Port Forwarding

An Internet Service Provider's (ISP) gateway has a firewall, which blocks most malicious traffic from a home's local area network (LAN).

Most communications are initiated by a device on the LAN requesting information from the internet. For example, when I go to google.com, google responds with its search page, and when I enter my search google responds. The firewall recognizes my outbound traffic and allows inbound traffic in response to my requests.

A common firewall rule is to block all inbound traffic that did not originate on the home network.

Sometimes I want traffic from the internet to reach a server on my LAN. For example, a home web server should be able to receive and respond to requests from the internet. Port forwarding is used to allow HTTPS requests on port 443 to reach my web server.

Dyn Wizard provides general instructions on how to do port forwarding. Other useful resources are PortForward.com, the ISP or the gateway's manufacturer.

My ISP is AT&T, and I have a Gigabit connection, which uses an Arris BGW210 router. For AT&T Routers, this is a good link for port forwarding.

To set up port forwarding on an AT&T Gigabit BGW210 router follow the directions in the link above. Or use the directions below.

Alternative: Create an A record in Dynamic DNS provider to point at local host IP address.

Step 1. Login into ISP Gateway

Open a browser

Enter the gateway's address: 192.168.1.254

The Gateway's interface should appear. You may have to login

Enter the Device Access Code found on the side of your gateway.

Select the Firewall tab

Select NAT/Gaming

If you receive a warning message, you will need to visit the AT&T Port Forwarding tool to enable Port Forwarding on your account.

Then, you can continue with the steps in this solution.

Step 2. Create a service and port to forward

Under Manage Custom Services, select: Custom Services

Create a Service Entry

Some examples:

♣port♣ 5000 is used by flask

♣port♣ = 443 is used for HTTPS web servers

Service Name: ♣whatever-you-would-like♣

(from internet) Global Port Range: ♣port♣-♣port♣

(on home server) Base Host Port: ♣port♣

Protocol: TCP

Click the Add button

Return to NAT/Gaming

Under Application Hosting Entry

Select the Service created above in Service Name (webserver5000)

Select the Needed by Device (server on the LAN)

Click the Add button

Step 3. Test if it works

Once the above steps are complete, the web server will be accessible from the internet.

Test from iPhone: Settings, Disable Wi-Fi, Cellular Data should be on

Open Safari on the iPhone

To verify, enter your Dynamic DNS name:

http://♣dynamic-dns-name♣:♣port♣

If Apache is running, then use ♣port♣ = 80

Step 4. This isn't secure

Do not port forward without using a private cert on the devices that are allowed to access the server

Under Firewall tab, Nat/Gaming and Hosted Applications press the Delete link on any Service not protected by a private cert

Appendix:

My Old Routers:

Port Forwarding for AT&T 5268ac

5268ac does not support loop back, so Garage Opener server is not accessible from computers on the LAN.

For a MacBook to access the garage opener web server do the following:

$ sudo nano /etc/hosts

and add the line

192.168.1.64 ♣server's-external-domain-name♣

Save and exit, CTRL-o, CTRL-x$ sudo killall -HUP mDNSResponder

The 5268ac's built-in port forwarding rules, such as, HTTPS server, HTTP Server and Web Server do not work. To get port forwarding to work:

Open a browser, and go to 192.168.1.254

Login

Select Settings, Firewall, Applications, pinholes and DMZ.

Select the garage opener web server

Select User-defined

Click a new user-defined application

In Application Profile Name enter: PortForwarding

In Create Application Definition add each of the following and click Add to List:

TCP from 80 to 80, map to host port 443

TCP from 443 to 443 map to host port 443

UDP from 443 to 443, map to host port 443

UDP from 80 to 80, map to host port 443

Click back

Reselect your web server

Select User-defined

Add PortForwarding

Click Save

Port Forwarding for AT&T U-verse 2-Wire 3801HGV

Open browser and go to ♣raspberry-pi-ip♣

Password: ♣password♣

Settings

Firewall

Choose ♣raspberry-pi-hostname♣

Servers

Web Server port 80

HTTPS Server – port 443

Add

Save