端口转发允许您将来自路由器上某个端口的流量定向到您在网络上选择的设备。如果您使用任何类型的服务器,例如电子邮件和游戏,您需要了解如何进行端口转发,以便这些软件可以在您的机器上运行。
如果未启用端口转发,这些服务器的流量将卡在您的路由器上,并且永远无法到达您本地网络上的所需设备。有了所有可用的端口转发教程,无论您拥有什么路由器,都可以轻松地在路由器上进行设置。
这样做时,您需要确保以仅允许某些 IP 地址访问这些端口的方式设置端口转发。您不希望Internet上的任何人都能够访问您的开放端口。
为您的设备分配静态 IP 地址(Assign a Static IP Address To Your Device)
在您继续在路由器上启用端口转发之前,您需要为您的机器分配一个静态 IP。这是因为当您转发端口时,您需要指定流量应该路由到的设备的 IP 地址。这应该是您想要接收流量的设备。
- 在您的Windows计算机上,同时按Windows + R键,键入cmd,然后按 Enter(Enter)。
- 当命令提示符(Command Prompt)窗口启动时,输入以下命令并按Enter。它会显示您的网络状态。
ipconfig /all
- 您应该在屏幕上打开的窗口中看到您的网络详细信息。您需要记下以下内容,因为您将在本指南的后续步骤中需要这些内容。然后关闭窗口。
1) IP 地址
2) 子网掩码
3) 默认网关
4) 首选 DNS 服务器
5) 备用 DNS 服务器(1) IP address2) Subnet mask3) Default gateway4) Preferred DNS server5) Alternate DNS server)
- 使用Cortana搜索框搜索并打开控制面板(Control Panel)。单击主界面上的查看网络状态和任务。(View network status and tasks)
- 找到(Find)并单击左侧边栏中显示更改适配器设置的选项。(Change adapter settings )
- 如果您有多个网络适配器,您将在此屏幕上看到所有这些。您想右键单击用于连接到Internet的那个,然后选择Properties。
- 在以下屏幕上,选择显示Internet Protocol Version 4 (TCP/IPv4)的选项,然后单击属性(Properties)按钮。
- 以下屏幕可让您为计算机分配静态 IP 地址。启用“使用以下 IP 地址(Use the following IP address)”选项,它将允许在输入字段中输入您的值。
- (Fill)使用您之前在本指南的命令提示符(Command Prompt)窗口中记下的值填写字段。
- 单击确定(OK)以保存更改。
在为您的计算机分配 IP 地址时,您要确保它离您当前的 IP 地址范围有点远。这是因为如果您重新启动计算机,您的路由器可能会将您选择的 IP 地址分配给您网络上的另一台设备,这将导致您的系统出现 IP 冲突。
为了安全起见,如果您当前的 IP 地址是192.168.1.105 ,请为您的计算机分配类似192.168.1.140的地址。(192.168.1.140)这将防止IP冲突。
如何在路由器上进行端口转发(How to Port Forward On Your Router)
现在您的计算机已经分配了一个静态 IP,您可以继续使用下面的如何转发端口步骤来转发端口。
根据您使用的路由器,步骤会略有不同。但是,您应该能够找到所需的选项,因为它们的名称相似。
- 访问路由器的设置页面,该页面通常位于192.168.1.1。
- (Log)如果您没有更改默认登录名,请使用默认登录名登录您的路由器。这应该是两个字段的管理员(admin)和管理员(admin)。
- 单击顶部的转发以打开转发设置屏幕。(Forwarding)
- 单击左侧栏中的端口转发(Port Forwarding),您将能够进行端口转发。在屏幕上的给定字段中输入以下详细信息。
Start Port——输入你要转发的端口的开始
End Port——你的端口范围的结束
LAN IP——输入你电脑的静态IP地址
Protocol——你可以根据你的要求选择。如果您不确定,请选择两者(Both)。
启用(Enable)- 勾选框
- 最后,单击底部的确定以保存更改。(OK)
您选择的端口现在已转发到您指定的 IP 地址。发送到网络上这些端口的任何流量都将直接路由到您的LAN IP,即您的计算机。
要求您进行移植的应用程序或软件现在应该可以正常工作了。
限制 IP 地址使用开放端口(Restrict IP Addresses From Using The Open Port)
您转发的端口实际上可以被Internet上的任何人访问。您想限制访问(restrict the access),以便只有某些允许的 IP 地址可以使用这些端口。
- 打开路由器的设置,选择防火墙(Firewall),然后选择过滤器设置(Filter Setup)。
- 启用默认数据设置并设置选项如下:
方向(Direction)- WAN -> LAN/DMZ/RT/VPN
源 IP(Source IP) - 选择单一地址(Single Address)或范围地址(Range Address)。
起始 IP 地址(Start IP Address)- 输入可以访问您的端口的
IP 结束 IP 地址(End IP Address)- 在可以访问您的端口的范围内输入结束 IP
目标端口(Destination Port)- 输入您转发的端口
- 选择立即通过(Pass Immediately),然后单击下一步(Next)和完成(Finish)。
- 创建一个新的过滤规则并在目标端口(Destination Port)框中输入您的端口。单击下一步(Next)并选择立即阻止(Block Immediately)。
确保(Make)规则按照您在上述步骤中创建的顺序排列。
第一条规则将验证 IP 地址并仅在它是您允许的IP(IPs)之一时让它通过。如果 IP 不匹配,则将应用下一条规则,该规则将阻止所有流向您指定端口的流量。
How To Port Forward Without Opening The Door To Hackers
Pоrt forwarding allows you to direct the traffiс coming to a certain port on your router to your chosen device on your network. If you’re into any kind of servers such as email and gaming, yоυ’ll wаnt to learn how to port forward in order for these software to work on уоur machine.
