This is a new blog post in my series called Interviewing for an IT Job. If you have not read the series announcement and my previous posts, please do so.

 

Index of Related Posts:
1. Interviewing for an IT Job
2. What You Need to Know When Interviewing For a Job in IT
3. What to Expect When Going Through the Technical Interview
4. What You Should Know about Headhunters and Recruiters
5. Tips for Networking Success
6. 5 Tips for Successful Webcam Interviews
7. The Basics of Troubleshooting – Part 1 – Ping
8. The Basics of Troubleshooting – Part 2 – Traceroute
9. The Basics of Troubleshooting – Part 3 – Firewalls
10. The Basics of Troubleshooting – Part 4 – NAT
11. The Basics of Troubleshooting – Part 5 – PAT
12. The Basics of Troubleshooting – Part 6 – 1:1 NAT
13. The Basics of Troubleshooting – Part 7 – Port Forwarding

After the introduction to One-to-One NAT last week, we are going to explore another very common implementation of Network Address Translation (NAT) called Port Forwarding

What is Port Forwarding?

Port Forwarding is another type of Network Address Translation (NAT) that maps one or more port numbers from a public IP address to a private IP address.

How does Port Forwarding work?

Last week I explained that in the One-to-One NAT, the firewall creates and uses a static translation table to forward traffic between the internal (private) IP address and external (public) IP address.

One-to-One NAT by definition forwards all incoming and outgoing traffic between the internal (private) IP address and external (public) IP address.

Port Forwarding works differently from One-to-One NAT because it allows you to create a static address translation table that forwards one or more ports to a device or devices using the same external IP address.

Port Forwarding

The picture above illustrates a typical Port Forwarding implementation.

Notice that we are using only one external IP address and we are hosting two servers in our LAN.

  • Inbound Internet traffic coming to IP address 8.1.4.20 on port 80 will be forwarded to the web server 192.168.1.21.
  • Inbound Internet traffic coming to IP address 8.1.4.20 on ports 25 or 100 will be forwarded to the email server 192.168.1.22.
  • Outbound traffic to the Internet leaving from IP address 192.168.1.21 or 192.168.1.22 will be seen by devices on the outside as coming from the IP address 8.1.4.20.

Using Port Forwarding

Port Forwarding is commonly employed when a server in a private IP address range needs to be accessible by users in the Internet and only a port or a number of ports should be visible from the outside. It is important to notice that we must assign a fixed IP address to the server that will be using port forwarding.

 

Port Forwarding Firewall

 

The picture above shows a firewall that is doing port forwarding to a web server hosting WordPress. In this example, “FIOS address” is an alias to a public IP address setup on the firewall.

Port Forwarding is also a great solution for environments where there is a limitation on how many public IP addresses are available. It allows for several servers being hosted using one public IP address. Keep in mind that you may not forward the same port or range of ports to more than one server sharing the same public IP address.

Resource List

Below is a list of links to important concepts and information that you should be familiar with.

Local Area Network (LAN) – http://en.wikipedia.org/wiki/LAN
Wide Area Network (WAN) – http://en.wikipedia.org/wiki/Wide_area_network
Fully Qualified Domain Name (FQDN) – http://en.wikipedia.org/wiki/FQDN
Domain Name System (DNS) – http://en.wikipedia.org/wiki/DNS
Uniform Resource Locator (URL) – http://en.wikipedia.org/wiki/URL
Router – http://en.wikipedia.org/wiki/Router_(computing)
Network Switch – http://en.wikipedia.org/wiki/Network_switch
Firewall – http://en.wikipedia.org/wiki/Firewall_(computing)
Ping – http://en.wikipedia.org/wiki/Ping_(networking_utility)
Nslookup – http://en.wikipedia.org/wiki/Nslookup
Traceroute – http://en.wikipedia.org/wiki/Traceroute
Ping-of-Death – http://www.cert.org/advisories/CA-1996-26.html
Denial-of-Service (DoS) Attack – http://en.wikipedia.org/wiki/Denial-of-service_attack
Network Address Translation (NAT) – http://www.cisco.com

Cheers!

Fabio.