WHAT IS PORT FORWARDING?
The term “Port Forwarding”, also referred to as “Port Mapping” and “Punching A Hole Through Your Firewall” among others, allows for you to specify how network traffic is directed to your computer and eventually ends up in the right place. This is done, primarily, by telling your network firewall or router how to direct specific network data to the right IP Address and to the right port on that IP address. A brief description of IP addresses and ports are:
IP ADDRESS: A unique identification number for a computer on the Internet. Typically an IP address is represented by a set of four three-digit numbers ranging from 0-255 and divided by periods - for example, 192.168.1.150
PORT / PORT NUMBER: A port is a unique pathway for data. An IP address is made up of multiple ports and different types of data are assigned to and travel along different ports. For example, web browser traffic commonly uses Port 80. It is important to note that a port can only be used by one application at a time. When an application is using a port to send or receive data, that port is commonly referred to as being “blocked.” This is why you might sometimes get a port conflict error when using your computer for some network operations – like file sharing with FileMaker Pro.
The network file sharing in FileMaker Pro and FileMaker Server also uses ports to communicate with other FileMaker Pro and web clients. The primary port used for FileMaker network sharing is 5003. If port 5003 is blocked it can effect the network sharing functionality of FileMaker Pro. The most common cause of a port being blocked is due to a piece of network hardware – either a router or a firewall. Both of these pieces of hardware usually stand between your local / private network (private LAN) and the outside world and act as a “network” traffic cop – allowing the authorized network traffic to pass thought and stopping the unauthorized traffic from either entering and/or leaving your private LAN.
For security reasons, most routers and firewalls, by default, are not likely setup to automatically allow network traffic on port 5003. The purpose of a router or firewall is to keep unwanted network traffic from entering your private LAN so generally a router or firewall has only commonly used ports open by default. Therefore, it is up to you or your network administrator to configure these devices to allow network traffic though on port 5003. This is generally a pretty routine thing to do, but due to the sheer number of routers and firewalls available today, it is beyond the scope of this document to specifically explain how to do it for the hardware you might have. A good resource on the Internet for information like this is http://www.portforward.com
Port Forwarding allows you to configure your network hardware device to pass on all requests received on a specific port (such as 5003) on a public IP address to a single computer that exists on your private LAN. That single computer is usually identified by an IP address also so it is common for that single computer to have a static, or fixed, IP address.
NOTE: Port Forwarding is generally unnecessary if you can access your Private LAN using a Virtual Private Network, or VPN for short, connection. If you are able to “VPN” to your private LAN from outside the firewall or router, FileMaker Pro network sharing should work
HOW DOES PORT FORWARDING WORK?
Here is a brief description of how port forwarding works. In this example, there is a machine on a private LAN with an IP address of 192.168.1.150 running FileMaker Pro with a file open to share with other FileMaker Pro users. Because FileMaker Pro is open and network sharing on, Port 5003 is in use on this machine. Others users of FileMaker Pro on the private LAN will be able to access this shared file since they are “inside” the confines of the local network and behind any router or firewall that might be in place.
But what about a user that is outside the private LAN that wants to access the same shared file on 192,168.1.150? Typically, this outside user would only have access to the public facing IP address and not have access to any IP address on the private LAN – not to mention would not have access to the local network on port 5003. In this case, port forwarding could be used to configure the router or firewall to intercept any data directed to port 5003 on the public facing IP address and forward that request through to the local machine on the private LAN at IP address 192.168.1.150. This assumes, of course, that the machine with the IP address of 192.168.1.150 is using a static, or fixed, IP address.
But what if the local machine does not have a static IP address? For example, most residential broadband connections have a dynamic IP address assigned to them that changes periodically. Therefore, it would make sharing a FileMaker Pro file from your home difficult because the public facing IP address to your home network could change at anytime. In cases like this, Dynamic DNS can be used. Dynamic DNS allows for real time updating of a DNS of any changes that might occur. A DNS translates easy to understand computer hostnames into IP addresses. For example, to access the website for FileMaker, Inc. you typically type use http://www.filemaker.com. The reality is that FileMaker, Inc’s website is identified on the Internet using the IP Address 22.214.171.124. A DNS takes the easy to understand computer hostname and looks it up in a list to identify the IP address and then routes the request appropriately. In this case, whether you enter in http://www.filemaker.com or 126.96.36.199 into your web browser, the end result is the same.
In the case of a residential broadband connection that changes, your network router would communicate to the Dynamic DNS service that an update occurred which would in turn update the DNS and make your residential broadband connection available by way of a pre-defined / determined DNS address. Due to the number of ways of setting up a Dynamic DNS service, it is beyond the scope of this document to go into detail. Additional information about Dynamic DNS can be found by searching the Internet or by going to http://en.wikipedia.org/wiki/Dynamic_DNS
IS PORT FORWARDING SAFE?
As stated before, a router or firewall acts as a traffic cop to prevent unauthorized network traffic to enter or exit your network. As more and more ports are opened to allow traffic to enter and exit your network, the potential risks go up as well. The reality is that your router or firewall is constantly forwarding ports when you are connected to the Internet and therefore you are more likely to be exploited by a browser security issue that you would be if you opened up port 5003 to allow FileMaker Network sharing.
FileMaker Pro is a secure application and it would be difficult, if not impossible, for someone to exploit it and your network over port 5003. Someone would have to write a FileMaker Pro specific exploit to be able to get it to crash or interact with it in anyway. And even if they did it is unlikely they could do anything like access your system files or important data. In addition, port forwarding only forwards requests to one computer and will not reach any other machine on your network. So, in the case that something bad does happen, your network would be protected, as the access would be isolated to the one machine the port is forwarded to.
Additional security measures, like creating an access list of approved IP addresses that can access your network or scheduling when the port is forwarded can be utilized to decrease the chances of an port forwarding exploit.
WHAT IS PORT FORWARDING?