How to open ports if there are connection problems. Routers from D-link

The need to forward ports on a router arises when you want to organize access from the Internet to some resource home network. This can be either a game server or an RDP, FTP server, or install a security camera at home to constantly see what is going on in your home (for example, if you left your child at home with a hired nanny).

Sometimes unconditional port forwarding is required for IP telephony. This depends on the principle by which your communications company operates.

Almost any router correctly supports all this functionality. The only thing I would like to pay close attention to is the need to obtain an external IP from the provider. Static or dynamic, in in this case doesn't have of great importance. In fact, you just have to have it.

1. We prepare the computer by registering a fixed (static) IP address (Method 1)
2. We prepare the computer by fixing its address on the router (Method 2)

Why is it necessary to forward ports to access internal resources from the Internet?

This need arises due to the fact that your router automatically filters out data that you did not request. This is primarily due to the need to ensure the security of your network. Imagine this: you have a computer, laptop, and file storage at home. And anyone can access all this from the Internet...

In order to prevent any evil spirits from entering the home network, the router allows only those requests and only to the computer on the network that it requested. For this, smart engineers came up with NAT - Network Address Translation network addresses). This system allows you to hide your internal address from the entire Internet. Thus, all devices connected to the Internet on your home network are seen on the Internet under one single IP address - external or white. Moreover, this can be either your white IP, or simply any provider’s, if the provider distributes gray IPs within its network.

Thus, if you want, for example, to connect remotely to your home computer via RDP - the router simply will not understand to whom exactly on the home network to redirect the request - you didn’t explain this to it... It will simply filter it. Of course, there is still the opportunity to add your home service to the DMZ (Demilitarized Zone) section. But in this case, absolutely all requests from outside that no one has requested, as well as those for which a specific rule for ports is not specified, will be redirected to your node. This way you will make it completely defenseless, so unless absolutely necessary, it is better not to use this section for security reasons.

We do port forwarding

Checklist of necessary operations

In order to do correct port forwarding, you need to do several things, which we will now go through point by point, and then we will see how this all happens with a clear example.

1. You need to assign a static IP address to your computer, which will provide some service. There are two ways to do this.

1.1. Method 1. You can assign a static IP by registering it in the properties network card- this is very reliable way, because nothing will change without your intervention. I think that this will be quite enough for a home network. The only thing that needs to be taken into account is the need to adjust the settings of your DHCP server, which is located in the router. We'll look at this with an example below.

1.2. Method 2. This method is more elegant, because. will not require changing the range of addresses issued by the DHCP server. In this case, you must assign an address to the computer using the same DHCP server. This method is a little less reliable, but it also has the right to life. Once in my life I encountered a situation where a computer that was “fixed” by a router to a certain IP suddenly began to receive a different address. Naturally, this was a problem with the router’s buggy firmware. However, we must keep in mind that such an outcome is also possible.

2. You must determine which ports and protocols will need to be forwarded. IN currently There are two transport protocols used in everyday life - TCP and UDP. For example, in order to connect via RDP or organize access to an FTP server, we need TCP. IP telephony uses UDP for data transmission. Keep this in mind. If this information is unknown to you, do not be lazy to open Yandex or Google and make the appropriate request. Although, in most cases, routers already have pre-installed port forwarding for the most frequently occurring needs. We will also look at this below.

3. You need to make sure that you have a white IP. Some providers may provide it to all network subscribers by default (nowadays this is becoming less and less common), or you will have to activate it (call the provider or go to Personal Area). You can find out by going to the web interface of the router admin panel.

Go to the admin panel of the router

We will work on port forwarding on a TP-Link router, because... Routers of this brand are gaining more and more popularity due to their price-quality ratio. Now in time of crisis this is especially true. Don’t worry if you have a router of a different brand - port forwarding in 95% of cases is practically no different, you just need to do everything by analogy.

