Networking / Beginners

Making Internet Services Available

If you have an always-on Internet connection, you may be tempted to run your own Web or mail server. You may also wish to make your computer available over the Internet through the Remote Desktop service so that you can get at your computer from home, work or while traveling.

If you're using a shared Internet connection, though, there is a small problem: The shared connection uses one publicly visible IP address, and the computers on your LAN are essentially hidden. It's rather like a gated community: Visitors are stopped at the guard gate and can't proceed to the residences inside without permission and directions. In the equivalent case of the network, the connection sharing service or device must be told which Internet network IP address is to receive incoming requests on various TCP and UDP ports, which correspond to specific Internet services.

If you plan to run servers that will be accessible from the Internet, or if you want to use Remote Desktop to reach your computer from the 'net, you'll need to configure your shared or routed Internet connection to direct incoming service requests to the computer that is hosting the desired service. How this is done depends on the type of sharing system you're using.

Port Forwarding with Internet Connection Sharing

A big advantage of using ICS when you are running services is that requests can be forwarded to your network's computers by name, rather than by IP address. Since the IP addresses on an ICS network are passed out dynamically, they can change from time to time, so the ability to forward requests by name is a big help.

Port Forwarding with a Hardware Sharing Router

If you are using a hardware connection sharing router on your network, it too can be configured to forward incoming Internet requests to the appropriate computers on your network. However, you will have to direct the requests to your computers by their IP addresses. This means that computers which are to host services must be configured with static IP addresses; if these computers are set up to receive dynamic addresses there is no guarantee that the address won't change, and render the forwarding useless. Static IP addressing is discussed earlier in this tutorial under "IP Addressing Options."

When you have configured static IP addresses for the computers that will be hosting services, Remote Desktop and so on, add port forwarding entries to your router's configuration. Table below lists the protocols and ports used by standard Internet-based services.

Protocols and Ports for Standard Internet Services
Protocol	Port Number		Service
TCP		20+21		FTP (File Transfer Protocol)
TCP		22		SSH (Secure shell)
TCP		23		Telnet
TCP		25		SMTP (Email)
TCP+UDP		53		DNS (Domain Name Service)
TCP		80		HTTP (Web)
TCP+UDP		88		Kerberos
TCP		110		POP3 (Post office protocol version 3)
TCP		119		NNTP (Network news)
TCP		143		IMAP4 (Internet Mail Access Protocol v4)
TCP		220		IMAP3 (Internet Mail Access Protocol v3)
TCP		443		HTTPS (Secure web)
TCP		3389		Remote Desktop
UDP		5361		Symantec PCAnywhere
TCP		5362		Symantec PCAnywhere

TIP If you want to connect to more than one Windows XP Pro computer through Remote Desktop.

The configuration page for port forwarding in a typical connection sharing router. On this network, several services are hosted on the computer with fixed IP address 192.168.0.4. PCAnywhere connections are forwarded to the computer at IP address 192.168.0.123.

There are protocols other than TCP and UDP that may require forwarding. To permit incoming connections for a VPN connection using Microsoft's Point to Point Tunneling Protocol, for instance, you must be able to forward packets using protocol #47 (Generic Routing Encapsulation, or GTE) to the host computer. Most inexpensive routers do not permit you to forward protocols other than TCP and UDP, so it's generally not possible to establish a VPN connection to a computer behind a connection sharing router. You can, however, establish an incoming VPN connection to a Windows XP Professional computer running the Internet Connection Firewall.

[Previous] [Contents] [Next]