Home > Articles > Security > Network Security

  • Print
  • + Share This

Port Forwarding: Step by Step

Windows 2000 port forwarding is set up through the Internet Sharing Connection Wizard—which makes sense.

Enable Internet Connection Sharing

If you haven't done so already, you'll need to enable Internet Connection Sharing—this allows your multi-homed server to manage Internet connections for the computers inside your network. Your server will have two network cards: one connected to the outside world, and the other connected to the inside world. In this example, the outside card has an IP address of and the inside card an address of The 192.168.x.x subnet is a "test" subnet, invalid on the Internet.

To enable Internet Connection Sharing between your two networks, right-click your outside Internet connection, select Properties, and then select Sharing (see Figure 2). Check the box labeled Enable Internet Connection Sharing for This Connection (see Figure 3). Select your internal network in the box below (labeled For Local Network).

Figure 2 Selecting the connection you want to change.

Figure 3 Enabling Internet connection sharing.

Select the Services to Forward

Now, forwarding a port on your server to an individual computer within your inside network is as simple as clicking the Settings button.

A number of the standard ports—for mail or FTP, for example—are provided by default, in the likely assumption that you may want to put a mail or FTP server behind your firewall and still be able to access it directly. If this is your goal, select the appropriate service and click Edit. In our case, however, we want to be able to Telnet to our Cray, which isn't listed, so we'll have to add a new service. Click the Add button.

Select a Port and a Destination Machine

If you're adding a service, give it a name and a port number. Then select either TCP or UDP, based on the protocol that the service will use. Finally, enter the internal IP address of the target computer. In this case, we created a new service called "cray" and assigned it port number 4020 on our Windows 2000 server, and told the server that port 4020 forwards to port 4020 on the computer with the internal IP address of, our Cray.

Now, from outside the network, you can type the following to log onto the Cray:

telnet yourserver.yourcompany.com:4020

And then play Hunt the Wumpus until your fingers bleed.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.