If port forwarding isn’t enabled, the traffic for these servers will get stuck at your router and it won’t ever reach the desired device on your local network. With all the port forwarding tutorials available out there, it’s easy to set it up on your router no matter what router you have got.
While doing so, you’ll want to make sure that you set up port forwarding in such a way that it only allows certain IP addresses to access those ports. You don’t want just anyone on the Internet to be able to access your open ports.
Assign a Static IP Address To Your Device
Before you go ahead and enable port forwarding on your router, you’ll need to assign a static IP to your machine. It’s because when you forward a port, you need to specify the IP address of the device where the traffic should be routed to. This should be the device you want to receive traffic on.
- On your Windows computer, press the Windows + R keys at the same time, type cmd, and hit Enter.
- When the Command Prompt window launches, type in the following command and press Enter. It’ll show your network status.
ipconfig /all
- You should see your network details in the window open on your screen. You want to note down the following things as you’ll be needing these in the later steps in this guide. Then close the window.
1) IP address
2) Subnet mask
3) Default gateway
4) Preferred DNS server
5) Alternate DNS server
- Use the Cortana search box to search for and open Control Panel. Click on View network status and tasks on the main interface.
- Find and click on the option that says Change adapter settings in the left sidebar.
- If you have multiple network adapters, you’ll see all of those on this screen. You want to right-click on the one that you use to connect to the Internet and select Properties.
- On the following screen, select the option that says Internet Protocol Version 4 (TCP/IPv4) and then click on the Properties button.
- The following screen lets you assign a static IP address to your computer. Enable the option that says Use the following IP address and it’ll let enter your values in the input fields.
- Fill in the fields with the values you noted down earlier from the Command Prompt window in this guide.
- Click OK to save the changes.
While assigning an IP address to your computer, you want to make sure it’s a bit far away from your current IP address range. It’s because if you reboot your machines, your router may assign your chosen IP address to another device on your network which will cause an IP conflict on your system.
To be on the safe side, if your current IP address is 192.168.1.105, assign something like 192.168.1.140 to your computer. This’ll prevent IP conflict.
How to Port Forward On Your Router
Now that your computer has a static IP assigned to it, you can go ahead and forward the ports using our how to port forward steps below.
The steps will slightly vary depending on the router you use. However, you should be able to find the options you need as they’ll have similar names.
- Access your router’s settings page which is usually located at 192.168.1.1.
- Log into your router using the default logins, if you haven’t changed them. This should be admin and admin for both fields.
- Click on Forwarding at the top to open the forwarding settings screen.
- Click on Port Forwarding in the left sidebar and you’ll be able to port forward. Enter the following details in the given fields on your screen.
Start Port – enter the starting of the ports you want to forward
End Port – the end of the range of your ports
LAN IP – enter the static IP address of your computer
Protocol – you can choose according to your requirements. If you aren’t sure, select Both.
Enable – tick-mark the box
- Finally, click on OK at the bottom to save the changes.
Your chosen ports have now been forwarded to your specified IP address. Any traffic that is sent to those ports on your network will be routed directly to your LAN IP which is your computer.
The apps or software that asked you to port forward should now work without any issues.
Restrict IP Addresses From Using The Open Port
The ports you’ve forwarded can actually be accessed by anyone on the Internet. You want to restrict the access so only certain allowed IP addresses can use those ports.
- Open your router’s settings, select Firewall, and choose Filter Setup.
- Enable the default data setup and set the options as the following:
Direction – WAN -> LAN/DMZ/RT/VPN
Source IP – select Single Address or Range Address.
Start IP Address – enter the IP that can access your ports
End IP Address – enter the ending IP in the range that can access your ports
Destination Port – enter the port you forwarded
- Choose Pass Immediately and click on Next and Finish.
- Create a new filter rule and enter your port in the Destination Port box. Click on Next and choose Block Immediately.
Make sure the rules are in order as you created them in the above steps.
The first rule will verify the IP address and only let it pass if it’s one of the IPs you have allowed. If the IP doesn’t match, the next rule will apply which blocks all the traffic to your specified port.
