Archives
/
selfhosted-apps-docker
mirror of https://github.com/DoTheEvo/selfhosted-apps-docker
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

update

Browse Source
master
DoTheEvo 3 months ago
parent 9935f6e927
commit 0400977c80
1 changed files with 62 additions and 34 deletions
Show Stats Download Patch File Download Diff File

96
network-knowledge-base/port_forwarding.md
Unescape Escape View File

@ -2,20 +2,18 @@
# What is a port
Ports solve the problem of how to make many applications communicate over
the network simultaneously.
An IP address identifies specific machine on a network,
**a port** identifies specific **application** running on that machine.
A port is **a number** between [1 - 65,535] that gets assigned by the OS
A port is **a number** between [1 - 65,535] that is assigned by the OS
to any application that wants to communicate over the network.
This number is then added to every **packet** that is transmitted by that application.
The system knows that any **respone** packets with that port number belong
to that one application.
Can be choosen at random, can be hard set.
![pic_port_header](https://i.imgur.com/pXqs2Rg.png)
![pic_port_header](https://i.imgur.com/TM0pOQN.png)
# How NAT / firewall works
* It **allows outgoing** communication on any port.
* By default, it **allows outgoing** communication on any port.
* But **drops incoming** traffic unless it is a response to communication
initialized from the inside.
@ -26,29 +24,60 @@ where to send it...
<summary><b>More details</b></summary>
NAT is implemented in your router.<br>
It allows communication between two networks.
It makes your **LAN side** devices able to connect with the
outside world - **WAN side,** through one public IP.
All that the "the internet" sees is one device it communicates with,
but the LAN side can have hundreds of them.
<!-- ![pic_nat](https://i.imgur.com/QGO5bO6.png) -->
When you visit some website you initialize the communication.
* Your browser picks a random port as the **source port** and sends a request at some IP
using a well known https port 443 as the **destination port**
* Then the browser is waiting for a response at that random port.
* This traffic goes through your router and all that info is kept for a time in its state table.
* This allows it to know that when packets start coming from that IP, with that
source port number now being the destination port, it is a response and it
know where to send it.
"The internet" *sees* just one device it communicates with,
at least at this network level.
![pic_nat](https://i.imgur.com/Nk7u4MP.png)
#### LAN side initialized communication
* You visit a website, let's say `youtube.com`
* Your browser has some random port assigned by the OS,
this will be the **source port**.
The local IP address of the machine it runs on will be the **source IP**
* Browser/OS ask DNS servers for IP address of `youtube.com`,
the answer is `142.250.191.78` - **destination IP**
* Youtube is a website, standard for https is using port `443` - **destination port.**
* All requred information are there. Destination[ip & port] Source[ip & port].
* Packets are send.
* The browser now waits for a response at that random port.
* Since the router is the **default gateway**, thats where the packets arrive.
* The router saves all that info in its state table for a time, could be seconds,
could be days depending on protocol and [state](https://serverfault.com/a/481909).
* Router doing the NAT now replaces the **source IP address** of that one machine,
with its own wan IP address,
it might also change source port but that is not as important,
and sends it out in the direction of the **destination IP**.
* Response comes back, router knows it is a response because it's coming from the
IP that it contacted recently and the **destination port** it uses is the same
number that was used as the source port.
* It checks the state table for the **original source IP and source port**,
put them in, now as destination and off the packets go.
* The browser receives response on its assigned port, from the IP it contacted.
#### WAN side initialized communication
* Want to connect to a jellyfin server to watch some movies from browser.
* You know the IP address or the url.
You also expect it to run on default port jellyfin uses `8096`
* The browser makes the request.
* The router sees it coming at port `8096`, but where does it send it?
There is nothing in the state table, that would tell it.
* So it drops it, unless there is a port forwarding rule that says
that if something comes to port `8096` send it to this local ip address
and at that port...
Youtube explanation videos if you want deeper dive:
* [NAT - Network Address Translation.](https://www.youtube.com/watch?v=RG97rvw1eUo)
* [Public IP vs. Private IP and Port Forwarding](https://www.youtube.com/watch?v=92b-jjBURkw)
---
---
</details>
# Double NAT (CGNAT)
@ -58,21 +87,20 @@ Youtube explanation videos if you want deeper dive:
**Bad News.**<br>
It is very likely that even when you do everything 100% correctly,
you still wont get your ports open.<br>
The reason being that you are behind double NAT.
The reason being that your machine is behind double NAT.
**Your ISP** - internet service provider, has you behind its own NAT device
and that WAN side of your router is not really "the internet" but ISPs LAN side.
and that WAN side of your router is not really "the internet", but ISPs LAN side.
A way to try and check, is looking up your [public IP online](http://icanhazip.com/)
then loging on your router and finding somewhere the IP address of your WAN interface.
then log in to your router and finding somewhere the IP address of your WAN interface.
If they are the same then your are not behind double NAT and port forwarding
will work straight away.<br>
If they differ and some local IP is there, then there is still a chance it will work,
but you wont know till you try.
But if you are failing to make port forwarding work, it's time to call your ISP
and inquire about public IP, how much would it cost.
It can be few € extra to your monthly bill, or a one time payment,
or they just enable it for you for free.. you dunno till you call.
and ask about public IP, how much would it cost.
It can be few extra € to your monthly bill.
# Port forwarding
@ -101,8 +129,8 @@ Generally what to expect
* It would be called port forwarding, or a virtual server, or be under NAT section.
* **The port** on which to expect traffic is obviously a core information,
sometimes it is called a service port or an external port.
* **IP address** is required, so that the router knows where to send traffic
that comes to that external port.
* **IP address** is required, so that the router knows where on the LAN side
to send traffic that comes to that external port.
* The setup might offer option for **internal port**,
this can be often left empty, or the same port number is put there.<br>
It is there to give you option to run stuff on your LAN network on a different
@ -126,9 +154,7 @@ For testing we can use websites that will test if a port is open at specified pu
## Windows
![port_listener](https://i.imgur.com/A9fxIbi.png)
* [Find the ip address](https://www.youtube.com/results?search_query=how+to+find+ip+address+windows)
* [Find the local ip address](https://www.youtube.com/results?search_query=how+to+find+ip+address+windows)
of the machine you are planning to use for the test.
* Follow the instruction in Port forwarding section of this guide
and forward port `666` to the IP of that machine.
@ -137,6 +163,8 @@ For testing we can use websites that will test if a port is open at specified pu
* If a windows firewall notification pops up with a question, answer yes.
* Go to [portchecker.co](https://portchecker.co/), set the port to 666 and press Check.
![port_listener](https://i.imgur.com/A9fxIbi.png)
In windows it is also pretty useful knowing that you can go
`Task Manager` > `Performance` > `Open Resource Monitor` > `Network` Tab

Write Preview
Loading…
Cancel
Save