This process is vitally important to download from P2P networks, play online, make FTP transfers or make video conferences. It’s not that we can’t do it if we don’t have the ports open, but the operation will not be the same. For all this, we explain the meaning of opening the ports, what are the ports or the important thing that they are closed / open. In addition, we will see an automatic way to open it and then manual according to the router or operator model in question.
What are the ports?
When we connect to the Internet, all applications redirect their traffic through certain ports. The router is in charge of receiving and processing all the information that we send to the Internet or receive from the Internet, also from the local network. To carry out this process in an orderly manner, the ports are used. Some make parallels with mailboxes and even with train station platforms. Each “information” will arrive at a certain port or will leave a certain port.
The OSI (Open System Interconnection) model is a model used for network protocols created in 1980 by the International Organization for Standardization. Three years later it was published by the ITU and since 1984 the International Organization for Standardization (ISO) also published it. The IANA, which oversees the global allocation of IP addresses, autonomous systems, DNS domain name root servers, and other resources related to Internet protocols, has created three categories to classify all network ports from 0 to 65535:
Well-known ports: Ports less than 1024 are ports reserved for the operating system and used by “well-known protocols.” Here we have as an example HTTP (Web server), POP3 / SMTP (e-mail server) and Telnet. If we want to use one of these ports we will have to start the service that uses them with administrator permissions.
Registered ports: Those between 1024 and 49151 are called “registered”. These can be used by any application, although there is a public list on the IANA website where you can see what protocol each one uses.
Dynamic or private ports: Those between the numbers 49152 and 65535 are called dynamic or private, they are normally assigned dynamically to client applications when the connection starts. They are used in P2P connections or online games. Normally, we will have to open some of them or even the previous section.
TCP vs UDP ports
There are two types of ports, TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). The first is the most common as it is connection oriented. This is designed to handle end-to-end connections, being ideal for IP protocol that is not designed to establish a reciprocal verification system between devices. For its part, UDP does not verify the reception of the data transmitted between one device and another, and this must be implemented in higher layers. Its main advantage is speed, being the most used in streaming voice or video services.
In addition to the transmission speed or the absence of a verification system for the transmission of information, there are some more differences between the two protocols. For example, TCP has a congestion control and traffic flow system. Finally, the size of the TCP protocol header is 20 bytes, while that of the UCP protocol is only 8 bytes.
Reasons to open them and how to know if they are open
By default, ports are closed, especially when it comes to dynamic or private ports. This is done for security reasons since, in case of having all the default ports open, it would be difficult to protect ourselves from malicious or external attackers or cybercriminals. In this case, we will have to act directly on the process to configure its opening that has not been done automatically.
We must know that ports 0 to 1023 are reserved by the system and cannot be modified. To give us an idea, the port 80 It will be used by web browsers such as Google Chrome, Mozilla Firefox or Microsoft Edge, to navigate the Internet. Port 110 is reserved for email.
However, from 1024 to 65535 they can be used by applications and services as varied as Skype, Bittorrent or games. Having the ports used by these applications closed can translate into low speed or connection problems, so we will have to take action on the matter.
First of all, we must ensure that they are closed and, for this, we can use different methods (applications or online services):
UPnP or how to open ports automatically
The UPnP protocol makes it no longer as necessary to have to open ports on our routers manually as we did a few years ago. However, we must be very careful with this functionality which, for security reasons, it is recommended to disable. Universal Plug and Play (UPnP) It is a set of communication protocols that allow networked peripherals to transparently discover the presence of other devices on the network and establish communication network services. It is basically a Plug and Play adaptation of USB devices to the “world” of network connections.
Thanks to this protocol, the router can open the necessary ports when we run an application and close them when we are no longer using it. This is normally enabled by default on most modern routers as it saves a lot of headaches for operators with customer service calls.
What ports do I need to open?
If we do not have UPnP available in our router or we have disabled it for security reasons, we may need to know the ports that we must open in the router. A good service that we can use is Port Forwarding that indicates the TCP and UDP ports depending on the service, program or game chosen.
Another option is the Port Test that allows us to locate the necessary port by consulting a wide collection of applications or games. In the case of services that we are not going to access with the PC and yes with, for example, a video console, we leave you a list of the ports it uses:
Ports open PS4
TCP ports: 80, 443, 5223 and 10070 – 10080 UDP ports: 3478, 3479, 3658 and 10070
Ports open Xbox 360, Xbox One
TCP ports: 53, 80, 3074 UDP ports: 53, 88, 500, 3074, 3544, 4500
Among the ports that we should not open, and always according to the figures compiled by various security firms, we find these three ports:
22 – SSH (Secure Shell) 80 – HTTP (Hypertext Transfer Protocol) 443 – HTTPS (Hypertext Transfer Protocol Secure)
Open ports manually
Now that we are experts at the conceptual level and we know exactly the port or ports that we should open, the time has come to tackle its manual opening. This changes from one router model to another, making it difficult to establish a universal explanation, although the background of the matter is more or less the same in all cases.
It is important to know that we will map the ports or open the ports for a specific IP address of our internal network. If we have activated the DHCP and that address is assigned to another computer, these settings will be applied on the new device and not on the original one. Therefore, it is advisable to establish a Fixed or static IP for the computer or video console on which we want to act.
Once this is done, we will access the router through its gateway, data that we can easily obtain in Windows 10 by accessing Command Prompt or CMD and typing ipconfig. That command will return a series of values among which we will find the default gateway. That will be the IP address that we must enter in the browser. From there, we will enter with the default username and password of the router.
Once in the configuration interface, we will look for sections called Port Forwarding, NAT, Port Forwarding, Port Mapping or Advanced Options. There we will have available the tool to indicate the port or ports that should be open. We will click on Add new application or service or similar option, to complete with the following data:
Name of the service: This is merely descriptive, but it is worth taking a few seconds to write the service, program or game in question. External port (WAN): This is the port that we must open in the router. We must bear in mind that we cannot open the same ports for two different computers on the same internal network or LAN. Internal port (LAN): In some routers, you can forward external ports, although we can leave it blank as it is optional. Internal IP address: Address of the computer, game console or device that will need that open port. Source IP address: Specific option for more advanced models to filter by source IP address and thus have additional security. Protocol: Here we must indicate if you use the protocol TCP, UDP or both.
Sometimes it is possible that we can define a range of ports separating the first and the last with a hyphen, or even that it asks us for the start and end ports. Other options that we can find and that we will leave on or off by default unless we know what we do are some like Enable MAC Mapping.
DMZ, best for consoles and having open NAT?
For game consoles, many people recommend using the DMZ zone or demilitarized zone. Broadly speaking, this option places the device in an intermediate zone where it will have all the ports open. This represents a security risk amount and it is much safer to opt for other solutions before resorting to this end. The DMZ is not recommended for a computer, although it could be the final option for a game console.
In this case, we will try to use UPnP, Port Forwarding or Port Trigger first, along with manually opening the necessary ports for the device in question. Only when this is not an option or if we do not want to complicate our lives (even at the cost of security), can we activate the DMZ for the IP of the internal LAN in question.
CG-NAT, when your operator “closes” the ports
There is another aspect that we must take into account when it comes to opening ports and over which only our operator has control. That is, we will not be able to enter the router and map the ports, since this will not help. We talk about CG-NAT which means Carrier Grade Network Address Translation and is the use of the same public IPv4 over several private addresses simultaneously.
Many operators have resorted to this technique due to the shortage of addresses and the lack of migration to IPv6. Among its drawbacks we find that we do not have the possibility of forwarding ports on the router itself. For this reason, if we need to open a port, we must ask the operator to “remove” us from CG-NAT.