So, go to the admin panel of the router by entering address bar address 192.168.0.1 - this address is set by default in most routers. In rarer cases, this may be the address 192.168.1.1 or, in even rarer cases, 192.168.10.1. If you use the Yota Internet center, most likely you need to go to 10.0.0.1. And, so as not to guess at the coffee grounds and not scour half the Internet in search of correct address, you can go to Start>Control Panel>Network and Sharing Center>Click on the active network connection shortcut and click the Details button. The Default Gateway item will contain the address of your router.

After requesting a login and password, enter the word admin in the login field and in the password field (unless otherwise written on the router body or you have not changed it yourself).

And immediately in the web interface we see that our IP address is internal to the provider (gray, in other words). You need to look specifically at the WAN section - these are the settings for your Internet!

To make it clear how to distinguish white from gray, I wrote this mini-cheat sheet. The fact is that back in the early 80s, when the specification was approvedTCP/IP smart heads immediately decided to reserve various address spaces (subnets) for special purposes. We even reserved a couple of subnets so that these addresses could be mentioned in technical documentation, otherwise they go to court in the homeland of the protocol more often than to buy bread... Well, this is already a lyric. Of all this reserved splendor, we are interested in subnets allocated specifically for private networks. There are few of them:
10.X.X.X
172.16.Х.Х
192.168.Х.Х
where X is a number from 0 to 255.

In my example, we see that the address starts with ten - this means that my address is internal. Well, I’m not offended - if I need a white one, I’ll ask my provider for an allocation.

Checking and adjusting DHCP settings

Before forwarding a port, we need to allocate address space on our home network that we can use for our network services that need to be accessed from the Internet. Let's go to the section DHCP.

We are interested in three things here:

On or off DHCP server(DHCP Server Enabled/Disabled - I will give the names of English-language menu items in parentheses, since not all routers are equipped with a Russian-language interface);

- ElementaryIP address (Start IP Address) - the initial value of the address space range from which the DHCP server will distribute IP addresses;

- FiniteIP address (EndIPAddress) - the final value of the address space range from which the DHCP server will distribute IP addresses.

Also, look at the title on the green background and try to guess what the translator was thinking about when he did the Russian localization, the programmers were in agreement. Just kidding, I'm kidding - I think people had a very tight deadline and didn't have time to catch all the mistakes.

In principle, if you are the proud owner of a TP-Link router, then most likely you will have this range set by default. I did not change this setting to home router, because Allocation of a range of 200 addresses will be enough for me with a tenfold margin. In general, Zyxel brand routers usually have a default range somewhere from 192.168.0.20 to 192.168.0.39 - 20 addresses.

Now let's decide whether we will record the IP address of the computer to which we want to open access or set this through the appropriate DHCP server settings.

We prepare the computer by registering a fixed (static) IP address

It happens that by default the router distributes the address space of the entire subnet (in the settings it is from 192.168.0.2 (the router address should not be in the address range) and 192.168.0.254). If you want to use the first method, then you need to adjust this range, freeing up the address for our computer. Change the FROM field, for example, to 192.168.0.3 - then we can use the address 192.168.0.2 for our computer to which we are opening access. Although, for a home network, as a rule, such a number of addresses is not required, so in the FROM field you can write, for example, 192.168.0.10, or 192.168.0.100 at the end - in case you have to open something else - you definitely won’t miss the address.

In order to assign a static IP address to your computer, go to Start>Control Panel>.

We click on the link indicating an Internet connection (Access type: Internet) and get into the following window:

Here we click Properties and choose Internet Protocol Version 4

And press Properties

Choose Use nextIP address: and enter there the static address that was freed in the previous step. (IP address, subnet mask, default gateway, preferred DNS server). Click everywhere OK.

We prepare the computer by fixing its address on the router

This is the second way. It no longer requires you to make any settings on your computer, but you need to know the MAC address network adapter. However, first things first.

We follow the already familiar path: Start>Control Panel>Network and Sharing Center.

Only now in the window

Select a section Intelligence

Here we are interested in the line indicating the Physical address - this is the same MAC. Don’t be surprised that I have it so exclusive; I slightly corrected it in one well-known program. Otherwise, my computer will be easy to track. Of course, I don’t suffer from paranoia, but I also don’t have a great desire to reveal unnecessary information.

