4.1 KiB
navigation, title, main
| navigation | title | main | ||
|---|---|---|---|---|
| true | NAT & DHCP |
|
:ellipsis{left=0px width=40rem top=10rem blur=140px}
Router and NAT
::alert{type="info"} 🎯 Goals:
- Understand how port forwarding works
- Learn how to configure router NAT
- Learn how to issue DHCP leases (fixed IPs) ::
What is a "port"?
Ports are different channels through which your router sends and receives data. This allows multiple services to run simultaneously.
When it receives data through a port, your router forwards that data to the machine that:
- either initiated the request,
- or is configured to receive data on a specific port.
Your router has over 65,000 ports available.
Some programs and applications are designed to use specific ports. For example, when your network sends data from an HTML page, the router receives it through port 80 (non-secure) or port 443 (secure via SSL).
So, your router acts as a data dispatcher between the internet and your local machines.
Port Forwarding
Forwarding a port means setting a rule that specifies which source can send data to which port on your router, which will then forward it to a specific port on a specific machine. The sources and destination machine are identified by their IP addresses.
| Variable | Description | Example |
|---|---|---|
source machine |
IP of the source machine (from the internet) | All123.45.67.89 |
source port |
Incoming port on the router | 443 |
destination port |
Port on the destination machine | 3000 |
destination machine |
IP of the target machine (on your local network) | 192.168.1.50 |
According to the table:
If we remove All and keep the IP 123.45.67.89, all traffic from this IP sent to port 443 on your router will be forwarded to port 3000 on the local IP 192.168.1.50.
If we remove the IP and keep All, then all traffic from the internet on port 443 will be redirected to port 3000 on 192.168.1.50.
This is useful when you have a server that must be accessible from the internet. For instance, a website uses port 80 (non-secure) or 443 (SSL-secured).
To make the website accessible, you'll configure your router to redirect the domain request to your local server.
Assume your service runs on port 3000 locally (http://192.168.1.50:3000), you would redirect all traffic from port 443 on the router to port 3000 on the local server.
::alert{type="warning"} :::list{type="warning"}
- Warning: If you have multiple services to expose like
subdomain1.mydomain.comandsubdomain2.mydomain.com, your router cannot differentiate requests and forward to different ports.
You must use a Reverse Proxy to route traffic based on the request. ::: ::
DHCP
Every time a device connects to your local network, your router assigns it an IP address using DHCP rules.
This IP is randomly selected from a predefined pool.
At every device reboot, the IP may change — which is problematic if you're forwarding ports, as the target IP may no longer be valid.
To avoid this, use your router's DHCP server to assign a static IP address.
Each device has a physical "MAC address".
To assign a fixed IP, you must know your device's MAC address (visible in your router when it's connected), and assign it a static IP.
This is called a "static DHCP lease."
That way, your machine's IP never changes and your port forwarding rules remain effective.
| Variable | Description | Example |
|---|---|---|
IP |
Fixed local IP to assign | 192.168.1.50 |
MAC Address |
Physical address of the device | 5E:FF:56:A2:AF:15 |
For more information, refer to your router's documentation.