{"id":547809,"date":"2023-02-04T19:00:00","date_gmt":"2023-02-04T16:00:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-to-port-forward-on-your-router\/"},"modified":"2023-02-04T19:00:00","modified_gmt":"2023-02-04T16:00:00","slug":"how-to-port-forward-on-your-router","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/","title":{"rendered":"#How to Port Forward on Your Router"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2abac6794bb\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2abac6794bb\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#%E2%80%9CHow_to_Port_Forward_on_Your_Router%E2%80%9D\" >&#8220;How to Port Forward on Your Router&#8221;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#What_Is_Port_Forwarding\" >What Is Port Forwarding?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#How_Your_Router_Handles_Requests_and_Uses_Ports\" >How Your Router Handles Requests and Uses Ports<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Why_You_Need_to_Forward_Ports\" >Why You Need to Forward Ports<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Considerations_Before_Configuring_Your_Router\" >Considerations Before Configuring Your Router<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Set_Static_IP_Address_for_Your_Devices\" >Set Static IP Address for Your Devices<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Know_Your_IP_Address_and_Set_a_Dynamic_DNS_Address\" >Know Your IP Address (and Set a Dynamic DNS Address)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Pay_Attention_to_Local_Firewalls\" >Pay Attention to Local Firewalls<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#How_to_Set_Up_Port_Forwarding_on_Your_Router\" >How to Set Up Port Forwarding on Your Router<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Step_One_Locate_the_Port_Forwarding_Rules_on_Your_Router\" >Step One: Locate the Port Forwarding Rules on Your Router<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Step_Two_Create_a_Port_Forwarding_Rule\" >Step Two: Create a Port Forwarding Rule<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Step_Three_Test_Your_Port_Forwarding_Rule\" >Step Three: Test\u00a0Your Port Forwarding Rule<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Xfinity_Port_Forwarding_With_an_xFi_Gateway\" >Xfinity Port Forwarding With an xFi Gateway<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Common_Applications_for_Port_Forwarding\" >Common Applications for Port Forwarding<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Security_Precautions_for_Port_Forwarding\" >Security Precautions for Port Forwarding<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Dont_Run_Servers_As_Admin_or_Root\" >Don\u2019t Run Servers As Admin or Root<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Disable_Root_Login_Over_SSH\" >Disable Root Login Over SSH<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#You_Can_Change_Your_Ports_But_Dont_Rely_On_It\" >You Can Change Your Ports, But Don\u2019t Rely On It<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Install_Fail2Ban_on_Linux_Servers\" >Install Fail2Ban on Linux Servers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Use_Security_Keys_For_SSH_Whenever_Possible\" >Use Security Keys For SSH Whenever Possible<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Only_Allow_Connections_from_Whitelisted_Addresses\" >Only Allow Connections from Whitelisted Addresses<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-port-forward-on-your-router\/#Consider_Separating_Your_Local_Area_Network_With_a_VLANs\" >Consider Separating Your Local Area Network With a VLANs<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CHow_to_Port_Forward_on_Your_Router%E2%80%9D\"><\/span>&#8220;How to Port Forward on Your Router&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div>\n<img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage alignnone size-full wp-image-868001\" data-pagespeed-no-defer=\"\" src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2016\/11\/Router-Image.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"A black router. \" width=\"1200\" height=\"675\"\/><\/p>\n<p>To forward a port on your router, log into your router, find the &#8220;Port Forwarding&#8221; section, and then create a rule <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>lying to the device you&#8217;re using to host. You should also assign a static IP address to the host computer.<\/p>\n<p>Although modern Wi-Fi routers handle most functions automatically, some applications will require you to manually\u00a0forward a port in your router\u2019s settings. Fortunately, it\u2019s very simple to forward ports on a router if you know where to look<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"What_Is_Port_Forwarding\"><\/span>What Is Port Forwarding?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Port Forwarding (or port mapping) allows external traffic from the internet to connect to a device, like a computer, on a private network.<\/p>\n<p>Say you want to host a Minecraft server for your friends on your computer. When they try to connect, their traffic has to be sent to the correct computer on your network, and their connection must be permitted by your router. Your router uses port forwarding rules to sort out which computer should be sent the traffic relating to the Minecraft server. Of course, it isn\u2019t just <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/game\/\" data-internallinksmanager029f6b8e52c=\"7\" title=\"Game\" target=\"_blank\" rel=\"noopener\">game<\/a> servers \u2014 if it involves internet traffic, ports are involved.