get to the command prompt on this computer and issue the following (Telnet is not enabled by default on newer operating systems so you may have to “install” it). Here we will just use the IP address to rule out issues with domain name resolution or DDNS. telnet YourWanIPAddress 8096 then press enter. If you don’t see a blank black screen with a flashing cursor (this means port forwarding is working) or get a message stating “couldn’t open a connection” then port forwarding for some reason is not working. This could be for many reasons such as · Windows Firewall · AntiVirus software with firewall capabilities · Port forwarding incorrectly set up Just whilst you are investigating the problem disable any of the above which may be running on the computer you are trying to reach from the internet and re issue the command above. Once it works you can re enable any of the above one at a time, checking with the above command and dealing with any configuration of these programs Final note Some routers such as those manufactured by Zyxel require a two stage configuration of port forwarding due to their more sophisticated functionality. The P-660HN-T1A may require you to disable the SPI firewall function under the security tab whilst AMG1202-T10A will require that you also create an IPMacFilter rule, found under filter, which is under the security tab. Another Final note Way back at the beginning of this long post you mentioned that NAT was a form of security, blocking un invited advances from the internet. Surely leaving ports open is a security risk? Well, yes and no. Whilst it is true that having ports open is a risk, I say no because the open port has to have an active program at the other end (a listener) for any hacker to take advantage of the fact we have opened a port. More than this there has to be known exploits within the program listening on the open port for them to exploit. So, it’s not really the fact the port is open which is the risk. Please remember, it is good practice to have all ports closed by default, only opening those ports which are needed, thereby minimizing the surface area for attack. Finally Bearing in mind you have now made your media collection available from the internet, by you. Use strong passwords. If you don’t, you may find others accessing you media from the internet too!
  • Create New...