Most people typically use port forwarding in one of two places:
- On your wifi router
- On your VPN
Port forwarding can improve torrent speeds or allow remote access to a device. However, port forwarding can also introduce security risks. This article will discuss:
- What is port forwarding?
- The benefits of port forwarding
- The risks of port forwarding
- How to port forward on a router
- How to port forward on a VPN
Money-back guarantee: 30 DAYS
PrivateVPN is our top recommendation for users who need port forwarding. Once you connect to a server, a random port number appears in the app under the disconnect button. You can enter that port number into the program to which you want to port forward, such as a torrent client.
PrivateVPN also comes with a kill switch and connection guard. These cut off internet access and terminate select applications, respectively, should the VPN connection drop for any reason. They prevent any data from leaking outside the encrypted tunnel.
It comes with IPv6 and DNS leak protection and prevents port fail attacks. Although it has a smaller server network, speeds are above average. It also unblocks a wide range of streaming services and even works in China.
BEST VPN FOR PORT FORWARDING:PrivateVPN offers a simple and secure means to port forward with a VPN. It comes with a 30-day money-back guarantee.
What is port forwarding?
Port forwarding allows incoming connections from the internet to reach specific devices and programs on a private network. The private network can be made up of all the devices connected to a wifi router or all the users connected to a VPN.
When a NAT firewall is in place and another computer on the internet attempts to initiate a connection to your device, that connection is blocked and discarded. Port forwarding allows unsolicited connections through the NAT firewall on specific ports, making it possible for devices on the internet to initiate connections and access services on a local device. For example, other torrenters can download a shared file from your device.
To understand what port forwarding is and how it works, you must first have some basic understanding of NAT firewalls. Both wifi routers and VPNs often come with built-in NAT firewalls. Each device connected to a wifi router or VPN server shares a public IP address but has a unique private IP address.
NAT, or Network Address Translation, is what makes it possible for many devices to share a single public IP address. Incoming connections first go to your router or VPN server via the public IP address. Those connections are then forwarded to individual devices according to their port number and local IP address.
Outgoing requests have a port number attached to them. When they receive a response, the port number is included, indicating the device to which data is to be sent.
If you receive an unsolicited connection request, however, it will not have a port number attached, so the request is discarded. In this way, NAT prevents malicious requests and creates a simple but effective firewall.
In some situations, however, you need to allow unsolicited connections. Port forwarding allows you to punch a hole through the NAT firewall to allow incoming connections tagged with the specified port. Those connections are forwarded to the device specified in your setup.
Benefits of port forwarding
Port forwarding on a router is useful for:
- Allowing remote access to your PC, Macbook, or game console
- Hosting online games
- Remotely accessing a home media server, camera, or DVR
Port forwarding on a VPN is handy for:
- Improving torrent download speeds
- Seeding torrents
- Hosting online games (with a dedicated IP address)
BitTorrent lets you connect your device to a “swarm” of other users who are downloading and uploading the same file. However, many of these connections can be blocked by NAT firewalls, lowering download speeds and possibly preventing you from uploading altogether.
Good filesharing etiquette demands you seed (upload) as much as you leech (download), and a NAT firewall can interfere with this. Port forwarding allows you to create exceptions and bypass these limitations.
It should be noted, however, that port forwarding is typically not required to download via BitTorrent. In fact, the risks might outweigh the benefits.
Risks of port forwarding
Because port forwarding involves allowing unsolicited connections to reach your devices, it also introduces risks. Essentially, hackers now have a means to remotely access your device. For this reason, many VPNs prohibit port forwarding entirely.
The risk level varies depending on the purpose of port forwarding and what programs are listening to those open ports.
If you’ve set up port forwarding on your router to allow remote access and control of a PC, for example, then leaving those ports open longer than necessary is a very bad idea. Hackers could completely take over the device.
If only your torrent client is listening on that port, then there’s not much damage a hacker could do, though you’ll still want to enable your operating system’s firewall and require a password to log in.
VPNs that allow port forwarding can be vulnerable to port fail attacks. This allows an attacker to expose the real IP addresses of other users. Victims don’t need to have port forwarding enabled for this attack to work–only the attacker needs to port forward. VPN providers can prevent this attack by setting up different incoming and outgoing IP addresses on its servers, but many fail to do so.
If you opt for a VPN that allows port forwarding, check their website and documentation to ensure they protect against port fail attacks.
How to port forward on a VPN
If your VPN doesn’t have a NAT firewall built-in, then there is no need to port forward—inbound connections won’t be blocked. Additionally, a VPN’s encrypted tunnel should bypass any existing NAT firewall on your router, so you shouldn’t need to make any additional changes to your wifi router’s settings.
If a NAT firewall is in place, then port forwarding requires the VPN to include port forwarding as a feature. Not all VPNs offer port forwarding, but if they do, you can usually set it up either in the VPN app or in your account settings on the VPN website. Bear in mind that port forwarding might only be offered on specific servers.
The exact process varies depending on your VPN provider, but here’s a general outline of how to port forward with a VPN:
- Enable port forwarding in the VPN app or VPN account dashboard.
- Specify which ports you want to open on the VPN.
- On the program that’s using port forwarding, such as a torrent client, change the listening port to the same number as in the previous step.
- Disable UPnP and NAT-PMP in the program settings.
And that’s it! In order to test whether it’s working, head to CanYouSeeMe.org and enter the forwarded port number. Click Check Port, and you should get a Success message.
How to port forward on a wifi router
The process for setting up port forwarding varies widely depending on the router model and firmware. That being said, the general steps should be similar:
- While connected to the router, navigate to your router admin panel. You can usually do this by opening up a web browser and entering 192.168.0.1 or 192.168.1.1 into the URL bar.
- Enter the username and password for the admin panel. If you haven’t already set these yourself, you can look up the default username and password for your router model online.
- Find the port forwarding section of the settings. The location varies depending on the router model and firmware.
- Add a port forwarding rule for the device you want to port forward. To do that, you’ll need its local IP address and the port number you want to use.
- Save your settings.
If you’re not sure what your device’s local IP address is, you should be able to find it in the router admin panel under a list of connected devices, possibly in the DHCP settings.
Static vs Dynamic port forwarding
In short, static ports stay the same and dynamic ports change each time a new connection is made.
If you’re port forwarding on a router, static ports are probably more convenient. This saves you the hassle of changing the port settings in programs on each new connection.
Some VPNs let you open a static port that doesn’t change.
However, dynamic port forwarding is also common because it’s easier to implement. Dynamically assigning ports lets providers recycle unused ports and reassign them. But it’s not as applicable for the use cases laid out above, such as torrenting and remote access.