<\/p>\n<p>Let\u2019s look at the details of how it happens.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_Your_Router_Handles_Requests_and_Uses_Ports\"><\/span><a rel=\"nofollow noopener\" target=\"_blank\" name=\"autotoc_anchor_1\">How Your Router Handles Requests and Uses Ports<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Here\u2019s a map of a simple home network. The cloud icon represents the greater internet and your public, or forward-facing, Internet Protocol (IP) address. This IP address represents your entire household from the outside world \u2014 like a street address, in a way.<\/p>\n<p>The red address 192.1.168.1 is the router address within your network. The additional addresses all belong to the computers seen at the bottom of the image. If your public IP address is like a street address, think of the internal IP addresses like apartment numbers for that street address.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-867855\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2016\/11\/LAN-Network-Diagram_sized.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"A LAN network diagram. \" width=\"730\" height=\"445\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>The diagram raises an interesting question which you may not have thought about before. How does all the information from the internet get to the right device inside the network? If you visit howtogeek.com on your laptop how does it end up on your laptop and not your son\u2019s desktop if the public-facing IP address is the same for all devices?<\/p>\n<p>This is thanks to a\u00a0wonderful bit of routing magic known as a Network Address Translation (NAT). This function occurs at the router level where the NAT acts like a traffic cop, directing the flow of network traffic through the router so that a single public IP address can be shared among all the devices behind the router. Because of the NAT, everyone in your household can request web sites and other internet content simultaneously and it will all be delivered to the right device.<\/p>\n<p>So where do ports come into this process? Ports are an old but useful holdover from the early days of network computing. Back in the day, when computers could only run one application at a time, all you had to do was point one computer at another computer on the network to connect them as they would be running the same application. Once computers became sophisticated to run multiple applications, early computer scientists had to wrestle with the issue of ensuring applications connected to the right applications. Thus, ports were born.<\/p>\n<p>Some\u00a0ports have specific applications which are standards throughout the computing industry. When you fetch a web page, for example, it uses port 80. The receiving computer\u2019s software knows that port 80 is used for serving <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/833465\/what-is-http\/\">http documents, so it listens there and responds accordingly. If you send an http request over a different port \u2014 say, 143 \u2014 the web server won\u2019t recognize it because it\u2019s not listening there (although something else might be, like an IMAP email server which traditionally uses that port).<\/p>\n<p>Other ports don\u2019t have pre-assigned uses, and you can use them for whatever you want. To avoid interfering with other standard-abiding applications, it\u2019s best to use larger numbers for these alternate configurations. Plex Media Server uses port 32400, for example, and Minecraft servers use 25565 \u2014 both numbers that fall into this \u201cfair game\u201d territory.<\/p>\n<p>Each port can be used via either TCP or UDP. TCP, or Transmission Control Protocol, is what\u2019s used most commonly. UDP, or User Datagram Protocol, is less widely used in home applications with one major exception: BitTorrent. Depending on what is listening, it\u2019ll be expecting requests to be made in either one or the other of these protocols.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Why_You_Need_to_Forward_Ports\"><\/span>Why You Need to Forward Ports<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>So\u00a0why exactly would you need to forward ports? While some applications take advantage of NAT\u00a0to set their own ports and handle all the configuration for you, there are still plenty of applications that do not, and you\u2019ll need to give your router a helping hand when it comes to connecting services and applications.<\/p>\n<p>In the diagram below we\u2019re starting with a simple premise. You\u2019re on your laptop somewhere in the world (with an IP address of 987.76.54.123), and you want to connect to your home network to access some files. If you simply plug your home IP address (123.45.67.891) into whatever tool you\u2019re using (an FTP client or remote desktop application, for example), and that tool doesn\u2019t\u00a0take advantage of those advanced router features we just mentioned, you\u2019re out of luck. It won\u2019t know where to send your request, and nothing will happen.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-867880\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2016\/11\/External-Request-without-Port-Forwarding-Enabled.drawio.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"An external request without port forwarding may be blocked. \" width=\"730\" height=\"445\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>This, by the way, is a\u00a0<em>great<\/em> security feature. If somebody connects to your home network and they aren\u2019t connected to a valid port, you\u00a0<em>want<\/em> the connection to get rejected. That\u2019s the firewall element of your router doing its job: rejecting unwelcome requests. If the person knocking on your virtual door, however, is you, then the rejection isn\u2019t so welcome and we need to do a little tweaking.