Looking to access your home computer remotely without using a third-party service? You’re reading the right post. I’ll explain here in simple terms how to handle port numbers and port forwarding when configuring a router.
When you’re through, you’ll have an idea about how to open a port to gain access to specific devices within a local network from a remote location. As an example, I’ll offer specific steps on how to access your router remotely, if it has the remote management feature—most standard routers do, except those from Netgear.
Note that this post is a supplement to the one on Dynamic DNS, a feature you likely need to use before you can dial home, unless you have a broadband plan with a static IP address. So, give it a good read before continuing.
Port forwarding: Understanding network port numbers
Every party on the Internet is behind a router, including you. You’re behind your home router.
If your network (your router) is a building, a port number is a door or a window. They allow information to travel between the Internet and a specific device within a local network.
There are 65,535 port numbers in networking, ranging from 0 to 65535. Before you get overwhelmed, they are simply numbers, and you generally can use them to your liking.
Here are some standard port numbers and the default services assigned to them:
| Port Number | Protocol | Service | Applications |
| 21 | TCP | FTP (File Transfer Protocol) |
FPT program |
| 23 | TCP | Telnet | Accessing a device via command prompts |
| 25 | TCP | SMTP (Simple Mail Transfer Protocol) |
Outgoing email |
| 53 | TCP, UDP | DNS (Domain Name System) |
Assigning a domain name to an IP address |
| 80 | TCP | HTTP (Hypertext Transfer Protocol) |
Web hosting |
| 110 | TCP | POP3 (Post Office Protocol version 3) |
Email hosting |
| 143 | TCP, UDP | IMAP (Internet Message Access Protocol) |
Email hosting |
| 443 | TCP | HTTPS (HTTP Secure) |
Web hosting, OpenVPN server |
| 445 | TCP | SMB | Windows Remote Desktop |
| 3399 | TCP | RDP | Windows Remote Desktop |
Specifically, when you get a new router or a computer and don’t change anything about its port numbers, the numbers above are used for the said services.
Specifically, the router automatically reserves the mentioned port numbers for the said services, and the computer automatically listens to the port numbers for the said services.
That doesn’t mean things just automatically work. You need to configure some settings to assign the port to a device first. And all of the default values can be changed.
The idea is that you assign a specific port (1) to a specific device (2) within your network, which is set to listen to that particular port for the particular service. This process is called “port forwarding,” which opens a port to let the traffic go through.
Let’s get into the details.
Port forwarding: Calling a port
Back to the building analogy above: The WAN IP address, often associated with a DDNS domain name, is that building’s address.
To open a port for the traffic to go through, a remote party generally needs to specify a port number. It’s similar to knocking on a specific door or window. To do so, here’s the format:
IP address:PortSpecifically, if your router’s WAN IP address is 23.98.237.126 and you want to open port 1000, then here’s the syntax to call that port:
23.98.237.126:1000(Note the colon and the fact that there are no spaces in the entire string.)
Now, assuming you’ve used Dynamic DNS to associate that IP address with a domain name called DongKnowsTech.asuscomm.com per the example in the post on DDNS, then the syntax to call port 1000 is:
DongKnowsTech.asuscomm.com:1000Again, when you call a domain name in that format, such as by typing it into the address bar of a web browser, you’re specifying a particular door of the house to knock on.
The general rule is that for any service to work, you generally need to specify a port number. There are a few exceptions where you don’t need to specify a port, one of which is port number 80, which is a well-known and default port for web hosting (which is read-only access).
For example, when you type in a domain name, such as dongknows.com, in a web browser (Edge, Chrome, or Safari) without specifying any port, it’s understood that you want to call port 80.
In any case, the reason the service takes place, such as when you call dongknows.com:80 and a website appears, is because the other side, there’s a computer hosting that particular service. In this example, that computer is the web server.
That brings us to the second part of port forwarding: specifying the destination, which is the device that hosts the service the port wants to call.
Port forwarding: Specifying the device, a.k.a. the virtual server
Specifying the destination is the job of the router at the local network that the remote party wants to reach. It’s the router’s Port forwarding feature, which is part of its NAT function.
Each port forwarding entry must include the port being called and the specific device in the network assigned to host the service being requested. Generally, a router can handle a few dozen port-forwarding entries.
This setting opens the called port and delivers the traffic to a specific device that hosts the service within the local network. In other words, it makes the device the target of the port being called.
For example, if you want to host a website at home, forward port 80 to the local IP address of the computer you have set up as the web server.
