How to open router ports - uses, important ports and types

All of us with the Internet have possibly heard of opening router ports. But what is the real use of opening ports and what can we do with them? They are quite useful for those who need to extend the functions of their equipment not only within their LAN but outside it, therefore we will see in detail how these ports work and when and how we should open them.

Index of contents

Of course, not all routers are the same, so we cannot cover all existing cases. But we believe that with a well-explained example, every user will be able to do the same on their router regardless of their brand and model. Know that absolutely all routers on the market offer the possibility of opening ports.

What is a port for and what is it?

Without giving too many technical details, a router is that device that will allow us to interconnect computers and other computer equipment on a network. This device works in the network layer of the OSI model (Open System Internconnection). That is, it is responsible for providing connectivity to the hosts connected to it and selecting the correct route for the exchange of information between different networks that are separated from each other.

These networks can be two different internal networks or subnets, or our own LAN and Internet, which is ultimately a huge network on a global scale. This is how we can see a web page, send an email to a contact or make a call from our team.

A router is capable of physically separating the Internet from our internal network, and this is done thanks to the ports and the NAT function. But not the RJ45 ports that we have on the back, but logical ports that only make sense in the field of packet exchange. It is through these ports that all the information from our network to the Internet leaves and enters.

But ports are not chosen arbitrarily, at least in most cases. And it is that each application or service of our team uses one or several ports through which to send and receive this information, according to the provisions of the OSI model. In many cases we will be able to choose on which port a specific application works, and in others it will simply take the predefined one by agreement.

Port range

The ports of a router are not few as you could imagine in principle, we have a total of 65536 ports available to open on it, that is, 16 bits. We will also see later that it is possible to do it one by one or through groups or ranges.

The IANA (Internet Assigned Numbers Authority) entity, in addition to supervising the allocation of IP addresses worldwide, also established three ranges or categories of ports:

• Well-known ports: This range goes from port 0 to 1023 and is reserved for the operating system and well-known services. Among them for example we have the HTTP (80) or HTTPs (443) web service, the mail service (25), etc. Registered Ports: The next range is from 1024 to 49151, a fairly thick range where any application and protocol can be used for them. Many of these ports are the ones that applications and also online games use automatically. Private or dynamic ports: those that remain, from 49152 to 65535. This range is used dynamically for client-type applications, for example P2P (Peer To Peer) download programs.

This is not an impediment to using any port in any application, but as long as the client and server agree or we establish the route in the Port Trigger function . Therefore, arbitrary use of known ports is not a good idea.

What is the use of opening ports?

As standard our router does not have any open ports, absolutely none at least permanently. And that has no influence on the ability to "relate" to Internet services, since we are ultimately mere customers. For this reason we can browse the internet, watch videos, download data, etc. But also send emails, upload files to our cloud and other actions that do not require having ports open. Then we will see a function that allows you to open and close them automatically.

The need to open router ports arises when a program tries to send and receive information through a specific port to the other end of the connection. If this is sent or received by an arbitrary dynamic port, the program will not find this information. In this case we must unlock the correct port (the port) where that information will travel to a specific host.

Many of you will wonder if it is dangerous to open ports on our router in the face of a hacker attack. Let's see, there certainly is more danger than if they are closed, especially in well-known ports because they are the ones that receive the most attacks, but the routers already have their own protection systems that will repel most attacks.

You can check if you have open ports from the official internet site.org

NAT function

The NAT (Network Address Translation) function is a system implemented in all routers that allows the private LAN network to be isolated from the public network. In this way, it is how from our home we can connect with several computers to the Internet through a single public IP address, that of the router.

This makes the outside teams not know anything about what our internal network is like, they only see a router connected with an IP. This IP is delivered by the connection provider (Orange, Vodafone, or whatever). In turn, the router internally supplies IPs in its own network and will be in charge of translating the private IP into public every time we go outside in search of a service.

Firewall or firewall

In addition to NAT, the router also has a firewall. It is software that analyzes the traffic that passes through the router and decides which packets enter and leave. In this way, if an intruder tries to connect to our computer, it will be blocked by the firewall if it understands that it is suspicious, thus revoking the connection.

To this we add the last layer of security provided by the operating system itself, with a browser and antivirus. In case the connection comes in the form of harmless a priori data that later turns out to be dangerous.

DMZ function

Finally, there is a demilitarized zone or DMZ function that is focused on taking servers or equipment focused on providing Internet services abroad. What the DMZ does is allow all the connections from the internal network to the external one in the equipment that is within that zone. While the computers that are outside of it will continue to be protected in a normal way with the firewall.

TCP and UDP protocol differences

Finally, we believe it advisable to know the two transmission protocols on which we will have to open router ports. These two protocols work in the layer 4 or transport of the OSI model, which is in charge of transporting the data packets from the destination to the origin.

TCP

TCP header

Transmission Control Protocol is one of the most important protocols in networks. This is a connection-oriented protocol, so the sender and receiver must accept the connection before exchanging data.

The protocol guarantees that the data will arrive at the destination without errors and in the same order in which they were transmitted. Communication is done safely regardless of those used in the lower layers. These TCP packets are slower because they are heavier although they gain reliability

UDP

User Datagram Protocol is also a transport-level protocol but in this case it is non-connection oriented so there is no need to establish the connection before sending.

It does not guarantee that the package reaches its destination since there is no confirmation from the recipient, nor does it guarantee that they will arrive in order, since each one will search for the best route to arrive. UDP packets are faster than TCP by weighing less, but less reliable.

