How to connect to open ports? We open ports on the router ourselves The program for connecting to the specified port

The Wi-Fi router is configured in its control panel, through the web interface. Therefore, access to change the configuration can be obtained through any browser. To do this, just open the page 192.168.0.1 or 192.168.1.1 (depending on the router model). Next, you will need to enter a username and password. By default, both of these options are set to admin.

If the default username and password are not suitable, and you have not changed these details, they may have been changed by the wizard when connecting or setting up the Internet. For security purposes, some providers change the default login details. In this case, they can be found in the contract or at the bottom of the router, on a separate sticker.

Advice! Don't forget to change your login details to your Wi-Fi router settings. You can do this in the "System Tools -> Password" menu.

Changing your password will greatly secure your network and help prevent unauthorized access or resetting. The settings will take effect after the device is rebooted.

If authorization in the control panel of the router is successful, a status page will open, which displays basic information about the router, information about wireless broadcasting Wi-Fi and the status of the current Internet connection.

Preconfiguring for Port Forwarding

Before forwarding, you need to change the settings for the distribution of local IP addresses within the network created by the TP-Link router. The device on which the open port will be used in the future must be set to an unchanged internal address. DHCP is responsible for addressing within the local network, so you need to open the menu “DHCP -> List of DHCP clients”. This window will display a list of devices connected to your network. We are looking for the desired device by name and copy its MAC address.

In the case shown in the screenshot, it was not difficult to find the necessary device, since only one device was registered on the home network. However, there are situations when a significant number of devices are connected to the network, and the name of the required computer is unknown or not displayed. In this case, you can find out the address of the computer directly through the operating system. The easiest way is to use a special command on the command line.

Press the Win+R keys to open a new program run window. Enter cmd in it and click OK.

After entering the getmac command, you will receive the necessary data that will be needed in the future to perform port forwarding on the TP-Link router.

If an error occurs while executing the command, it is recommended to repeat the operation by running the command prompt as an administrator.

After that, you need to open the menu "DHCP -> DHCP Settings". This page will display the range of IP addresses within which computers on your network are addressed. In the case in the screenshot, the start address is 192.168.0.100, the end address is 192.168.0.199. This information will be needed in the next step.

Next, you need to open the "DHCP -> Address Reservation" page and click the "Add New ..." button. Without this step, port forwarding on the TP-Link router will not bring the desired result, since the computer will be assigned a new local address each time.

In the "MAC Address" field, paste the combination that you copied from the list of DHCP clients or the command line. In the Reserved IP address field, enter any address that is in the range specified in the DHCP settings of the TP-Link router. Click the "Save" button.

The added binding of the MAC address to the IP will be displayed in the list, but for the normal operation of the address reservation, you will need to restart the Wi-Fi router, which the system will warn you about.

You can restart the TP-Link router programmatically in the "System Tools -> Restart" menu.

Opening ports on a TP-Link router

After completing these preparatory steps, you can proceed to the direct opening of ports. In order to open them on the TP-link router, go to the "Forwarding -> Virtual Servers" menu and select to add a new entry

Fill in the fields with port numbers. In the IP address field, enter the value that you have reserved for your computer. Select a protocol if necessary. In the "Status" field, leave the "Enabled" mark so that the settings take effect immediately after the Wi-Fi router is rebooted. If you want to forward the standard ports of one of the services, you can do this by selecting the required service in the last drop-down list. There is no fundamental difference between entering manually and selecting from the list, but this function can be useful if you do not remember the port number that you need to open.

The TP-Link Wi-Fi router offers the following services for which you can forward standard ports:

GOPHER
TELNET

The maximum number that can be opened on TP-Link is 65535.

In some cases, it may be necessary not to simply forward, but to dynamically open ports in response to an incoming event. You can configure this function in the next menu: "Forwarding -> Port Triggering". The most common use of this setting is to work with complex applications that receive many incoming connections (online games, Internet telephony, and video conferencing applications). To create a new Port Triggering entry, click Add New.

Sometimes the user has a situation when it is necessary to open one or another port of the computer for video games, complex programs or special Internet clients. But how to check if this port is currently open? There are several options for solving such problems.

I. CHECKING OPEN PORTS ON THE LOCAL COMPUTER

Method 1. In order to check open ports on the local (your) computer, you can use the "Command line" of the Windows operating system (

To call this line, you must press the key combination Win + R and write the command "cmd", then click "OK".

In the window that opens, write the special command "netstat -a" and see the list of open ports on your computer.

Method 2. If you are connected to the Internet, then you can check if the port is open on the website

whatsmyip.org/port-scanner/

This resource will determine your IP address by itself, and you can scan ports through a special field " Custom Port Test».

