Port Forwarding

Port forwarding, also known as port mapping, is a networking technique that allows devices outside a local network (LAN) to access devices or services within that network. It works by configuring a router to redirect incoming traffic from a specific port on its public IP address to a specific port on a device within the private network. Essentially, it creates a pathway for external requests to reach a designated internal device.

• How it works: When an external device (e.g., a computer on the internet) sends a request to the router’s public IP address on a specific port, the router forwards that request to a preconfigured device (e.g., a computer, server, or IoT device) on the local network using the same or a different port.
• Key components:
• Public IP address: The router’s external address, visible to the internet.
• Port: A numerical identifier (0–65535) used to direct traffic to specific services (e.g., port 80 for HTTP, port 443 for HTTPS).
• Private IP address: The internal address of the device on the local network (e.g., 192.168.x.x).
• NAT (Network Address Translation): Routers use NAT to translate public IP addresses to private ones, and port forwarding modifies this translation for specific ports.

For example, if you host a web server on your home computer (private IP: 192.168.1.100) on port 80, you can configure your router to forward incoming traffic on port 80 to 192.168.1.100. This allows users on the internet to access your web server by entering your router’s public IP address.

Why?

Port forwarding is used to enable external access to services or devices within a private network. Here are the primary reasons for using it:

1. Accessing Local Services Remotely:
2. It allows you to access devices or services (e.g., a home server, security camera, or gaming console) from outside your local network.

3. Example: Accessing a home security camera feed via an app while traveling.

4. Hosting Services:

5. It enables hosting servers (e.g., web servers, game servers, or file servers) that need to be accessible to external users.

6. Example: Hosting a Minecraft server for friends to join over the internet.

7. Improving Online Gaming:

8. Some online games require specific ports to be open for better connectivity, reduced lag, or to host multiplayer sessions.

9. Example: Forwarding ports for a game like Call of Duty to enable direct connections with other players.

10. Remote Desktop or Management:

11. It allows remote access to devices for management, such as using Remote Desktop Protocol (RDP) or SSH to control a computer.

12. Example: Accessing your work PC from home via RDP.

13. Bypassing NAT Restrictions:

14. NAT firewalls block unsolicited incoming traffic to protect the network. Port forwarding creates an exception, allowing specific traffic to pass through.
15. Example: Enabling a VoIP service to receive incoming calls.

How to enable port-forwarding ?

To access the Docker container running on port 1212 of your EC2 instance (public IP: a.b.c.d) from your local machine without exposing the port publicly, use SSH local port forwarding (tunneling). This maps a port on your local machine to the remote port 1212 on the EC2 instance. Assume the container's port is exposed to the EC2 host (e.g., via docker run -p 1212:container_port).

Prerequisites

• You have SSH access to the EC2 instance (e.g., via key pair; common username is ec2-user or ubuntu depending on AMI).
• The Docker container is listening on localhost:1212 or 0.0.0.0:1212 on the EC2 host.
• If the port isn't open in the EC2 security group for SSH (port 22), ensure it is for your IP.

Commands

Run these on your local machine (not on the EC2 instance).

1. Basic foreground tunnel (stays open while SSH session is active): ssh -L 1212:localhost:1212 ec2-user@a.b.c.d
2. Replace 1212 with a different local port if 1212 is in use locally (e.g., -L 8080:localhost:1212).
3. Replace ec2-user with your actual EC2 username.
4. This forwards local localhost:1212 to EC2's localhost:1212.
5. Access the container via localhost:1212 (or your chosen local port) in your browser or app.

6. Exit with Ctrl+C to close.

7. Background tunnel (runs detached; useful for persistent access): ssh -f -N -L 1212:localhost:1212 ec2-user@a.b.c.d

8. -f: Forks to background.
9. -N: No remote command execution.
10. To stop: Find the process with ps aux | grep ssh and kill it (e.g., kill PID).