<\/p>\n<p>To solve that problem, you want to tell your router \u201chey: when I access you with this program, you\u2019ll need to send it to this device at this port\u201d. With those instructions in place, your router will make sure you can access the right computer and application on your home network.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-867881\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2016\/11\/External-Request-with-Port-Forwarding-Enabled.drawio.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Port forwarding can be used to direct external requests correctly. \" width=\"730\" height=\"445\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>So in this example, when you\u2019re out and about and using your laptop, you use different ports to make your requests. When you access your home network\u2019s IP address using port 22, your router at home knows that this should go to 192.168.1.100 inside the network. Then, the SSH daemon on your Linux installation will respond. At the same time, you can make a request over port 80, which your router will send to the webserver you\u2019re running at 192.168.1.150. Or, you can try to remotely control your sister\u2019s laptop with VNC, and your router will connect you to your laptop at 192.168.1.200. In this way, you can easily connect to all the devices you\u2019ve set up a port forward rule for.<\/p>\n<p><strong>RELATED:<\/strong> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/devops\/how-to-lock-down-your-ssh-server\/\"><strong><em>How to Lock Down Your SSH Server<\/em><\/strong><\/p>\n<p>The usefulness of port forwarding doesn\u2019t end there though! You can even use port forwarding to change existing services\u2019 port numbers for clarity and convenience.\u00a0For example, let\u2019s say you have two web servers running on your home network and you want one to be readily and obviously accessible (e.g. it\u2019s a weather server you want people to be able to easily find) and the other web server is for a personal project.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-867882\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2016\/11\/External-Request-with-Port-Forwarding-to-Port-10000-at-80.drawio.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"External Ports can be forwarded to different internal ports. \" width=\"730\" height=\"485\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>When you access your home network from the public-facing port\u00a080, you can tell your router to send it to port 80 on the weather server at 192.168.1.150, where it will be listening at port 80. But, you can tell your router that when you access it via port 10,000, that it should go to port 80 on your personal server, 192.168.1.250. This way, the second computer doesn\u2019t have to be reconfigured to use a different port, but you can still manage traffic effectively \u2014 and at the same time by leaving the first web server linked to port 80 you make it easier for people accessing your aforementioned weather server project.<\/p>\n<p>Now that we know what port forwarding is and why we might want to use it, lets\u2019 take a look at some small considerations regarding port forwarding before diving into actually configuring it.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Considerations_Before_Configuring_Your_Router\"><\/span>Considerations Before Configuring Your Router<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>There are a few things to keep in mind before sitting down to configure your router and running through them in advance is guaranteed to cut down on frustration.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Set_Static_IP_Address_for_Your_Devices\"><\/span><a rel=\"nofollow noopener\" target=\"_blank\" name=\"autotoc_anchor_4\">Set Static IP Address for Your Devices<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>First and foremost, all your port forwarding rules will fall apart if you\u2019re assigning them to devices with dynamic IP addresses assigned by your router\u2019s DHCP service. We dig into the details of what DHCP is in <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/184310\/ask-htg-should-i-be-setting-static-ip-addresses-on-my-router\/\">this article on DHCP vs. static IP address assignments, but we\u2019ll give you the quick summary here.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>How to Set Static IP Addresses On Your Router<\/em><\/strong><\/p>\n<p>Your router has a pool of addresses that it reserves just for handing out to devices as they join and leave the network. Think of it like getting a number at a diner when you arrive \u2014 your laptop joins, boom, it gets IP address 192.168.1.98. Your iPhone joins, boom, it gets address 192.168.1.99. If you take those devices offline for a period of time or the router is rebooted, then the whole IP address lottery happens all over again.<\/p>\n<p>Under normal circumstances this is more than fine. Your iPhone doesn\u2019t care which internal IP address it has. But\u00a0if you\u2019ve created a port forwarding rule that says your game server is at a certain IP address and then the router gives it a new one, that rule won\u2019t work, and\u00a0nobody will be able to connect to your game server. In order to avoid that, you need to assign a static IP address to each network device you\u2019re assigning a port forwarding rule to. The best way to do that is through your router.