Port Forwarding is a really simple concept, but a very important step you need to take if you want to remotely access the devices you have at home. For instance, if you have a Unifi connection connected to an always on desktop and you wanted to Remotely access your windows machine, you’d need to perform port forwarding on your router.
Similarly if you’ve just installed a new IP camera in your home, and want to access the camera while you’re on the road you’ll need to perform port forwarding on your router.
Port forwarding is a neccessary step in order to access your home devices from outside your home. If you want to access anything in your home remotely you’ll need to configure some sort of Port Forwarding, and here’s the why are how.
Why you need to perform Port Forwarding
To answer the question of why, you first have to understand how the IP addresses on your home network work. In your home you have a router, and all your devices connect to this router to access the internet.
For the purpose of this analogy, assume I have a smartphone, a PC and a IP camera connected to my router. So my router has 3 devices connected to it.
These devices are actually connected to two networks. One internal network called the Local Area Network (LAN), and one external network called the Wide Area Network (WAN). In most cases the WAN is the internet, but it doesn’t have to be.
You could try pulling out the WAN cable from your Unifi Router, and you’d discover that the while devices can’t go online anymore they could still connect to each other. In this case, my PC could still access my IP camera, but not Facebook. That’s because my IP Camera is on the LAN, while Facebook is on the WAN.
So on top of the LAN IP addresses, you also have a WAN IP address, which you can determine by simply browsing to whatsmyip.com. LAN IP addresses always start with 192.168, but WAN IP addresses can start with almost anything. LAN IP addresses identify the device on the LAN, where as a WAN IP addresses identify the device on the WAN.
The main difference however, is that while each device on your home network gets it’s own LAN IP address, all the devices share the same WAN IP address. Put another way, the LAN IP address is unique to each device, but the WAN IP address is the same for all the devices on your home network. You can try this by visiting whatsmyip.com from the various devices you have on your home network and you’ll notice they all show the exact same IP address.
For the most part this is straightforward, because all traffic on the router originate from the device itself. When you browse Facebook, or go online, you trigger these interactions from your smartphone or PC. So because the router knew which device triggered the interaction, it will know how to route the corresponding responses from the websites.
However, if the interaction was triggered from an outside source that’s a different story.
So imagine if I wanted to login into my home network to access my newly installed Foscam IP camera, I’d try to access my WAN IP address, but once I reach the router there’d be problem. The router, can’t figure out which device to route my request to. Since all devices share the same WAN IP address, the router doesn’t know if I wanted to access my smartphone, my PC or my IP camera, therefore the request is dropped and you get nothing. To the router, it doesn’t know which LAN IP address to forward the request to, so it drops the request altogether.
The only way to resolve this issue is through port forwarding
How does Port Forwarding Solve it?
Port Forwarding, does something very simple, it’s actually a configuration table on your router that directs your router to forward a certain request to a certain LAN IP address based on the port number of the request.
A port number is simply a way to specify a connection request down to the application. When you connect to any machine on an IP address you also specify the port number, that way the machine can have many different applications running and depending on the port number know which request to forward to which application. Otherwise, all machines could only run one application.
In this case when I try to connect to my IP camera from a remote location, I’m trying to connect to the WAN IP address over a specific PORT number.
By configuring the Port Forwarding on the router, the router will know that all request coming on port 1234 (for example) should be routed my IP Camera on LAN IP address 192.168.0.103
So how do we configure this on my Dlink DIR-615 router?
How to Port Forward your Dlink Dir-615 Router
Step 1: Logon to your router and click the Advanced tab
1. Entering the Name of the rule (don’t worry too much about this), I named it camera for the purpose of this exercise.
2. The Private IP of device you wish to Forward to. This is the LAN IP address of the device you’re connected to. You’d also want to make sure your DHCP is switched off and all devices have fixed IP addresses for this to work.
3. The Public Port range that you wish to forward FROM. This is the Port that someone will try to access from a remote location.
4. The Private Port range, this is the Port range that you wish to forward TO. Both the Public and Private Port ranges allow you to map different external ports to the same internal ports on different machines. Very important if you have multiple IP cameras at your home operating on the same port. That’s why Port Forwarding and Port Mapping are nearly interchangeable terms.
5. You should leave the Public IP address empty, I’m not sure what that is for, but leaving it empty works for me.
Finally remember to ‘tick’ the box. I forgot to do this, and spent nearly 20 minutes trying to figure out what I was doing wrong because my port forwarding wasn’t working.
Next go to canyouseeme.org, and check if your port forwarding works, by simply entering the Public Port range you specified (the FROM port range).
Once you get this work, you probably want to find out how to perform a Dynamic DNS on your router, since you’ll need DDNS in conjunction with port forwarding to get most things to work. Click here for my tutorial on DDNS.
