Home : Contact Us : Site Map : Search

ad’s by Google
 

Configuring Your Router to Enhance Access

Introduction:

A number of times, I have run into problems trying to connect with people using software that needs a bit more functionality from our internet connection. This has caused issues doing voice and video calls in Windows Messenger, joining VPNs (Virtual Private Networks) (using a great, free tool called Hamachi), sending files in Skype (and only do relayed send at a terrible 1k/s) and even setting up Bittorrent properly (to download podcasts of course). The problem is that within my local network (the network behind my router) I have one IP address, but on the internet I have a different IP Address, so sometimes data comes into the router and then gets lost because it doesn’t know which computer to go to in my local network. Newer networking hardware has introduced the UPnP Framework to automate a solution for this problem, but for those of us with older hardware, we will need to do a manual configuration of the router, which is actually quite easy (if you have a helpful tutorial like this to guide you).

Overview:

All data that comes into an IP address comes on a certain port, which is simply a number that ranges from 1 to about 65,534. We can use this to our advantage - we can set up the problematic software so that it requests that incoming data comes in on a certain port, and then ask the Router to take all data that comes in on that port and send it directly to our computer. This is called ‘Network Address Translation’, ‘Opening Ports’ or ‘Port Forwarding’.

Access Your Router:

Routers are configured through your web browser - if you type a special IP address into your web browser (like a web address, except it only works on your local network), it will access interactive web pages being created by your router. The IP address you need would have been provided in the Router manual under ‘Configuration’ or something similar. So find the IP address, type into the ‘Address’ bar of your internet browser, press enter or go, and type in your username and password (ahould also be in the Router manual in the same place).

In my case, I have a D-Link ADSL Router, Model DSL-504G. My IP number is ‘http://10.1.1.1’, my username is ‘admin’ and my password is ‘admin’ (I suggest you change your password at some stage).

Make a Backup:

The first thing you should do is backup the settings in your Router. This is not only good practice, it will also make you less worried about doing something wrong - no matter how bad you mess up, you can restore your working settings. For my Router, I go to the ‘Tools’ -> ‘System’ page (see below) and click ‘Save’. It asks me where to save the file ‘commitedcfg.cfg’, so I point to my backup folder and click save - done! I reccommend you make a backup before you start and again once you have finished.

Restoring is just as easy - click ‘Restore’, point to the file, and your done.

There are couple of gotchas with my router. First, don’t rename the config file AT ALL - or the restore won’t be able to access it - if you want to label the file something meaningful, put it in its own folder, and label the folder instead. Secondly, it only saves settings in place at the last reset - if you have made changes since, it will not save them - so simply make your changes, reset your router, then backup.

Configure DHCP:

To make this setup a bit more robust, I suggest you go to ‘Home’ -> ‘DHCP’ (on my router anyway) and make the lease time at least a week. Click ‘Apply’ and when prompted to, reset the router.

DHCP is what gives each computer on the local network an IP Address. By increasing the lease time to a week, it ensures that a computer has to be not connected to the router for at least a week before it will even consider giving that IP Address to someone else. Why is this important? Because we are about to tell the router to send your data to your current IP Address, so if your IP Address changes, you will no longer receive that data, which would cause more problems.

Find your Local IP Address:

Now that you have ensured that your local IP address will not change, you need to find what the IP address is. The easiest way is to right-click on the networking icon in your system tray (beside the time) and choose ‘Status’, but if that is not available, do the following (following the image below). Go to ‘Start’ -> ‘Control Panel’ -> ‘Network Connections’ -> right-click on ‘Local Area Connection’ -> choose ‘Status’. This will display the ‘Local Area Connection Status’ window (at the bottom of the image below).

In this case, the Local IP Address is ‘10.1.1.4’. If you quickly refer back to the image under ‘Configure DHCP’, you will notice that all IP Addresses will be in the range from 10.1.1.2 to 10.1.1.32.

Configure Port Forwarding:

For my Router, go to the ‘Advanced’ -> ‘NAT’ page first, and confirm that ‘NAT’ is ‘Enabled’. Then go to the ‘Advanced’ -> ‘Port Forwarding’ page (see below).

In this case the ‘Port Forwarding List’ is quite full, but yours will likely be empty. I have so many because I use a lot of software, and some software demands to use certain ports, but in this tutorial, we will assume that you can tell your software which port to use.

So for this tutorial, we are interested in the first three lines under ‘Port Forwarding List’. If we read line #1, what it means is “Any data that comes in to the router on Public Port 1112 will be sent to the IP Address 10.1.1.2 on Private Port 1112”. ‘Private IP’ means “Local IP Address”, ‘Any’ means “both TCP and UDP data”, ‘Public’ means “on the internet side of the router” and ‘Private’ means “on the local side of the router”. I have purposefully made the ports used match the IP Address, because it makes it very easy to remember the logical settings. You can use any other port from 1024 to 65,534.

I have 3 computers on my local network, so I have set up one port forward for each computer. You’ll notice line #3 is the one that works for my personal computer (Local IP Address 10.1.1.4) and that it is using port 1114.

Configure your Software:

The last step is to configure your software to ask for data to be sent to your forwarded port. Open the software, go to the ‘Settings’ or ‘Preferences’ or ‘Options’, and look for a section that may be called  ‘Connection Settings’. Where it asks for a port number, give it your port - in my case ‘1114’. If the software asks for your External IP Address, it is referring to the IP Address that the internet see you as having - this is the IP Address of the Router. In other words, all computers using the same router have the same External IP address. An easy way of finding your external IP Address is going to www.whatismyip.com - it should be four blocks of up to three digits each, separated by ‘.’s, for example: ‘128.27.217.5’.