Enter the port you are interested in and click the " Check Port”, after which you will receive a response whether this port is open or closed.

II. CHECKING OPEN PORTS ON A REMOTE COMPUTER

Now let's look at how to check if a port is open on a remote computer or server. Use the same "Command Prompt" in Windows, but now write the telnet command in the format:

telnet IP address port

Press the "Enter" key. If there is no "Could not open ..." entry, then the requested port is open, otherwise it is closed.

We briefly looked at how to check if a port is open on a computer. If you have any questions, then ask them in the comment box.

What does the port test result mean?

Status Port closed

It is currently not possible to connect to this port. Malware or intruders cannot use this port to attack or obtain confidential information (The material 4 best free antivirus for Windows 10 will help you). If all unknown ports have the "closed" status, this means that the computer is well protected from network threats.

If the port should be open, then this is a bad indicator. The reason for the unavailable port may be incorrect configuration of network equipment or software. Check the access rights of programs to the network in the firewall. Make sure the ports are forwarded through the router.

The result "port closed" can also be obtained if the port is open, but the response time of your computer on the network (ping) is too high. Connecting to the port in such conditions is almost impossible.

Status Port open

You can connect to this port, it is available from the Internet. If that's what you want, great.

If the reason why the port may be open is unknown, then it is worth checking running programs and services. Perhaps some of them quite legally use this port to work with the network. There is a possibility that the port is open due to the operation of unauthorized/malicious software (The article How to turn on protection against potentially unwanted programs in Windows Defender will help you). In this case, it is recommended to check the computer with an antivirus.

F.A.Q.

What are the ports? What are they needed for?

The ports that PortScan.ru checks are not physical, but logical ports on a computer or network device.
If a program or service plans to work with a network, it opens a port with a unique number through which it can work with remote clients/servers. In fact, the network program reserves a certain number for itself, which allows you to understand that the incoming data is intended for this particular program.

In human language, it would sound something like this: "I, the server program, open port number 1234. If data arrives on the network cable with port number 1234, this is me."

What port numbers can the program open?

Ports are identified by numbers from 0 to 65535 inclusive. Any other port cannot be opened, respectively, and check too. These are limitations of the TCP/IP protocol.

It is worth noting that the client program must always know the port number to which it needs to connect on the server or other remote network device. For this reason, ports ranging from 0 to 1023 are reserved for the most popular protocols.

So, for example, while surfing the Internet, your browser connects to port 80 on the remote server where the site is located. In response, the browser receives a set of code and data, which it downloads and displays as a web page.

For what situations is it possible to check open ports?

Checking open ports is possible if your computer has been assigned an external IP address. You can find out more about this from your ISP.

It is worth considering that if your computer is connected to the Internet not directly, but through a router (router), then the results of the check refer specifically to the router. Checking the port status for a computer within such a subnet is possible only if port forwarding is available.

What is port forwarding?

Port Forwarding (sometimes Virtual Servers) is a special setting on the router that allows you to redirect external requests (from the Internet) to computers on the local network. In essence, this is a way to specify to which local computer to forward data and connection requests that come in on a specific port.

Let's say you have a game or web server at home connected via a router to the Internet. All computers connected to the same router are on the same network, so they can connect to this server. However, outside, from the Internet, it will no longer be possible to connect to your server without port forwarding.

If your computer is directly connected to the Internet (without a router/router), you do not need to perform port forwarding. All your open ports must be accessible from the Internet (of course, if you have a dedicated IP).

How to find out what ports are open on a computer?

For Windows: Start → "cmd" → Run as administrator → "netstat -bn"
For Linux: In the terminal, run the command: "ss -tln"

How to close the port?

First of all, you need to eliminate the cause - the running program or service that opened this port; it needs to be closed/stopped. If the reason for the open port is not clear, check the computer with an antivirus, remove unnecessary port forwarding rules on the router and install an advanced firewall (Firewall).

The computer has more than 65,000 ports, each of which can be used to interact with the Internet. If some computer ports are open - that is, they are used by certain programs - you can try to connect to them from a remote computer.

Instruction

You must know the ip address of the computer you want to connect to. If you know the domain name, you can determine the ip on one of the services existing on the Internet. For example, here: http://www.all-nettools.com/toolbox/smart-whois.phpEnter the domain name in the format www.name.ru - that is, the site name without "http://", click the "Submit" button . You will receive an ip address and all additional information about the site.

Now you need to determine which ports are open on the computer you are interested in. This is done by scanning using special programs - scanners. The most famous scanners are Nmap and XSpider. It is better for a beginner to choose the second one, on the network you can find both a demo version and a full version of the program.