I’ve tried your method for my Aztech WIPC401 IP Camera and the port forwarding and it really works. However when I tried to configure for my second camera, the port forwarding doesn’t work. Could you please help me to solve the problems? I have no idea to solve it. Following are the details for your reference:
1) my first camera
Private IP: 192.168.0.200 (Statit IP)
Private Port No. : 8081
2) my 2nd camera
Private IP: 192.168.0.201 (Statit IP)
Private Port No. : 8082
I’m using DLink DIR-615 router too. Can you show me how should I configure the port forwarding for the 2 cameras.
Can you send me a screenshot of the port forwarding page. One thing to note is the while the private port number is the port you wish to map ‘FROM’.
Usually web server on your IP camera is hosted on either port 80, or 8080. So Make sure the PRIVATE port number is the SAME for both cameras, but the PUBLIC port numbers are different. You can’t have 2 devices with the same PUBLIC port numbers on the same router.
If you send me the screenshot, I can try to help.
Sure, no problem. How am i going to send the screenshot to you as I can’t attach it here. Please advice. Tq.
just email me. [email protected] .
Hi Keith – need your advise.My current unifi router is RG TMRND Gen1.0.
My problem is I cannot view the cctv image on my smartphone or laptop at home using the unifi wifi.But able to view on my hp at home using 3G data(usage is very high).
My sister overseas can view the cctv image on her smartphone using her wifi.
My cctv supplier said the problem is due to the unifi router and said to change router to d-link DIR615.But when I called TM Unifi, they said they do not have any more of the DIR 615.
Can I buy the d-link DIR 615 from outside retailer? Is it the same and will this solve the problem?
When you try to access the cctv are you using the LAN IP address (usually starts with 192.168…) or the WAN IP address (starts with something other than 192.168), or are you using a dynamic DNS?
Hi Keith – checked with my cctv supplier.
Its using LAN IP address.
I actually have the same problem as you.
When I’m outside on an external network, I can easily view my IP camera on my dynamic DNS. (hint: search for dynamic dns to learn more)
When I’m inside my home though, and connected to my home WiFi I’m unable to access my IP Camera with my dynamic DNS, but have to use my LAN IP address instead.
This is because the router I have does not support loopbacks too well. A Loopback is when the source and destination of the traffic is the same, a simple analogy would be that you’re trying to send a letter FROM your house TO you house, and the postman doesn’t know what to do with it, because the sender and receiver are from the same place, so the post-man discards the letter.
Unfortunately, from what I gather the DIR-615 router also suffers from loopback issues as well.
My only advice is to use the LOCAL LAN IPs to access your cctv when you’re at home, and the dynamic DNS (or external IPs) when you’re not.
Hope that helps. My way around the problem is quite simple, I have 3GB data package from Maxis that never runs out, so anytime I want to access my IP camera, I just switch to Maxis and everything works.
If this doesn’t sort out your problem, email me and I can help : [email protected]
doesnt seem to work with me when i try to redirect the port to my apache server 🙁
doesnt seem to work with me when i try to redirect the port to my apache server 🙁
I managed to port forward in my Unifi Router. But when i open canyouseeme.org, it says that
it cannot see the service on ‘external-ip’ on port (port no.). Reason: Connection time out
Does this mean my port forwarding is not succesful?
Do you have a device connected at the end of the port forward? Sometimes even if the settings are correct, if your end device isn’t configured correctly you’ll get a time-out.
By end device, you mean the device with the IP added to the port forwarding options? If yes, yes it is connected. I run canyouseeme from that device. My router is a bit different though. I am using the newer version DLink Dir-614
Yup, the device the with the IP added to the port-forwarding. If that is ON, there’s only a couple of things that can be wrong. Either:
1. DId you remember to ‘save your settings”–common mistakes many people forget to do
2. You need to enter the public port in canyouseeme, and not the private port.
3. The device may be running, but is anything running on that port number of the device? If you forward something to port XX on the device, is there an application ready to accept connections via port XX installed on the device?
1. Yes i saved the setting and put a tick on the portforwarding to enable it
2. Yes i did enter my public port. Besides that canyouseeme will detect it automatcailly when i open the website
3.Yes there are application ready to accept the connections via the port. I even check port 80 (http web) at canyousemee. It also shows connection time out.
Ok, well you can test this as well.
1. Try to access the IP/PORT on your home network to see if there’s really an application ready to accept connections.
2. Then try to use a separate network (your 3G phone or something to access that connection via the internet).
If 1 works and 2 doesn’t, then port-forwarding isn’t working. If both don’t work, then your application isn’t listening. If both work–well then no problem la.
Hi Keith , I have problems with my port forward , I want to port forward port 6000-8020 for an application I use so I’m assuming I put that in the public port slot , then what do I need to put in the private ports section ?
Port Forwarding is a process to map an incoming port into the network and direct it to a specific machine and port on the network.
If the port numbers are the same, just enter the same range for both public and private.
Thanks so much for your tutorial. I were find for this tutorial (with the same interface of router) long time ago. Now my port forwarding problem has been solved. Thanks!