So, we have found out the MAC address, now go to the section DHCP>Address Reservation (Address Reservation)

Here I already have a certain address reserved with an equally magical MAC address (of course, I also corrected it). Click Add new... (AddNew...) (but such a translation makes my soul happier).

We drive in our wonderful MAC address and any IP address allocated for this matter, and located in the range that distributes DHCP! Otherwise nothing will work. And press Save.

Actually, now we click where the router asks to restart. For the purity of the experiment, we reboot the target computer and move on to the next stage.

Configuring port forwarding on the router

We are interested in the section Forwarding (Forwarding), and in this section Virtual servers (Virtual Servers- who would have thought? - approx. ed.). This section opens immediately by clicking on a menu item.

By default, we should have empty here. To correct this injustice, we press Add new... (Add New…)

And we get into this form. Let's go in order:

Service port (Service Port) is a port, or a range of ports, which we will use from the outside. Having seen the request on this port, the router will understand where to redirect our packet so that it reaches the goal.

Internal port (Internal Port) is the port that our home network service listens on. If we access the internal service on a different port, nothing will work.

IP address (IPAddress) is the address of our computer or other device that we need to get to from the Internet. As you can see, it is clearly indicated here. Therefore it needs to be fixed.

Protocol (Protocol) - here you can choose either TCP, or UDP, or you can process both protocols on one port at the same time. However, my good advice, - if you know that exactly one transport protocol is required, and you also know which protocol is required, it is better to choose it strictly. Because, as the old admin wisdom says, an extra open port- an extra security gap. Keep this in mind.

State (Status) - Included (Enabled) / Turned off (Disabled) - well, there’s not even anything to comment on here - the rule can be turned on or off.

Standard service port (Common Service Port) - the most commonly used services and preset ports for them. If you expand this drop-down list, you can see that there are a lot of preinstalled ports there and in most cases there are enough of them.

If you select any of them, all fields will be filled in automatically. Let's choose HTTP protocol, as if we were going to make a home web server and make it accessible from the Internet.

As you can see, all we have to do is register our local device address. If you need, for example, to forward RDP port 3389, then instead of 80 you need to enter 3389 in both fields.

Sometimes it happens that the router settings include ranges strictly from and to. In this case, if you need to register only one port, enter the same values ​​in these fields.

I entered 192.168.0.97 in the IP address field. You must enter the address that you have recorded for your target computer.

That's all, actually. All rules for virtual servers are usually applied without rebooting the router. Although, anything can happen. If it doesn't work, restart the router and try restarting your computer. After this everything should work.

What to do if suddenly nothing works?

There is one more point that may prevent you from accessing the service that you should see from the Internet. This is a Firewall or Firewall. And also all kinds of antiviruses that have their own Firewall and, sometimes paranoidly, try to protect the user’s computer from external threats at any cost.

Try disabling your Firewall and check if the service is available after that. If everything works, then you need to dig there.

What exactly and how to dig will be discussed in one of the following articles.

Knowing how to find the router’s IP address and how to open the router’s ports, you can easily configure the Internet and also gain access to additional network resources.

How to find out the router's IP

First, you should try using standard IP addresses for the router.

If this is a home or office local network, then the IP address 192.168.1.1 or 192.168.0.1 is often used. In most cases, the router uses these IP addresses. Therefore, it is worth checking them first.

To do this, simply point them in the address bar of your web browser. If available, you can see the router’s web interface or a prompt to provide a username and password to access the device.

If this method It didn’t suit you and you didn’t find the router at these addresses, then you can use the “IPCONFIG” command.

1. Use the Windows key combination + R to open the Run panel.
2. In the window that appears, specify CMD command and press the “Enter” key. After clicking, the “Command Prompt” window will open in front of you.
3. Type "IPCONFIG" in the command line and press "Enter".
4. Then the Command Prompt will display information about available network connections. The IP address of the device will be visible next to the “Default gateway” item.

