Did you know you have a firewall in your home? If you do not send your PC directly to the network via DSL or cable modem, but use a router such as AVM's FritzBox, that is exactly the case: The router encapsulates the local LAN and WLAN from the Internet, but at the same time ensures that all computers can go on the internet. However, only in one direction, namely from the inside to the outside. If requests come from outside - for example from a service or an attacker - these are initially blocked. However, sometimes it is necessary to use a device such as a NAS, an FTP server, smart home services or certain software applications such as BitTorrent or to open some telephony programs for inquiries from the Internet. This is where the so-called port releases come into play. They enable specific services to be passed through the router's internal firewall.
What exactly is such a port?
Let's start with a little excursion: A port enables different network protocols to be differentiated. For example, an HTTP web server runs on port 80, an FTP server uses port 21, and other services use other ports. Depending on the application, it can be useful to pass these ports through to the outside world. If, for example, an FTP server is running in your network, it is initially not accessible from the outside: If you or someone else try to access the server in the network using an IP address or dynamic DNS, the firewall of the Router - and automatically blocks the connection for security reasons. So that the FTP server can be reached from outside, you have to tell the router that the FTP server - and thus port 21 - is OK and that you want to allow this.This is exactly what port sharing is..
Set up port sharing on the FritzBox
1st step:
First start the services, applications and devices that you want to make accessible from outside. In the following example we use the FTP server Filezilla Server , which enables an FTP server to be set up on Windows computers in a few simple steps . Other FTP servers for Linux, macOS or NAS use the same port, namely port 21 . 2nd step:
After the service is active, you can switch to the administrator interface of your FritzBox. To do this, call up http://fritz.box in the browser and log in to the router with your administrator account . 3rd step:
If the expert view is not yet active, you can switch it on now by clicking on " View: Standard " at the bottom left of the interface . This enables the advanced view with additional options. If " View: Extended " is already shown here , you do not have to do anything. 4th step:
Now open the “ Internet ” menu and select “ Approvals ”. In the " Port release " tab you will find the tools you need to set up port release. You can also see ports that have already been released. Click here on " Add device for shares ". 5th step:
Some settings are necessary in the following window. First select the network device that should be shared. In our case the Windows PC. The FritzBox assigns the necessary IP addresses itself. Then click on " New release " below . 6th step:
Select “ Port release ” here and select the application, in our case “ FTP server ”. Alternatively, you can also select other shares or create them yourself. You can accept the rest of the settings. Then click on " OK ". 7th step:
The release is now set. Another click on " OK " saves them. 8th step:
That's it: You have set the port forwarding and the FTP server is ready for use. It should now be accessible from the Internet at your IP address or via the DynDNS service. If in doubt, restart the FTP server application so that it can find the new port. Attention, safety!
If you now want to release several services, you can proceed with these according to the same scheme. However, you should always keep an eye on the open ports, as they mean a gain in convenience, but also a security risk: If you set up an FTP server incorrectly, an attacker can, for example, access your computer via FTP and steal data. And if malware is on your computer, it can be controlled via an open port if necessary. The risk is low, but you should regularly delete port shares and devices that you no longer need from the FritzBox. Also important: For the sake of simplicity, people tend to open many ports straight away or even switch the computer to the so-called exposed host mode. However, this is not a good ideasince attackers have an easy time of it with the port scanner in case of doubt.
Use UPnP
Incidentally, there is also an automatic port release, which not all applications and devices can handle: the UPnP protocol. This is a more modern form of port forwarding that takes place automatically. Does a device need a specific and possibly changing port for communication with the outside world - with BitTorrent applications or services such as Skype This often happens to smart home devices and online games - they can use UPnP to open and close ports on the router if necessary. This is very convenient as the software independently takes over port sharing on the router. At the same time, UPnP can pose a security risk if, for example, malicious programs such as viruses and Trojans use this technology. By default, UPnP is therefore deactivated on the FritzBox. However, you can activate the option under " Home Network "> " Network "> " Network Settings " by checking the box next to " Transmit status information via UPnP "..
In addition, you may have to activate the option " Allow independent port sharing for this device " under " Home network "> " Network "> " Network connections "> " (device) " . Only then can the PC, smartphone or NAS independently open ports via UPnP. Even with automatic port sharing via UPnP, you should occasionally take a look at the open ports. If a device is particularly active at this point for no reason, you should deactivate this function for this device and search the affected computer for malware.
