Port forwarding- risky?

MoFoHo

Well-known Member
Hi all wise ones!

I have been considering setting up port forwarding in my router, to enable me to connect to my Denon AV amp when I'm outside of my LAN.

I'm pretty sure I can do it, I've set up my Denon with a static IP address, and have found some great instructions on the 'net explaining how to do it for my particular router (a BT Voyager 220V).

However I'm a little worried that port forwarding can put my network, computers and amp at risk. If I open a port (say, port 80), does this not mean that anyone can simply 'happen across' my external IP address, would they not have a direct link into my expensive Denon amp?!
I apologise if this is a silly question! I'm fairly new to advanced networking.

Incidentaly, IP filtering on inbound traffic is enabled. Will this setting effect me in some way?

Many thanks for any advice!
 

mickevh

Distinguished Member
Yep: If you open an inbound port to an internal host, anyone that finds your routers external IP address can "probe" through the router on that port to whatever host it's forwarded to.

There are people who spend their lives probingIP addresses on the internet to see what ports they have open and whether they can trick whatever is listening on said port into doing useful (to them) stuff.

By way of example, if you port forward your routers external IP address A.B.C.D port 80 to your amp at 192.168.X.Y port 80, then anyone connecting to A.B.C.D:80 will get to your amp. It's then down to the robustness of your amp's "security" (and whether it's listening) as to whether they can do anything "interesting" with it.

Typically the firewall in SOHO routers permits outbound connections on any port, but prevents all inbound connection. A bit like a telephone that allows outgoing calls but prevents incoming ones. Creating a "port forward" punches a hole in that regime for a defined port (or set of ports.)
 
Last edited:

graham.myers

Distinguished Member
It does beg the question though "why do you want to connect to your amp if you're not at home?". Does it allow to stream something?
 

MoFoHo

Well-known Member
Yep: If you open an inbound port to an internal host, anyone that finds your routers external IP address can "probe" through the router on that port to whatever host it's forwarded to.

There are people who spend their lives probingIP addresses on the internet to see what ports they have open and whether they can trick whatever is listening on said port into doing useful (to them) stuff.

By way of example, if you port forward your routers external IP address A.B.C.D port 80 to your amp at 192.168.X.Y port 80, then anyone connecting to A.B.C.D:80 will get to your amp. It's then down to the robustness of your amp's "security" (and whether it's listening) as to whether they can do anything "interesting" with it.

Typically the firewall in SOHO routers permits outbound connections on any port, but prevents all inbound connection. A bit like a telephone that allows outgoing calls but prevents incoming ones. Creating a "port forward" punches a hole in that regime for a defined port (or set of ports.)

Wow, thanks for that very clear advice! Think I'll leave my very expensive amp operating on my network only!
 

Jeroen1000

Active Member
This may be seriously overkill. But a VPN may solve your issue. This way you can connect safely to your lan as if you were already in it.
 

The latest video from AVForums

Are the TCL MiniLED TVs better than OLED? TCL Interview with Marek Maciejewski | AVForums Podcast
Subscribe to our YouTube channel
Support AVForums with Patreon

Top Bottom