Thursday, 09 December 2021

What ports of the router should you open and how to do it?

Mapping the ports, better known as opening the ports is something that, surely you have heard about, but that you may not know very well what exactly it is about. In this case, it is usually a solution when the Internet is not working well, we cannot play online correctly or we have certain connection problems. This is something that has plagued gamers for a long time, but also users of the most popular P2P applications. Be that as it may, all users must know how to open the ports, what it is for and the advantages of the process.

This process is vitally important to download from P2P networks, play online, make FTP transfers or make video conferences. It is not that we cannot do it if we do not have the ports open, but the operation will not be the same. Therefore, we explain the meaning of opening ports, what ports are or the importance of being closed / open. In addition, we will see an automatic way to open it and then manual according to the router or operator model in question.

What are ports and types

When we connect to the Internet, all applications redirect their traffic through certain ports. The router is responsible for receiving and processing all the information that we send to the Internet or receive from the Internet, also from the local network. Ports are used to carry out this process in an orderly manner. Some make parallels with mailboxes and even train station platforms. Each “information” will arrive at a certain port or will leave from a certain port.

The OSI (Open System Interconnection) model is a model used for network protocols created in 1980 by the International Organization for Standardization. Three years later it was published by the ITU and since 1984 so has the International Organization for Standardization (ISO). The IANA, which monitors the global allocation of IP addresses, autonomous systems, DNS domain name root servers, and other resources related to Internet protocols, has created three categories to classify all network ports from 0 to 65535:

  • Well-known ports: Ports less than 1024 are ports reserved for the operating system and used by “well-known protocols”. Here we have examples of HTTP (webserver), POP3 / SMTP (e-mail server) and Telnet. If we want to use one of these ports we will have to start the service that uses them with administrator permissions.

  • Registered ports: Those between 1024 and 49151 are called “registered”. These can be used by any application, although there is a public list on the IANA website where you can see which protocol each of them uses.

  • Dynamic or private ports: Those between the numbers 49152 and 65535 are called dynamic or private, they are normally assigned dynamically to client applications when the connection is started. They are used in P2P connections or online games. Normally, we will have to open some of them or even the previous section.

 

 

TCP vs UDP ports

There are two types of ports, TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). The first is the most common as it is connection-oriented. This is designed to handle end-to-end connections, being ideal for the IP protocol that is not designed to establish a reciprocal verification system between devices. For its part, UDP does not verify the reception of data transmitted between one device and another, and this must be implemented in higher layers. Its main advantage is speed, being the most used in streaming voice or video services.

In addition to the transmission speed or the absence of a verification system for the transmission of information, there are some more differences between the two protocols. For example, TCP has a traffic flow and congestion control system. Finally, the header size of the TCP protocol is 20 bytes, while that of the UCP protocol is only 8 bytes.

 

 

Reasons to open them

By default, the ports are closed, especially when it comes to dynamic or private ports. This is done for security reasons since, in the case of having all the ports open by default, it would be difficult to protect ourselves from external attackers or cybercriminals with bad intentions. In this case, we will have to act directly on the process to configure its opening, which has not been done automatically.

We must know that ports 0 to 1023 are reserved by the system and cannot be modified. To give us an idea, port 80 will be used by web browsers such as Google Chrome, Mozilla Firefox or Microsoft Edge, to browse the Internet. Port 110 is reserved for email.

However, from 1024 to 65535 they can be used by applications and services as varied as Skype, BitTorrent or games. Having the ports used by these applications closed can result in low speed or connection problems, so we will have to take action on the matter. In online games, problems are usually experienced as a result of having the ports closed in the form of lag or delays so that the actions that are ordered with the controller take a few seconds to execute, which makes the experience of playing online impractical.

UPnP protocol

The UPnP protocol makes it no longer as necessary to have to open ports on our routers manually as we did a few years ago. However, we must be very careful with this functionality that, for security reasons, it is advisable to disable. Universal Plug and Play (UPnP) is a set of communication protocols that enables networked peripherals to transparently discover the presence of other devices on the network and establish communication network services. It is basically a Plug and Play adaptation of USB devices to the "world" of network connections.

Thanks to this protocol, the router can open the necessary ports when we run an application and close them when we are no longer using it. Normally, this is enabled by default in most modern routers as it saves operators a lot of headaches with calls to customer service. The UPnP protocol makes it easy for us to connect network devices with our computer, a simple printer, a webcam or any other wireless device that needs to open the corresponding ports to function properly and thus avoid having to look at which ports you need to have open and how to do it.