If you apply " Command line"is quite difficult for you, then you can find out the IP address of your router in the operating parameters of the Windows operating system.

1. Open the Control Panel menu, then select Network and Internet - Network and Sharing Center.
2. In this panel you need to click on the link “Connect via local network».
3. In the window that appears, click on the “Details” menu.
4. On the next screen you will find all the information about network connection. This is where the IP address of the router is indicated; it is located opposite the “Default Gateway” item.

How to open ports on a router

To better explain how ports are opened on a router, it is worth considering the process of opening ports on specific example. In our case, we will describe the algorithm on a standard TP-LINK WR841N router.

1. First of all, we will assign a permanent IP address to the device on the router.
2. Let's configure static ports to use web servers. Select the items “Forwarding” - “Virtual Servers” in a row. We indicate the same “Service Port” and “Internal Port”. This is the number of the port that we want to open. Here, in “IP Address” we indicate the local IP. To open port 80, you should transfer the router to another port (for example, 8888). To do this, you must alternately select “Security” - “Remote Management” - “Web Management Port”.
3. Now let's find out whether the port is accessible at all. To test, pull it out of the router and insert it directly into the computer. Go to the website 2ip.ru, specify the required port and click “Check”. If it says “Open”, continue further.
4. If you need to open ports for different game servers, then in order we go to “Forwarding” - “Port Triggering”.
5. “Trigger Port” is the same as the one that needs to be opened; we will also indicate it in “Incoming Ports”.
6. Reboot the router
7. Turn on required server, go to the website 2ip.ru, if the port is open, then the work is done correctly.

297035 01.07.2015

Tweet

Plus

Last time we talked about what it is computer ports. Essentially, programs installed on a computer that use the Internet to normal operation you need not only access to the Internet, but also open ports.

Like other programs that send and receive information from the Internet, ports are needed to work network games. It doesn't matter if you play Counter Strike, World of Tanks or Dota: all of these games are multiplayer, which means they need ports to interact with other players. Ports are constantly used by others popular programs, for example Skype, Viber or μTorrent.

But your computer's ports may be closed. Imagine the situation: your mobile phone suddenly stopped receiving incoming messages and calls. That is, you call someone, the other end picks up the phone, you say “Hello!”, and in response - not a word. You dial the number again and again, call other numbers, but everything is the same - they don’t hear you. Then you write SMS, but they don’t receive replies either.

This is roughly how you can describe the situation when the ports on your computer are closed. Your network-related programs send information, but nothing comes back. Of course, they cannot fully perform their functions. In games, this manifests itself in connection error messages and delays in operation (lags). For example, in World of Tanks the message “Destination Unreachable” may appear.

To understand what happens and how to deal with it, you need to understand how a computer can be connected to the Internet. Three possible various options: direct connection to the Internet, connecting through a router and connecting using network address translation (NAT). Now we will talk about each of these cases in more detail.

Direct connection.

With this connection, your computer can be compared to a private house. This house stands on its own, it has 65536 permanently open doors and your own separate address - street name and house number. In this case, you can leave any of the doors and go anywhere. In the same way, anyone, knowing the name of the street and the house number, can come to you and walk through any of the doors. You or your guests are packets of information transferred between your computer and the Internet. As you may have guessed, all ports with this connection are open, and information can be freely transmitted in both directions.

True, this situation is only an ideal case. Firewalls – firewalls or firewalls – are almost always used to protect information. We already talk about what it is. If we consider it as part of our private home, then the Firewall is a guard who makes sure that the doors are closed and only those with a pass can enter and exit. We will tell you how to configure the Firewall to open certain ports in a separate article.

Connection via router.

