Deutsch
 


Port Forwarding (Plus version only)
Abstract
There are applications types require external incoming access from the internet:
  • Server applications (ex: Web and/or FTP Server);
  • Communication applications (ex: Internet/IP phones, instant messengers etc);
  • Peer-to-Peer applications;

Home and small business users are connected to the Internet via so called connection sharing box - external firewall/router/NAT. The box connects several computers to the Internet through a single line/cable and provides with some internet security usually.

The connection box usage provides with incontestable benefits; the box protects from most incoming threats/attacks and allows using of single provider's IP address for multiple computers via NetworkAddressTranslation (NAT).

There is a side affect, however. There is no an automatic way to receive incoming connections to a computer behind NAT. The single provider's (external) IP address belongs to all the computers behind NAT simultaneously and does not belong to a separate computer. The solution is Port Forwarding. Port Forwarding allows configuring external access from a selected external port of the connection box to a selected internal port of the computer behind NAT.

There are three difficulties, unfortunately
  • Port Forwarding setting is a manual procedure. The connection sharing box has to be accessed via Web to turn on/off Port Forwarding manually every time you do (or do not) need the connection permitted.
  • Port Forwarding is to be configured to a selected port of a single computer with fixed IP only. The computer is determined by IP address (dynamic typically)in the network; the address is set by the sharing box automatically and can be altered;
  • Forwarded ports are stayed forwarded perpetually, till the ports are switched manually. So there is a potential security hole as all the incoming worldwide traffic to the external port of the sharing box is directed to the local port unconditionally, regardless of applications. Dynamic IP address assignment nature can produce the incoming activity redirected to another (random) computer in the LAN behind NAT.

Windows 8 Firewall Control offers the solution to automate and secure the Port forwarding assignment via synchronization between Port forwarding settings and running applications.

Requirements
There are some requirements to automate and secure Port Forwarding to computer behind NAT with Windows 8 Firewall Control
  • The connection sharing box must be uPnP (universal Plug-and-Play) compatible. Most of modern connection sharing (firewall/NAT/router) boxes are uPnP compatible;
  • uPnP must be enabled in the connection sharing box;
  • uPnP infrastructure must be installed on the computer running Windows 8 Firewall Control. The state is the default mostly;
  • uPnP infrastructure must be enabled and not blocked by a third party or native Windows Firewall;
Port Forwarding
Windows 8 Firewall Control tracks down applications requiring external incoming access (see Zones) and manages Port Forwarding for applications depending on the applications running state accordingly and automatically.

The Port Forwarding list allows you to insert/delete/modify Port Forwarding settings for current computer manually.
The list shows (in the read only mode) all automatic port forwarded applications also. Active Port Forwards (manual or automatic) are marked with the "globe" sign.

The list content is refreshed automatically when a new application is configured to require the external incoming access and when the access requirement is deleted/modified. The refreshment does not occur immediately. There may be a delay of 5-10 seconds.

The list can be refreshed by pressing the refresh button manually anytime. The refresh process can not be finished immediately due uPnP device discovery specifics. Maximum delay of about 9 seconds should be expected.