For port forwarding to work consistently, the destination device’s local IP address (the server) needs to remain the same at all times. That is where the router’s IP reservation feature comes into play.
In a network, any port that’s not forwarded is generally closed. Consequently, any access requests to this port will return an error. (It’s like trying to get through a locked door.)
Note the device’s IP address and the ports. You can use the same or different port numbers for the External and Internal ports—only the former is exposed to the outside world.
The port determines the pre-programmed service (Microsoft’s Remote Desktop in this case), and the IP address determines the device within the local network that handles that service (a Windows Pro computer).
Some routers allow two values in port forwarding: external (or public) and internal (private). In this case, external is the port the remote party calls, i.e., the one attached to the domain name as mentioned above. Internal is the port at the device that hosts the service.
You can use the same number for both or a different one for each—only the external port is exposed to the outside world, and you should avoid using the default numbers for known services. Using one port number for the external side and another for the internal side is like knocking on the window to open the front door.
Tip
For security, when turning on port forwarding for sensitive services, do not use the default known port numbers, at least on the public (external) side.
For example, port numbers 3389 and 8080 are the known defaults for Microsoft Windows’ Remote Desktop service and a router’s web interface. Using these default ports will make it easy for no-good parties to attack.
Specifically, for a remote desktop entry, you can specify the external port as a random (unused) number, such as 12345, and keep 3389 as the internal side. In this case, to call the 3389 port, you can use DomainName:12345, and port 3389 is still hidden from the outside world.
This trick is also useful when you cannot change the listening port on your local server device.
How to use port number and DDNS to remotely access your router
Knowing the port number and using a Dynamic DNS opens up many possibilities. One of which is the fact that you can easily and securely access your router’s local web user interface when you’re out and about.
To avoid unnecessary security risks, modern routers always have the remote access/management feature turned off by default. (Netgear has removed this feature from all of its routers altogether, though that has little to do with “security”.) Here are the general steps to turn it on:
- Within the router’s interface, navigate to the Remote Management (or Remote Access, or Web Administration, or Web Access from WAN) section. The location varies depending on the router you use, but it’s generally in the Advanced or System area of the interface.
- Change the settings to enable the feature. (Don’t specify a specific computer or IP for the remote party since it’s virtually impossible to know what IP address you’ll be using when you’re on the go.)
- Change the default port (often 8080) to a number of your liking, just not one already used for another service—this is a must-do step to keep the connection secure. Turn on HTTPS when applicable.
- Apply the changes.
Note that the port number has changed from the default, and the domain is blurred out for security reasons.
And that’s it. Since you’ll access the router itself—not a device within your home network—there’s no need to set up port forwarding for remote management. In other words, the router has already set that up for you.
After this, you can log in to your router’s interface from anywhere in the world via its WAN IP address (or preferably its DDNS domain name). Just make sure you use the one.
For example, if:
- DongKnowsTech.asuscomm.com is your DDNS domain name. (Yours has to be something else.) And
- 8910 is the port for remote management. (You can use this port or any other you like.)
then the web address to access your router remotely is:
DongKnowsTech.asuscomm.com:8910If you also have HTTPS turned on, then the address is now:
https://DongKnowsTech.asuscomm.com:8910Use that web address on a browser, such as Chrome, on an Internet-connected computer, and you’ll be able to access your router’s web user interface, no matter where you are in the world.
Using remote access this way is an excellent alternative to signing up for an account with the vendor. Vendor-assisted remote access generally means you’ll have to sacrifice your privacy because your router will always connect to the vendor. Dynamic DNS allows you to stay independent and have lots of flexibility, and that’s just one of its many benefits.
Tip
When logging into the web-based user interface of a home router or most devices, you might encounter a privacy/security error notice in which the browser suggests the webpage is potentially unsafe, similar to the screenshot below.
The reason is that the device’s built-in web server doesn’t have a mechanism to prove that it supports the now-required HTTPs protocol. For that, among other things, it needs to be signed by an external party.
It’s safe to ignore this notice and proceed to the interface when accessing a device within your local network.
Different browsers have slightly different warnings and ways to bypass them, but they all require clicking a few extra times. Pay close attention, and you’ll find out the way to proceed.
The takeaway
Networking port numbers can be a bit confusing, and so is port forwarding. However, the process is similar to calling a different person inside a home with a separate door knock.
For example, tap five times on the front door to get to Jane and three times on the window to get to David. That works as long as Jane and David are aware and listen. In this case, they are the specific “servers” somebody outside wants to reach.