This system is like a kind of automatic access door. The problem that this can cause is that there are devices or applications that do not have adequate security measures in terms of device verification. In this way, there have been cases such as the creators of the UPnP IGD version for use in routers and firewalls, which didn't include any authentication protocol, causing vulnerabilities in the equipment. Something similar also happens with Adobe Flash programs, which could redirect the connection of routers to dangerous websites.

How to open the ports

To open the ports of a network we can go directly to the configuration menu of our router. If it is a router provided by the telephone operator, it is very likely that it has installed its own configuration menu, they are usually very simple and intuitive. In case of having purchased the router on our own, it is possible that we have to dive through the different menus, the advantage of these cases is that they usually offer more customization options. There are also other native or third-party tools that will open the ports for us.

Open ports manually

Now that we are experts at a conceptual level and we know exactly the port or ports that we must open, it is time to address their manual opening. This changes from one router model to another, so it is difficult to establish a universal explanation, although more or less the bottom of the question is the same in all cases. In the case of the Movistar router, all you have to do is click on the menu icon with three horizontal stripes located in the upper left and click on Ports.

 

 

It is important to know that we will map the ports or open the ports for a specific IP address of our internal network. If we have DHCP activated and that address is assigned to another computer, this configuration will be applied to the new device and not to the original. Therefore, it is advisable to establish a fixed or static IP for the computer or game console on which we want to act.

Once this is done, we will access the router through its gateway, data that we can easily obtain in Windows 10 by accessing the Command Prompt or CMD and typing ipconfig. This command will return a series of values ​​among which we will find the default gateway. That will be the IP address that we must enter in the browser. From there, we will enter the default username and password of the router.

 

 

Once in the configuration interface, we will look for sections called Port Forwarding, NAT, Port Forwarding, Port Mapping or Advanced Options. There we will have available the tool to indicate the port or ports that must be open. We will click on Add new application or service or similar option, to complete with the following information:

  • Name of the service: This is merely descriptive, but it is worth taking a few seconds to write the service, program or game in question.

  • External port (WAN): This is the port that we must open on the router. We must bear in mind that we cannot open the same ports for two different computers on the same internal network or LAN.

  • Internal port (LAN): In some routers you can do forwarding of external ports, although we can leave it blank as it is optional.

  • Internal IP address: Address of the computer, game console or device that will need that open port.

  • Source IP address: Specific option of more advanced models to filter by source IP address and thus have additional security.

  • Protocol: Here we must indicate if it uses the protocol TCP, UDP or both.

Sometimes it is possible that we can define a range of ports separating the first and last with a hyphen, or even that it asks us for the starting and ending ports. Other options that we can find and that we will leave activated or deactivated by default unless we know what we do are some such as Enable MAC Mapping.

 

 

Open them with software

We can open the ports of the router using a program called Simple Port Forwarding and, being a somewhat old application, we must run simulating compatibility with Windows XP, Windows Vista, Windows 7 and Windows 8.

Thanks to this program we will not have to manually enter our router since it does it itself. This program works through the web, so it accesses the router in the same way as when we do it with our browser. We have a huge number of compatible routers and even some modern ones can be entered for the compatibility of others that are older. It is a program with a very intuitive interface, so great knowledge is not needed in this regard for us to achieve our final goal, which is none other than opening the ports of our router.

To function correctly we will need to know what is the router model we have (some new ones work as if they were older ones), the IP address, the user and the password with which we access. With this data we can now configure the ports to our liking.

What ports do I need to open?

If we do not have UPnP available on our router or we have disabled it for security reasons, we may need to know the ports that we must open on the router. A good service that we can use is Port Forwarding,  which indicates the  TCP and UDP ports according to the chosen service, program or game.

Another option is the Port Test that allows us to locate the necessary port by consulting a wide collection of applications or games. In the case of services that we are not going to access with the PC and with, for example, a game console, we leave you a list of the ports it uses:

Ports open PS4

  • TCP ports: 80, 443, 5223 and 10070 - 10080

  • UDP ports: 3478, 3479, 3658 and 10070

Ports open Xbox 360, Xbox One

  • TCP ports: 53, 80, 3074

  • UDP ports: 53, 88, 500, 3074, 3544, 4500

Among the ports that we should not open, and always according to the figures compiled by various security firms, we find these three ports:

  • 22 – SSH (Secure Shell)

  • 80 – HTTP (Hypertext Transfer Protocol)

  • 443 – HTTPS (Hypertext Transfer Protocol Secure)

Other port management systems

To facilitate the management of ports in our network, other systems such as DMZ or CG-NAT have been developed. The first allows the total opening of ports and is the extreme solution when we cannot get an application or device to work correctly due to this issue, the second is a common protocol in Internet operators that can cause some problems.