Externally, a home router looks like a small box. In fact, this is also a computer, the task of which is to gain access to the Internet and distribute it to several devices at once - a computer, laptop, tablet or smartphone. Thus, if when connected directly to the Network our computer can be compared to a private house, then when connected to a router it is an apartment in an apartment building. You can easily leave the apartment through any door (and we have, as you might have guessed, 65536 of them) and go anywhere. But if someone wants to come visit you, now he must know not only the street name and house number, but also the apartment number. At the entrance there is a strict doorman who will ask any guest where he is going, find out if he is expected, and only after that will let the guests in.

As you can see, so that guests without unnecessary problems got into your apartment, you need to explain this to the doorman, that is, set up the router. We will talk about the intricacies of setting up routers from various manufacturers in a separate article.

The router has become a common sight in our apartments today. In general, this is a rather complex device; its installation and configuration is carried out by specialists. People generally don't need all the features a router can provide. For the most part, it is used to connect all kinds of devices to the Internet. At the same time, it works in the mode of receiving incoming traffic. But for the device to work and for data transmission, you will have to prepare the equipment accordingly. This is done by opening the router ports and configuring them.

To exchange data with external sources, you need to open ports

Most often, a person needs to not only receive data from the network, but also send it. By default, ports are closed, so this cannot be done. The process of opening ports on a router is called “forwarding”. There is often a need to transfer information from a device, for example, from a computer. For what? Everything is simple here. The need arises if you have to exchange data with someone from external sources. For example, when playing online. Or during communication.

When using a router to play online, you will have to pay attention Special attention. If there is a need to make a computer a server for several players using a router, then this is done through the open ports of the device. Otherwise, other players simply will not be able to see the created server.

How to open the ports yourself and configure them correctly

In fact, this is not so difficult to do. Very often the instructions contain all the information on how to open the ports. Below is a general step-by-step instruction for all popular routers. Specifically, we will consider port forwarding for routers from the following companies:

• D-Link;
• Zyxel;
• TP-Link;
• Asus.

Routers from D-link

The first thing you need to do is connect to the web interface. Next, go to the “Advanced settings” menu by pressing the corresponding key. Then follow the following path:

1. Find section " Firewall" and in it "Virtual servers";
2. Click the Add button. Next, the parameters for the virtual server are selected.

Let's look specifically at all the necessary parameters. First - Templates. Either select the template of interest from the list, or stop at the Custom item. In this case, you will need to set server parameters manually. Next parameter- Name. Everything is simple here: you will need to figure out what the server will be called. Next is the Interface, where the connection type is determined. The server protocol is selected in the menu of the same name. Then comes the port configuration:

• External port ending and starting;
• Internal port ending and starting.

After these operations, the parameters of the internal and remote IP are set, and their IP addresses are registered. The last thing you need to do is select System, where you want to save the changes.

Routers TP-link, Zyxel, Asus

There are no big differences between setting up routers from TP-link, D-Link and others. As for devices from TP-link, proceed as follows:

1. In the router interface, select the “Forwarding” item, then - Virtual servers and Add new;
2. The appropriate settings are entered. First, Service Port. Next - Inland Port. It will be used to connect with other devices in internal network. Then the IP address of the local service is selected;
3. The last thing is to save the changes.

Let's look at the forwarding process for ASUS

1. In the main menu, select the Internet item, then - Forwarding. The service name is selected;
2. The next step is to define port ranges in the corresponding menu. They are the ones who will redirect incoming connections;
3. On the menu Local address the address to which redirection will be carried out is specified. You also need to specify the port number in the Local port item. Redirection will be made to it;
4. The last thing to forward is to specify in the Protocol field the connections with which the device will work. Now all that remains is to save.

Settings for Zyxel products

1. The first step is a little different. Here you will need the “Security” section. The next step is in the Network Address Translation (NAT) field, go to Security and add a new rule;
2. The next point is carried out with extreme caution. In the Interface field, you can select Broadband connection (ISP) or PPPoE. Broadband connection is installed in cases where the provider does not use authorization. In case of forwarding their Internet, PPPoE is selected. But if both from the Internet and from the local network, then the second option is already needed;
3. Now you need to understand the Packages per address section. In most cases, it generally remains unchanged. It is configured only if there is a need to indicate