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Know_Your_IP_Address_and_Set_a_Dynamic_DNS_Address\"><\/span><a rel=\"nofollow noopener\" target=\"_blank\" name=\"autotoc_anchor_5\">Know Your IP Address (and Set a Dynamic DNS Address)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>In addition to using static IP assignments for the relevant devices inside your network, you also want to be aware of your external IP address \u2014 you can find it by visiting <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.whatismyip.com\/\">whatismyip.com<\/a>\u00a0while on your home network. Although its possible you might have the same public IP address for months or even over a year, your public IP address can change (unless your internet service provider has explicitly given you a static public-facing IP address). In other words, you can\u2019t rely on typing in your numeric IP address into whatever remote tool you\u2019re using (and you can\u2019t rely on giving that IP address to a friend).<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>What Is Dynamic DNS (DDNS), and How Do You Set It Up?<\/em><\/strong><\/p>\n<p>Now, while you could go through the hassle of manually checking that IP address each time you leave the house and intend to work away from home (or every time your friend is going to connect to your Minecraft server or the like), that\u2019s a big headache. Instead, we highly recommend you set up a Dynamic DNS service which will allow you to link your (changing) home IP address to a memorable address like mysuperawesomeshomeserver.dynu.net.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Pay_Attention_to_Local_Firewalls\"><\/span>Pay Attention to Local Firewalls<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Once you set up the port forwarding on the router level, there is a possibility that you may need to tweak firewall rules on your computer too. For example, we\u2019ve gotten a lot of emails over the years from frustrated parents setting up port forwarding so their kids can play Minecraft with their friends. In almost every case, the problem is that despite setting up the port forwarding rules on the router correctly, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/242375\/how-to-troubleshoot-minecraft-lan-game-problems\/\">somebody ignored the Windows firewall request asking if it it was OK if the Java platform (that runs Minecraft) could access the greater internet.<\/p>\n<p>Be aware that on computers running local firewall and\/or anti-virus software that includes firewall protection, you\u2019ll likely need to confirm the connection you\u2019ve set up is okay.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"How_to_Set_Up_Port_Forwarding_on_Your_Router\"><\/span>How to Set Up Port Forwarding on Your Router<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>You can configure port forwarding on your router. Now that you know the basics, it\u2019s pretty simple.<\/p>\n<p>As much as we\u2019d love to provide exact instructions for the precise model of router you own, the reality is that every router manufacturer has their own software, and how that software looks can even vary between router models.<\/p>\n<p>In general, you\u2019re going to be looking for something called \u2014 you guessed it \u2014\u201cPort Forwarding\u201d. You may have to look through the different categories to find it, but if your router is any good, it should be there. Most routers also offer apps, in addition to any desktop software or interfaces they have.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Step_One_Locate_the_Port_Forwarding_Rules_on_Your_Router\"><\/span><a rel=\"nofollow noopener\" target=\"_blank\" name=\"autotoc_anchor_8\">Step One: Locate the Port Forwarding Rules on Your Router<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Rather than attempt to capture every variation, we\u2019ll highlight a few to give you an idea what the menu looks like and encourage you to look up the manual or online help files for your particular router to find the specifics.<\/p>\n<p>For comparison, here\u2019s what the port forwarding menu looks like for the xFi Gateway in the Xfinity app:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-867932\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2016\/11\/Port-Forwarding-XFinity-app.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"xFi Router port forwarding image. \" width=\"255\" height=\"500\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>And here\u2019s what the port forwarding menu looks like on a\u00a0D-Link DIR-890L running the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/56612\/turn-your-home-router-into-a-super-powered-router-with-dd-wrt\/\">popular third-party DD-WRT firmware:<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-278835\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2016\/10\/img_5817561cd906a.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"The dd-wrt port forwarding control panel. \" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>As you can see, the complexity between the two views varies greatly. In addition, the location is completely different within the menus. As such it\u2019s most useful if you look up the exact instructions for your device using the manual or a search query.<\/p>\n<p>Once you\u2019ve located the menu it\u2019s time to set up the actual rule.