Although a firewall will block all requests from the outside world by default, there may be times when you actually want to allow external users into your network. For example, maybe you’re running an FTP server internally that you want to gain access to while on the road, or maybe you have a Web server configured that you want to allow Internet users to access. Because the default configuration of most firewalls blocks all external requests, you’ll need to open things up using a feature known as port forwarding.
Remember that in almost all cases, your internal network will be configured to use private IP addresses. Because of this, you’ll need to configure your firewall to take requests destined for your public or “real” IP address and forward them to the appropriate internal server. For example, let’s say that you have a Web server configured on a system with the IP address 192.168.1.50, a private address. In order to allow external users to access this server, you’ll need to configure your firewall to “listen” for Web server requests on the external IP address, and then forward them to the internal server at 192.168.1.50. Unfortunately, to make all this work, you need to know one additional piece of information – namely the port to which Web requests are made.
When a user on the Internet needs to contact a Web server, the request is forwarded to the IP address of the server, and the port on which the Web server service is running. By default, all Web server software (such as IIS or Apache) listens for requests on TCP port 80. So, what you would need to do in this case is tell the firewall that every time your public IP address receives a request destined for TCP port 80, it should forward the request to TCP port 80 on the Web server running on 192.168.1.50. The manner in which this is configured depends upon the firewall you are using. The stepped instructions below provide details for configuring port forwarding on a hardware device, in this case a Linksys router – note that the exact steps will probably be different based on your hardware.
If you don’t see the service that you want to configure on the list, you can define your own forwarding rules by clicking the Add button and specifying a name for the service, as well as an IP address and port number(s).
Example: Allow access to your internal FTP server from the Internet using your Linksys router.
Step 1: Open a web browser and access address http://192.168.1.1. This is the default address to access the router configuration. Enter your password (check your documentation) and press Enter.
Step 2: Click on the Advanced tab at the top of the screen. This will bring you into advanced configuration options for the router, such as port forwarding and filtering. Click the forwarding tab.
Step 3: In the first line of Service Port Range numbers, enter 21 in both boxes, and then the IP address of your internal FTP server in the IP Address box. In this case, an FTP server is located at 192.168.1.150. Click Apply. Test everything by attempting to connect to your external IP with an FTP client program and see if you reach your internal server.