DMZ, best for consoles and having open NAT?

For game consoles, many people recommend using the DMZ or demilitarized zone. Broadly speaking, this option places the device in an intermediate area where it will have all ports open. This poses a significant security risk and it is much safer to opt for other solutions before resorting to this extreme. The DMZ is not recommended for a computer, although it could be the final option for a game console.

In this case, we will first try the use of UPnP, Port Forwarding or Port Trigger, together with the manual opening of the necessary ports for the device in question. Only when this is not an option or if we do not want to complicate our lives (even at the cost of security), we can activate the DMZ for the IP of the internal LAN in question.

CG-NAT, when your operator "closes" your ports

There is another aspect that we must take into account when it comes to opening ports and over which only our operator has control. That is, we will not be able to enter the router and map the ports, since this will not help. We are talking about CG-NAT which stands for Carrier-Grade Network Address Translation and is the use of the same public IPv4 over several private addresses simultaneously.

Many operators have resorted to this technique due to the scarcity of addresses and the lack of migration to IPv6. Among its drawbacks we find that we do not have the possibility of port forwarding on the router itself. For that reason, if we need to open a port, we must ask the operator to “remove” us from CG-NAT.

How to view open ports on a local computer

To see the complete list of open ports in our connection there are different ways, from the Command Prompt itself, or in a more organized way with third-party applications.

From the Command Prompt

All the programs that use an internet connection make use of the TCP / IP protocol that allows each of them to establish an individual connection using a destination IP address followed by a port that identifies them on the local network so that at the time of receiving the response traffic of said connection is easily identified. All programs in operating systems establish connections and open ports for use, whether they are trusted programs or malicious software.

Maintaining control of connections and ports can greatly facilitate the task of identifying possible malicious and unauthorized software and thus maintain a much more concrete control of the system. Therefore, we can monitor Windows network connections without having to install anything. There are several ways to find out all the connections that programs establish locally and the ports that these applications use. An example of this could be executing from CMD - Command Prompt the command: netstat -a and it would show us a window similar to the following one with all the connection information:

Useful information but one that can also be confusing and difficult to interpret.

With external applications

In addition to the command in the Command Prompt, we can analyze the open ports with third-party applications. As we can see, an excellent application that will allow us to know the ports that we have open in our system easily and graphically. It is also a free and portable application so we can always carry it with us on a USB memory. First of all, we must make sure that they are closed and, for this, we can use different methods (applications or online services).

CurrPorts

To know in a much easier way the ports and the established connections of our system we can use an application such as CurrPorts. This application will allow us to know all the connections that occur in real-time in our system with their corresponding applications, ports and other data of interest that allow us to know a greater number of aspects of these.

The first thing to do is download CurrPorts from its official website. The application is completely free and is distributed in a portable format so it is not necessary to install any package on our system, simply download the application, unzip it and run it. A window similar to the following will appear.

 

In this window we can see the following sections:

  • Name of the application next to its system icon for better identification.

  • Process number.

  • Protocol used (TCP / UDP).

  • Local port used.

  • Local port name (if it is a reserved port).

  • Local IP address used by that connection.

  • Remote port.

  • Name of the remote port (if it is a reserved port).

  • Address IP remote.

  • Remote IP address domain.

  • State of the connection (established, closed, listening, etc).

  • More data about the application (route, user, etc).

This program will also allow us to export connection reports (through its export function) and even close processes and already established connections to block any connection between the program and the remote server. To access these options, all you have to do is select the connection you want and click on it with the right button. The following menu will appear where we can choose what we want to do with this process.

Other similar apps

  • Open ports test: a tool on the Speed ​​Test website that will analyze all the ports on our network to verify that they are closed.

 

 

  • Nmap: is an application that we can download and install on Windows, macOS and Linux designed in open source and that is free to analyze your private network connection and Internet access to detect possible vulnerabilities.

 

 

  • Angry IP Scan: another application similar to the previous one that we can download for free for Windows, macOS and Linux.

 

 

  • Zenmap: is a Nmap tool designed to scan and analyze your connection ports to detect which ones are open and how they are being used.

 


Link: https://www.adslzone.net/como-se-hace/internet/abrir-puertos-router/

 

NOCPERU - DATA CENTER, is the first corporate data center dedicated to companies, a robust and stable system developed with fiber optic connectivity and operated by the highest international standards.

Contact Us

Trujillo, La Libertad, Perú
01 641 1239
044 64 3108
01 305-749-5753
+51 902 524 298