Check port forwarding with netcat

Port forwarding is a configuration in the router of a LAN such that any connections to a specific port number on the public/wan ip of the router may be forwarded to a specific machine/ip inside the LAN. Most routers allow configuration options to set port forwarding.

After setting up port forwarding its necessary to check if its working or not. To check port forwarding 2 things are necessary :

1. An application on local computer must open the port and wait for connections.
2. A machine from the outer network/internet must try to connect to this port number via the router.

If the connection succeeds then port forwarding is working. Lets take an example. A Lan has a router and 2 PCs with ip addresses 192.168.1.2 and 192.168.1.3 respectively. Now the router is configured to forward port 5000 to machine 192.168.1.3

Now to test that port forwarding we first need to start an application on machine 192.168.1.3 that will open the port 5000. We can use the program called netcat for this. Just run the following command

$ nc -vv -l 0.0.0.0 5000

This will make netcat listen on port 5000. Now use a remote website to connect to this port using the public ip address of the router. Few free tools are

http://www.yougetsignal.com/tools/open-ports/
http://www.ipfingerprints.com/portscan.php

Just enter your public ip address and the port number and click Check. If the website is shows success then the netcat terminal will show a new connection message like the following

$ nc -vv -l 0.0.0.0 6000
Connection from 69.163.149.200 port 6000 [tcp/x11] accepted

This will confirm that port forwarding is working. If the website shows that port is closed then netcat too would not show any such connection message indicating that port forwarding to that particular port is not working.

There may be a number of reason why port forwarding didnt work. One common reason is the existance of a firewall on local system. For example zonealarm on windows, or firestarter on ubuntu/linux. Firewalls block incoming connections on local machines and need to be configured properly. So configure your firewall to allowing incoming connections to the particular port.







Last Updated On : 9th May 2013

Subscribe to get updates delivered to your inbox

Leave a comment