Opening Other Ports:

As briefly mentioned, some software demands use of certain ports. You can also forward these, like I have in the image above, but you will only be able to do this for a single computer on the local network. They forwards used above are explained below:

Line Number

Reason

1

Generic - can be used by any software for the computer with local IP of 10.1.1.2

2

Generic - can be used by any software for the computer with local IP of 10.1.1.3

3

Generic - can be used by any software for the computer with local IP of 10.1.1.4

4

MSN Application Sharing and Whiteboard

5

Windows Remote Assistance

6

Yahoo Voice (should be 5000-5010)

7

MSN Audio and Video (5004-65534)

8

Yahoo Super Webcam Mode

9

Yahoo P2P Instant Messages

10

MSN File Transfer, Both in and out. + optionally up to 6900

11

MSN "Voice, PC to Phone, Messages, and Full File transfer capabilities". May only need TCP.

Unfortunately, my router can only handle 11 forwards. If I could do more, I would do the following:

UDP

5102

5102~6890

MSN Audio and Video (5004-65534)

UDP

6902

6902~65534

MSN Audio and Video (5004-65534)

TCP

6892

6892

MSN File Transfer, Both in and out. + optionally up to 6900

TCP

6893

6893

MSN File Transfer, Both in and out. + optionally up to 6900


This is based in a best compromise of the following list of needs I have found. It relates to:

  • YahooIM
  • MSN
  • Skype
  • Windows Remote Assistance
  • Arbitrary Assignment to file sharing apps like DC++

TCP/UDP

Port(s)

Application

TCP

any

Skype Chat, Audio and Video. Only needs OUT (not need port fwd). If necessary, can limit it TCP Out 443 or 80

All

0000-1024

reserved? or at least not safe to customise for other applications.

TCP

0080

Used for Web hosting. Your ISP may block this port.

TCP

0080

Yahoo Insider/Room Lists. Client Access only (not need port fwd).

TCP

0080

Yahoo File Transfer. Server Access. You can change port in Messenger, Preferences, File Transfer.

All

1112-1132

Arbitrary Assignment to DC++ (e.g. 10.1.1.4 gets port 1114)

TCP

1503

MSN Application Sharing and Whiteboard. The invitation must be enabled to pass through any firewall.

All?

3389

Windows Remote Assistance. Uses Remote Desktop Protocol (RDP). May only need TCP.

UDP

5000-5010

Yahoo Voice (5000~5003 might be ok?). If UDP Fails, TCP will be used instead. A packet outgoing on port 5000 may cause a response to arrive on another port, say 5001.

TCP

5000-5001

Yahoo Voice. Client Access (not need port fwd).

UDP

5004-65534

MSN Audio and Video (SIP and RTP). Or maybe just 5060. Dynamically allocated. May work if some/many are unavailable. Safest to provide 5004 first. The invitation must be enabled to pass through any firewall.

TCP

5050

Yahoo Chat & Messenger. Does not ssem to be necessary. Client Access only (not need port fwd).

TCP

5100

Yahoo Webcam. Client Access only (not need port fwd).

TCP

5100

Yahoo Super Webcam Mode. Server Access. A packet outgoing on port 5100 will tell the router a server connection may come in on port 5100.

TCP

5101

Yahoo P2P Instant Messages. Server Access.

TCP

6891-6900

MSN File Transfer (Can give only 6891 for 1 simultaneous file etc ? Both in and out)

All?

6901

MSN "Voice, PC to Phone, Messages, and Full File transfer capabilities". May only need TCP.

?

8080

Web Browsing. Outgoing only so does NOT need port fwd.

 

Security:

So, are there any security implications for opening up these ports? Being behind a router can lend a degree of security that you are somewhat giving away if you open ports. In summary, it is safe to do, but you should take some precautions.

You should definitely have a software firewall running, but then you should already have a firewall running, even if you are only checking email. Windows XP now comes with a firewall, and it is turned on by default, so you have no excuse not to be using one. With a firewall, any data that gets forwarded to you without your computer asking for it will be discarded. So a firewall protects your computer from all incoming data, whether it is through open ports or not. I would not advise you to open more ports than you think are necessary. Opening a wide range of ports does increase your chances of a hacker sending data to a port that would get forwarded to you - your firewall would protect you, but there is no point in taking unnecessary chances. Lastly, it is also good practice to use password protection options when they are available (and relevant) - especially with software using the internet. For example, if you create a VPN, or have openend up the ability to have people get ‘Remote Desktop Connections’ to your computer, you should make sure a password is needed to to connect to the VPN, and to establish a ‘Remote Desktop Connection’ to your computer.

 

::Home:: ::About Us:: ::Solutions:: ::Resources:: ::Seminar Videos:: ::Digital IP:: ::Tech for Art:: ::PodCasting:: ::VodCasting:: ::Audio Clips:: ::Naming and Filing:: ::Portable Storage:: ::Router Config:: ::Tech Tips:: ::Convert WMV:: ::Best Online Video:: ::Flash to Java:: ::Links:: ::Search::

Except where otherwise noted, this site is licensed from MindSpace SolutionsTM Limited under a Creative Commons Attribution-NonCommercial 2.5 License