Port Forwarding (Plus version only)
Abstract

There are applications require external incoming access from the internet:
  • Server applications (ex: Web and/or FTP Server)
  • Communication applications (ex: Internet/IP phones, instant messengers and even Skype, which sound quality can be improved by enabling direct incoming connections
  • Peer-to-Peer applications may not work at all without direct incoming access (ex: eMule, eDonkey etc)

Usually home (SOHO) users are connected to the Internet via so called connection sharing box - external firewall/router/NAT, which connects several computers to the Internet through a single providers line and provides with some internet security.

The connection box has incontestable benefits; it protects from most incoming threats/attacks and allows using of single provider's IP address for multiple computers via NetworkAddressTranslation (NAT).

There is a side affect, however. There is no an automatic way to get incoming connections to a computer behind NAT. The single provider's (external) IP address belongs to all the computers behind NAT simultaneously and does not belong to a separate computer. The solution - so called - port forwarding - allows to configure external access from a selected external port to a selected internal port of the computer behind NAT.

There are three difficulties, unfortunately
  • Port Forwarding setting is a manual procedure. You have to connect to the sharing box via Web and turn on/off the Port Forwarding manually every time you do (or do not) need it.
  • Port Forwarding is to be configured to a selected port of a single computer only. The computer is determined by IP address, which is usually dynamic, is set by the sharing box automatically and so can be changed
  • Forwarded Ports are stayed forwarded up to a moment you manually switch them off. It is potential security hole, as all the incoming worldwide traffic to the external port of the sharing box goes to the local port regardless of a application "listening" the port. Moreover, due to dynamic IP address assignment mode the incoming activity can be directed to another (random) computer in the LAN behind NAT.

Windows7FirewallControl offers the solution to automate and secure the process via synchronization between Port forwarding settings and running applications.



Requirements

There are some requirements to automate and secure Port Forwarding to computer behind NAT with Windows7FirewallControl
  • The connection sharing box must be uPnP (universal Plug-and-Play) compatible. Most of modern connection sharing (firewall/NAT/router) boxes are uPnP compatible
  • uPnP must be enabled in the connection sharing box
  • uPnP infrastructure must be installed on the computer running Windows7FirewallControl. It is mostly installed by default.
  • uPnP infrastructure must be enabled and not disabled by a third party or native Windows firewall.
Port Forwarding

Windows7FirewallControl tracks applications requiring external incoming access (see Zones) and switches the Port Forwarding accordingly the application is running or not.

The Port Forwarding List allows you to manually insert/delete/modify Port Forwarding settings for current computer.
The List also shows (in read only mode) all port forwarding application requirements. Active Port Forwardings (for all the manual forwardings and the forwardings required by running applications) are marked with the "globe" sign.

The List content is refreshed automatically when a new application is configured to require the external incoming access and when the access requirement is deleted/modified. The refreshment does not occur immediately. There may be a delay of 5-10 seconds.

Anytime you can refresh the list manually by pressing refresh button. Be aware the refresh process can not be finished immediately due uPnP device discovery specifics. Maximum delay of about 9 seconds should be expected.