Process to open router ports

With all of the above, you already have a good idea of ​​what we are going to find and what this is about opening ports. So now what we will have to do is locate the IP of the router, username and password and finally access to open the desired ports.

Locate router IP address and username and password

We will go through here very quickly since it has no major complications. We must open the Command Prompt either from the start menu by typing " CMD " or with the run tool. In any case we will write the command:

ipconfig

We must locate the line that says " Default Gateway." This will be the IP address of our router. It only remains to place it in the browser to access its settings.

Regarding the username and password, it will usually be in the router's installation instructions or on a sticker on its base next to the Wi-Fi network information.

If the router is from an internet provider such as Orange, Vodafone or Jazztel, then we can try admin / admin, admin / Wi-Fi password or admin / 1234 or their combinations. It is usually also on a sticker, but we can always contact support to provide us with the data.

We are going to open ports on the Asus RT-AX88U router . The procedure will be similar in other models so its fundamentals and options, although each firmware will be different depending on the brand.

Open ports automatically with UPnP

In a medium quality router such as practically all of them today, we have a very useful function of automatic port opening. It is a protocol called UPnP or Universal Plug and Play, which is responsible for automatically opening ports for compatible applications that are installed on our computer.

With UPnP we will not need to open any port manually, since the router will detect the application that tries to connect to the outside for the specific host that is using it. The port will remain open while the application is running, and after detecting inactivity it will automatically close it.

In the example that we carried out, the UPnP option is found in the WAN section, although in other routers we can find it in advanced options, firmware or directly in the port opening section.

From this section we see that UPnP is already enabled as standard on this router as well as symmetric NAT to ensure that our network is not visible. The option also allows us to do the procedure in the range of ports that we deem appropriate. As standard well-known ports are excluded in their internal opening, but we can perfectly extend the function to the entire range, although it will be insecure.

Of course it is a very useful option in case of P2P applications or with certain online games that require the opening of ports. But if what we want is to mount a web server, mail server, Plex or something like that, then the ports will need to be always open, so we will have to open them manually.

Open ports manually with Port Trigger

In this case we have the opening of ports section in the WAN section. Perhaps the Asus firmware is one of the most complete we can find. This will help us explain two methods to open ports that some routers like this have, in addition to the UPnP function.

Perhaps this would be better explained with the terms in English since they are the most used and the Spanish translation raises certain doubts.

This Port Trigger function only opens the ports when a device on our LAN requests access to the outside. Then the activation of ports can be done when we want to request a service from abroad, so the router opens the incoming port (Incoming Port) when our LAN team requests access to the trigger port (Trigger Port). Although it is really useful when applications need to open incoming ports different from the outgoing port as communicating outside.

An advantage of this is that it does not require static IP as we will see in Port Forwarding, but it will only allow one client at a time to use this open port.

Port Triggering

The process could be explained as follows:

1. We have a client PC in our LAN that initiates a connection through a range of ports that can be for example from 6660 to -7000. This connection aims to request the services of an FTP server through input port 21 that is on the Internet. so the server will receive the request and create a connection. If we do not have Port Trigger configured, the router will reject the connection because it does not know which LAN equipment is requesting the information. Now we activate this function and put an outgoing port in Trigger Port that will trigger the connection so to speak The incoming port 21 placed in Incoming Port will make the router accept the incoming connection from the external server.

For the example that we have carried out, we are going to use port 80 as the activation port and port 21 as the incoming port. In this way we can access the FTP Internet server from a client on our LAN through the web browser on port 80 and with port 21 as input. In this case we would access the ftp server with “ftp: // ippublica: 80”

Open ports manually with Port Forwarding

It is the most common method and the one we know as "opening router ports". In this, we will open the specified ports permanently. We will have to associate an IP address with them, which will also have to be static if we want to prevent the router's DHCP from changing it after a restart.

It is also called a virtual server due to the fact that it is focused on using it to implement servers in our internal network and provide them with access to the outside to send their services. For example a web server, ftp, etc. In this case, each port can only be used by a single computer on the LAN, that is, we can only have one ftp for port 21, for a second we would use another.

The first thing we will have to do is activate the service, something that will also be done in any other router we have. Now let's see the different sections:

• Name of the service: it is a matter of writing for information for which service we are going to open the port. In this router there are predefined a list of services that will carry out the automatic configuration in the rest of the sections. External port (WAN port): it will be the port or port that you want to open. In some routers you have a start port and an end port, while in others like this you can put a range with “:” that is, “20:21”. Internal port (LAN port): being a well-known port, the same number will be used as in the WAN port or it will be directly omitted. Internal IP address (LAN IP): it is the fixed IP address where we have the server in question. External IP address (WAN IP or source IP): it will be the IP of the router that connects to the Internet, that is, the IP of the router. This field can also be ignored. Protocol: it will be the communication protocol by which the information travels, being TCP or UDP. Depending on the service, one, the other or both are used

In this way we will be configuring a web server on a local computer with this IP address. To access it we will have to put the public IP or DNS if we have it from outside the network.

Conclusion on opening router ports

Here we leave all the possibilities that we can find to open ports on a router. We can see that there is not only the traditional Port Forwarding, but there are other functions such as UPnP and Port Trigger that will be available in most routers on the market.

Each one will use the one they think is most convenient, although certainly the normal will be the first option. The process will be similar for the rest of the routers, and even easier with fewer options, but the opening rules will remain exactly the same. Now we leave you with some network tutorials:

Why do you need to open ports on the router? Which method do you think is better? If you have any problems or see anything strange, please let us know in the comments.