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Step_Two_Create_a_Port_Forwarding_Rule\"><\/span>Step Two: Create a Port Forwarding Rule<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>After learning all about port forwarding, setting up a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/866573\/what-is-dynamic-dns-ddns-and-how-do-you-set-it-up\/\">dynamic DNS for your home IP address, and all the other work that went into this, the important step \u2014 creating the actual rule \u2014 is pretty much a walk in the park. In the port forwarding menu on our router, we\u2019re going to create two new port forwarding rules: one for the Subsonic music server and one for a new Minecraft server we just set up.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-278837\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2016\/10\/img_581758003fc8f.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Minecraft and Subsonic port forwarding examples. \" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>Despite the differences in location on different router software, the general input is the same. Almost universally, you\u2019ll name the port forwarding rule. It\u2019s best to simply name it what the server or service is and then append it if need be for clarity (e.g. \u201cWebserver\u201d or \u201cWebserver-Weather\u201d if there is more than one). Remember the TCP\/UDP protocol we talked about at the beginning? You\u2019ll also need to specify TCP, UDP, or Both. Some people are very militant about finding out exactly what protocol every application and service uses and matching things up perfectly for security purposes. We\u2019ll be the first to admit that we\u2019re lazy in this regard and we almost always just pick \u201cBoth\u201d to save time.<\/p>\n<p>Some router firmware, including the more advanced DD-WRT we\u2019re using in the screenshot above, will allow you to specify a \u201cSource\u201d value which is list of IP addresses you\u2019re restricting the port forward to for security purposes. You can use this feature if you wish, but be forewarned it introduces a whole new host of headaches as it presumes that remote users (including you when you\u2019re away from home and friends who are connecting in) have static IP addresses.<\/p>\n<p>Next you\u2019ll need to put in the external port. This is the port that will be open on the router and facing the internet. You can use any number you want here between 1 and 65353, but practically most of the lower numbers are taken up by standard services (like email and web servers) and many of the higher numbers are assigned to fairly common applications. With that in mind, we\u2019d recommend picking a number above 5,000 and, to be extra safe, using Ctrl+F to search this <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/List_of_TCP_and_UDP_port_numbers\">long list of TCP\/UDP port numbers<\/a> to make sure you\u2019re not selecting a port that conflicts with an existing service you\u2019re already using.<\/p>\n<p>Finally, put in the internal IP address of the device, the port you on that device, and (if applicable) toggle the rule on. Don\u2019t forget to save the settings.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Step_Three_Test_Your_Port_Forwarding_Rule\"><\/span><a rel=\"nofollow noopener\" target=\"_blank\" name=\"autotoc_anchor_10\">Step Three: Test\u00a0Your Port Forwarding Rule<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The most obvious way to check if your port forward worked is to connect using the routine intended for the port (e.g. have your friend connect their Minecraft client to your home server), but that\u2019s not always an immediately available solution if you\u2019re not away from home.<\/p>\n<p>Thankfully, there\u2019s a handy little port checker available online at <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.yougetsignal.com\/\">YouGetSignal.com<\/a>. We can test to see if our Minecraft server port forward took simply by having the port tester try to connect to it. Plug in your IP address and the port number and click \u201cCheck\u201d.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-278844\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2016\/10\/img_58175bde189ca.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"A port forwarding test utility. \" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>You should receive a message, as seen above, like \u201cPort X is open on [Your IP]\u201d. If the port is reported as closed, double check both the settings in the port forwarding menu on your router and your IP and port data in the tester.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Xfinity_Port_Forwarding_With_an_xFi_Gateway\"><\/span>Xfinity Port Forwarding With an xFi Gateway<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Unfortunately, you can\u2019t do everything in one place anymore if you\u2019ve got an xFi Gateway. Xfinity has moved port forwarding rules to the Xfinity app, but you must use the web interface to assign a static IP address.<br \/>Log in to your xFi gateway by entering the Gateway\u2019s address into your web browser. Typically, the address will be 10.0.0.1 or 192.168.0.1, but that isn\u2019t guaranteed. You can always <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/233952\/how-to-find-your-routers-ip-address-on-any-computer-smartphone-or-tablet\/\">find your modem or router\u2019s IP address manually if one of those two addresses don\u2019t work.<\/p>\n<p>Once you log in, head to Connected Devices, look for your server on the list, then click \u201cEdit.\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-867861\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2016\/11\/Example-Host-Edit.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Devices detected by the xFi gateway on the network. \" width=\"387\" height=\"500\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>Tick \u201cReserved IP,\u201d then click \u201cSave.