Pages

Tuesday 17 April 2012

How to port forward on an apple router


When i first needed to port forward some ports for my FTP server on my router, in this case
a Time Capsule i had a bit of trouble finding a tutorial on how to do it.
Most of the port forwarding tutorials out there are for Linksys, Netgear, and Cisco routers.

So in this little tutorial i will show you step my step how to forward ports on an Apple Time
Capsule router or Airport extreme. Now the interface for the Airport utility has changed a bit
it the last update. i will be showing you using the most recent version.

What you will need:

Full password privileges to the router
You need to know what ports you want to forward for you server
A few minutes of time


Step 1:


Go to spotlight and type in "airp" , the Airport utility should come up
hit enter and start up the program.




Step 2:


Click on the you main router if you have more than one for instance if you have
another one to extend you network. Then Click "Edit" to edit the router configuation.



Step 3:


Navigate to the "Network" tab, and go down to where is says "Port mapping"
Check "Enable NAT Port Mapping Protocol"
Click the "+" button to add a new Port map.



Step 4:


Notice i have allowed a range of 10 ports.


Fill out the form like this>

Add a Description of your choice.

For Public UDP Ports: put the range of ports you would like to forward. For example
putting 18-25 will forward ports 18 through 25. Even though the standard ftp port is 21,
i found you were better guaranteed a remote connection if you forwarded a few other ports in
that range. For you info this will also forward the ports for FPT, SSH, and TELNET
protocols. So you killed 3 birds with one stone.
Put the same value in all these fields also:

Public TCP Ports

Private UDP Ports

Private TCP Ports

Now for "Private IP Address" you will want to put the local ip of the computer
you want to forward the public requests to. E.g the LAN ip of the server that you
want to access from the outside.

Click save. You will then need to update the router. Click Update.
The router will be unavailable for a few seconds while it reconfigures.

When you see a green icon next to the router appear again, then the router is a ready
and now accepting external requests on the ports you just forwarded and is sending those
requests to the IP address on the computer on your LAN that you specified.


Step 5, Testing it:


Now i am assuming you have the server up and running that you wanted to connect to from outside
your LAN e.g. from any hotspot in the world (pretty cool eh?) wether it be FTP or Minecraft.

I will use FTP as an example.
Go to whatismyip.com to find your external ip, your networks id on the www.
Copy the ip to your clipboard.
Go to your favorite browser and type in the following:

ftp://your_external_ip:21

( replace "your_external_ip appropriately" )( replace 25 with the port you forwarded )

if you are prompted with a username and password by the browser then you did it!
Congrats!
However nothing ever works the first time i do it so if you have any trouble
just drop me a comment and i'll help you.

Extras>>> Common Ports:


  • FTP - 21
  • SFTP and SSH - 22
  • TELNET - 23
  • SMTP mail server - 25
  • NFS 2049
  • MySQL - 3306
  • Minecraft - 25565 (hehe :D)
  • VNC - 5900
  • For a complete list of known ports visit this wiki link


Security Note>>>

Remeber that forwarding these ports will allow people to connect from the outside world.
The only way to prevent evil-doers is to provide a strong password to you FTP os SFTP server.
If not people black-hat hackers can brute force the password to the FTP server, get in, steal you files and or delete them. Quite a serious matter. Btw just becuase i know how to brute force hack a network dosent make me a bad hacker, if you really know about the term, you will know it can used for good and bad. I use those skills to test my own network security.

If you would like me to do a tutorial on network security and penetration testing, just drop me a comment. I would be happy to.


1 comment:

  1. I'be been doing this for several hours now, and is still being told by http://portchecker.co/check that my ports are closed... no idea where im going wrong... Can you help me?

    ReplyDelete