Open XSpider, enter ip address, start scanning. After its completion, you will receive a list of open ports on the scanned machine. The presence of an open port does not mean that you have gained access to a remote computer and only says that this port is being used by some program. For example, port 21 is ftp, 23 is telnet, 4988 is Radmin, 3389 is Remote Desktop? etc. Type in the search engine "List of ports and their services", and you will get detailed information.

You have received a list of open ports. The next step is to look for an opportunity to penetrate through these ports to a remote machine. There are many options here, the main ones are password guessing or finding and using a suitable exploit. An exploit is a program code written for a specific vulnerability.

If you want to learn how to use exploits, download the Metasploit program. It consists of several hundred exploits, their composition is constantly updated. Metasploit also includes an Nmap scanner. Learning the program takes time and patience, but the result is worth it.

If you want a quick result, download two programs: GUI VNC Scanner (vnc_scanner_gui) and Lamescan. The first is a very good and fast scanner, handy when scanning a specific port. For example, port 4899, used by the Radmin remote control program.

Launch the VNC scanner, specify port 4899, select the desired country from the list and click the "Get diap list" button. A list of IP address ranges will appear in the window on the left. Select several ranges (preferably 2-3), delete the rest. Click the "Start scan" button. After the scanning process is completed, you will receive a text file IPs.txt with a list of ip-addresses of computers that have port 4899 open. Click the "Start parser" button - the list will be cleared of all unnecessary information, only ip-addresses will remain.

Launch the Lamescan program. Click on the "Settings - General" menu. Set the port number to 4899. Enter the paths to the password and login dictionaries (find them on the network). Click Done. Now click the green plus sign and enter your scanned ip-addresses in the window that appears and click the green arrow. The process of selecting a password for the specified addresses will begin. In most cases, the selection is unsuccessful, but out of hundreds of addresses, several will be with simple passwords.

Download and install the Radmin program. Run it, enter the address of the computer with the selected password. In the window that appears, enter the password (and login - if you have selected data for the program with a login and password). A blue connection icon will appear, and a few seconds later you will see the desktop of the remote computer on your screen.

Port assignment is a way to forward packets from any LAN interface port to a specified host (computer) and port on the Internet, or to forward packets from any idle port from an external (Internet address) to a specified host (computer) and port on the LAN.

The scheme of operation of this service is very simple and is usually used if it is impossible or not advisable to use NAT or HTTP proxy, or if it is better not to change the default gateway on client machines. Also, very often this scheme looks more understandable to many users than setting through NAT.

Let's look at some common examples of configuration through port assignment.

Attention! Port assignments and public mail servers, such as mail.ru, yandex.ru, gmail.com, which require connection via secure communication channels, will not work with The Bat. The problem lies in the The bat program itself, because. there you can not accept certificates and add them to exceptions so that they work normally and always. Through the assignment of ports, for example, "Mozilla Thunderbird" will work fine.

Mail setup.

As you know, there are two services for exchanging mail messages - POP3 (ENG) And SMTP (ENG). They use TCP ports 110 and 25 respectively. In order to allow client requests for these protocols to the Internet through a port assignment, two assignments must be created.

For example, for a POP3 server we will most likely use an unoccupied local port - 9110, and for SMTP - 9025. We will make the settings for the popular free mail - mail.ru.

Open the "Services - Port Assignment" page in the administrator console and click the "Add" button:

We select the IP of the local network card as the listening interface, port 9110. As the destination, we write the address pop.mail.ru and specify port 110:

Click the "Add" button again and specify the parameters for the SMTP server. We select the IP-local network card as the listening interface and prescribe port 9025, and as the destination we prescribe the smtp.mail.ru address and specify port 25.

Now you need to open the properties of the mail client on the client machine and set the settings for assigning ports there.

For example, for The Bat program, the setting will be as follows:

Setting up remote access from the Internet to a computer on a local network,
for example, for the program R-admin (ENG) or RDP (ENG).

Usually the ports that are used for these two programs (TCP 4899 for R-admin and TCP 3389 for RDP) are already occupied by the server where UserGate is installed, so we recommend that you use any others.

Let's select port 9999 for the RDP service, and port 9998 for the R-admin program.

In our example, the local subnet is 192.168.2.X and the computer accessed from the Internet has an IP address of 192.168.2.45.

We create a rule in accordance with our current network configuration. Specify your external interface as the listening address. If you have a connection to a PPPoE, VPN or Dial-Up provider, then specify to listen on any interface, port 9998 for R-admin:

A remote connection from the Internet to a machine on the local network in this case would look something like this:

for R-admin, specify the external IP address of the machine with UserGate - 172.19.169.7 and port 9998.
for RDP, specify the external IP address of the machine with UserGate - 172.19.169.7 and port 9999.