\u201d<\/p>\n<blockquote class=\"admonishment_tip\"><p><strong>Tip:<\/strong> If you find it easier to remember, you can set a custom IP address, but you\u2019re limited to changing the last three digits to a number between 2 and 255.<\/p><\/blockquote>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-867862\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2016\/11\/reserved-IP.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"\" width=\"730\" height=\"357\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><br \/>We\u2019ve now ensured that the rule will remain applied to the correct device. Next, download the Xfinity app from the Google Play Store or the Apple Store. It is the only way to port forward using an Xfinity xFi Gateway.<br \/>Open the app, sign in if prompted, then navigate to Connect &gt; (Your Wi-Fi Network Name) &gt; Advanced Settings &gt; Port Forwarding, and tap, \u201cAdd Port Forward.\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-867934\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2016\/11\/click-add-port-forward.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"\" width=\"276\" height=\"500\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>Select the device or local IP you\u2019d like to make a rule for, then pick a port and select between TCP, UDP, or TCP\/UDP. Then tap \u201cNext\u201d to finalize the port forwarding rule.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-867936\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2016\/11\/Port-Forwarding-XFinity-app-1.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Fill in the details of the port you'd like to forward, then select &quot;Next.&quot;\" width=\"255\" height=\"500\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><br \/>That\u2019s it \u2014 you\u2019re done. Your service should be on the internet. Just make sure that the firewall on the server itself allows for connections on that port.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Common_Applications_for_Port_Forwarding\"><\/span>Common Applications for Port Forwarding<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>There are as many applications for port forwarding as there are ports, but most of the time you\u2019ll use it for setting up remote access, a game server, or a media server. Many people need to port forward for a Minecraft server, or to set up SSH port forwarding. Here is a quick reference chart for some of the most popular applications in those categories.<\/p>\n<div class=\"moka-mce-table-wrap\">\n<table class=\"moka-mce-table-styling\" style=\"border-collapse: collapse; width: 63.1424%; height: 139px;\" data-skiptableautocorrect=\"true\">\n<tbody>\n<tr style=\"height: 20px;\">\n<td style=\"width: 25.7894%; height: 20px;\"><strong>Application<\/strong><\/td>\n<td style=\"width: 16.3158%; height: 20px;\"><strong>Ports<\/strong><\/td>\n<td style=\"width: 21.0386%; height: 20px;\"><strong>Protocol<\/strong><\/td>\n<\/tr>\n<tr style=\"height: 20px;\">\n<td style=\"width: 25.7894%; height: 20px;\">Minecraft (Java)<\/td>\n<td style=\"width: 16.3158%; height: 20px;\">25565<\/td>\n<td style=\"width: 21.0386%; height: 20px;\">TCP\/UDP<\/td>\n<\/tr>\n<tr style=\"height: 19px;\">\n<td style=\"width: 25.7894%; height: 19px;\">Minecraft (Bedrock)<\/td>\n<td style=\"width: 16.3158%; height: 19px;\">19132-19133<\/td>\n<td style=\"width: 21.0386%; height: 19px;\">TCP\/UDP<\/td>\n<\/tr>\n<tr style=\"height: 20px;\">\n<td style=\"width: 25.7894%; height: 20px;\">Project Zomboid (PZ)<\/td>\n<td style=\"width: 16.3158%; height: 20px;\">16261-16262<\/td>\n<td style=\"width: 21.0386%; height: 20px;\">TCP\/UDP<\/td>\n<\/tr>\n<tr style=\"height: 20px;\">\n<td style=\"width: 25.7894%; height: 20px;\">VNC<\/td>\n<td style=\"width: 16.3158%; height: 20px;\">5900<\/td>\n<td style=\"width: 21.0386%; height: 20px;\">TCP<\/td>\n<\/tr>\n<tr style=\"height: 20px;\">\n<td style=\"width: 25.7894%; height: 20px;\">SSH<\/td>\n<td style=\"width: 16.3158%; height: 20px;\">22<\/td>\n<td style=\"width: 21.0386%; height: 20px;\">TCP<\/td>\n<\/tr>\n<tr style=\"height: 20px;\">\n<td style=\"width: 25.7894%; height: 20px;\">Plex Media Server<\/td>\n<td style=\"width: 16.3158%; height: 20px;\">32400<\/td>\n<td style=\"width: 21.0386%; height: 20px;\">TCP<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>It is important to note that SSH uses port 22, and that port is specifically reserved for that use. Other applications (like Minecraft) have staked out such a strong claim they have functionally reserved their ports, though there isn\u2019t anything officially requiring it. You may occasionally find that you have multiple things trying to use the same port. Remember, there are literally tens of thousands of different ports freely available to use, so just pick another one and use that instead.<\/p>\n<p>But before you go opening up all sorts of ports, hosting every single service you can imagine, take some time to review your security practices. Most are fairly simple to get started with, and they can save you a huge headache later.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Security_Precautions_for_Port_Forwarding\"><\/span><a rel=\"nofollow noopener\" target=\"_blank\" name=\"autotoc_anchor_13\">Security Precautions for Port Forwarding<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If you\u2019re port forwarding, you obviously intend for something to be accessible from the Internet. Any time you open up a port you increase your \u201cattack surface.\u201d It is always best to take some preventative measures to mitigate your risk. This isn\u2019t an exhaustive list of things you can do to protect yourself \u2014 for that we\u2019d need to write multiple novels \u2014 but it is a place to start.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Dont_Run_Servers_As_Admin_or_Root\"><\/span><a rel=\"nofollow noopener\" target=\"_blank\" name=\"autotoc_anchor_14\">Don\u2019t Run Servers As Admin or Root<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>It doesn\u2019t matter if you\u2019re hosting a server on Windows, Linux, or any other operating system. Do not use the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/962\/enable-the-hidden-administrator-account-on-windows-vista\/\">administrator or root account to host things that are exposed to the Internet. The administrative or root accounts have few (if any) restrictions placed on them. They can perform any operation on your system.<\/p>\n<p>If there is some problem with the service you\u2019re running \u2014 like a misconfiguration, bug, or an exploit \u2014 administrative or root access dramatically increases the amount of damage that can be done by a malicious attacker. It may even allow someone to compromise other devices attached to your network.<\/p>\n<p>If you use a regular account you\u2019re much less vulnerable \u2014 any attacker that gains access to your system will probably also need some kind of privilege escalation exploit to really cause harm.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Disable_Root_Login_Over_SSH\"><\/span>Disable Root Login Over SSH<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>If you\u2019re hosting on Linux, you should <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/828538\/how-and-why-to-disable-root-login-over-ssh-on-linux\/\">completely disable root login over SSH. The root user has unlimited access to everything on the system, which makes it a tempting target for would-be evildoers.<\/p>\n<p>Additionally, there is really nothing to be gained by using it, since sudo allows users to execute commands as if they were the root user. Sudo permissions can even be modified on a user-by-user basis, so if you wanted to create a more restricted sudo account to perform basic server administration you could.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"You_Can_Change_Your_Ports_But_Dont_Rely_On_It\"><\/span>You Can Change Your Ports, But Don\u2019t Rely On It<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>You\u2019ll sometimes encounter the suggestion that you shouldn\u2019t use the default ports for anything you\u2019re hosting. The idea behind this is simple: If someone is scanning IP blocks for specific open ports they want to target, changing the port might reduce the chances that someone will attempt to access your server.<\/p>\n<p>For example, you could <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/443156\/the-best-ways-to-secure-your-ssh-server\/\">change the SSH port from 22 to something like 7281.<\/p>\n<p>Is that effective? Only sorta \u2014 it\u2019ll certainly reduce the number of automated hits you take from script kiddies (amateur would-be hackers that use prebuilt software or scripts), and there will subsequently be fewer things in your logs to review. However, it won\u2019t do anything to deter a serious targeted attack by someone knowledgeable.<\/p>\n<p>Security through obscurity isn\u2019t a guarantee, and you should\u00a0<em><strong>never\u00a0<\/strong><\/em>rely on it to keep your system safe.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Install_Fail2Ban_on_Linux_Servers\"><\/span><a rel=\"nofollow noopener\" target=\"_blank\" name=\"autotoc_anchor_17\">Install Fail2Ban on Linux Servers<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.fail2ban.org\/\">Fail2Ban<\/a> is software designed to help secure your server against brute-force attacks. Fail2Ban can be configured to automatically reject connection attempts from any IP address that has tried and failed to log in to your server a certain number of times. Attackers can\u2019t attempt to guess passwords more than a few times without being banned.<\/p>\n<p>Fail2Ban can be set up with more complex behaviors too, so it is well worth learning if you plan on hosting on Linux.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Use_Security_Keys_For_SSH_Whenever_Possible\"><\/span>Use Security Keys For SSH Whenever Possible<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>You should always pick a strong password for your administrative or root account, and any other account that you\u2019ll log in to remotely. Fail2Ban and any other security measures you might enact will try to stop brute-force attacks, but they could fail. Use the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/195430\/how-to-create-a-strong-password-and-remember-it\/\">strongest password possible.<\/p>\n<p>If you\u2019re using SSH, consider using SSH keys instead of a password. SSH keys are an example of public key cryptography \u2014 keys are generated in pairs, one public, and one private. The public key is placed on the computer that you\u2019ll be remotely connecting to. You keep the other member of the pair, the private key, on your computer. When you try to connect, your private key is checked against the key on the server to provide authorization.<\/p>\n<p>Windows, Linux, and MacOS all support SSH keys, so there isn\u2019t much reason not to use them. SSH keys are more secure, and \u2014 once setup \u2014 every bit as convenient as a password.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Only_Allow_Connections_from_Whitelisted_Addresses\"><\/span>Only Allow Connections from Whitelisted Addresses<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>You can also improve your security by limiting the connections that are allowed to your server. There are two basic ways to do this: a whitelist and a blacklist. A blacklist prohibits connections from specific people or applications. For example, if you know a hacker was attacking your Minecraft server, you might add their IP to a blacklist so it is always rejected. Alternatively, you can use a whitelist, which works the opposite way. Whitelists only allow pre-approved connections, and they can often be restricted to only allow access to a specific application or a specific port.<\/p>\n<p>On Linux, use <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.howtogeek.com\/devops\/how-to-secure-your-linux-server-with-a-ufw-firewall\/\">Universal Firewall (UFW) or FirewallD to create an OS-level whitelist. You can use whichever you prefer, though Debian distros (like Ubuntu) typically come with UFW, and RHEL distros (like Fedora) typically come with FirewallD. On Windows, open Windows Firewall and go to the \u201cInbound Traffic\u201d tab to create a whitelist.<\/p>\n<p>Individual applications you might host also often come with built-in whitelist functionality, as well. For example, you can add an IP to a Minecraft Server\u2019s whitelist by modifying whitelist.json in the main server directory. The process varies significantly between applications though, and you\u2019ll need to check your application\u2019s documentation for the details.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>The Best Linux Distributions for Beginners<\/em><\/strong><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Consider_Separating_Your_Local_Area_Network_With_a_VLANs\"><\/span><a rel=\"nofollow noopener\" target=\"_blank\" name=\"autotoc_anchor_20\">Consider Separating Your Local Area Network With a VLANs<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Your home local area network (LAN) is typically a bit of a free-for-all. There is much less security between devices on a LAN than between a device on the Internet and a device on the LAN. The general assumption is that devices attached to your LAN are trusted devices, and that they don\u2019t pose much of a security risk.<\/p>\n<p>If you\u2019re hosting an internet-facing service, however, that is not a safe assumption. If there is a fault in the service you\u2019re hosting, or your other security practices, it is possible that an attacker can compromise your server and through it gain access to other devices on your local area network. It is potentially a huge security breach.<\/p>\n<p>One solution is a Virtual LAN, or VLAN. A VLAN is a separate virtual local area network that is isolated \u2014 through software \u2014 from the \u201creal\u201d LAN that all of your other devices are on. You can limit exactly what kind of traffic is allowed to pass between the VLAN containing your internet-facing server and the VLAN that all of your normal devices are on. This creates a pretty effective barrier between your server and your other devices should a malicious attacker compromise your server. Setting up a VLAN can be a bit complicated, and the details will vary depending on your hardware. Not all consumer routers support VLANs either, so if you don\u2019t see it, it probably isn\u2019t there.<br \/>If your router doesn\u2019t support VLANs, you have a few options. You can buy a new router that does support them, or you can add a <strong>managed<\/strong> network switch. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.bhphotovideo.com\/c\/product\/1062947-REG\/tp_link_tl_sg108e_8_port_gigabit_easy.html\/BI\/22163\/KBID\/28708\/SID\/htg66214\/DFF\/d50\">Managed network switches start at about $30<\/a>, so they\u2019re probably the least expensive way to set up a VLAN at home if your current hardware doesn\u2019t support it.<\/p>\n<p>It\u2019s a wee bit of a hassle to set up port forwarding, but as long as you assign a static IP address to the target device and set up a dynamic DNS server for your home IP address, it\u2019s a task you only need to visit once to enjoy hassle free access to your network in the future.<\/p>\n<\/div>\n<\/div>\n<p><script>\n setTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s) } (window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n   fbq('init', '335401813750447');\n   fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.howtogeek.com\/66214\/how-to-forward-ports-on-your-router\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;How to Port Forward on Your Router&#8221; To forward a port on your router, log into your router, find the &#8220;Port Forwarding&#8221; section, and then create a rule applying to the device you&#8217;re using to host. You should also assign a static IP address to the host computer. Although modern Wi-Fi routers handle most functions&#8230;<\/p>\n","protected":false},"author":1,"featured_media":547810,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2016\/11\/Router-Image.jpg?height=200p&trim=2,2,2,2","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-547809","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/547809","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=547809"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/547809\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/547810"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=547809"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=547809"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=547809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}