(4 votes, average: 4.50 out of 5)
Loading...
On an IPv4 router with Network Address Translation (NAT), port forwarding makes applications installed on a specific PC on the LAN available on the internet. These applications can range from online games, torrent clients, FTP servers, Web Servers, and more. Let's see how to enable port forwarding on any router and open the respective port on Windows Firewall.
Stream all your music, videos and photos to various devices in your house: Chromecast, Chromecast Audio, Nexus Player, Nvidia Shield and other devices. MI Civil Service Commission - Gateway Browsers that can not handle javascript will not be able to access some features of this site. Some functions of this site are disabled for browsers blocking jQuery.
Unblock any international website, browse anonymously, and download movies and Mp3 with complete safety with CyberGhost, just for $2.75 per month:
Table of Contents
- Port forwarding on a router
Give Windows a static IP
For port forwarding to work, our Windows PC needs always to have the same static internal IP on the LAN, and not a dynamic IP assigned by a DHCP Server.
The reason is that the NAT will forward a port only for a specific IP on the network, not for every connected device. Port forwarding lessens the network's security, by exposing ports to the Internet. Opening a port for every single device would be counter-intuitive.
For detailed instruction on this, check out our guide:
Port forwarding on a router
As you probably know, different routers often have entirely different interfaces.
They can also have different names for port forwarding. We can find it as Address Translation, NAT, NAT table, virtual server, etc.
In this guide, we will try to approach port forwarding in a general way so that you can follow the instructions for every router. If, however, you are having any difficulty, you should check your router's documentation.
Enter the router web interface
When we set up the static IP on our Windows PC, we found out the default gateway IP address - usually 192.168.1.1 or 192.168.0.1.
Entering this address on any browser with http://...
...will take us to the login screen for our router.
You should never use https:// to access the web interface. No home router has a security certificate to support the https:// protocol.
If we don't know the administrator password, we will probably find it on a sticker underneath the router. If there is no sticker, it usually us an easy-to-guess default password, such as 'admin - 12345' or 'administrator - 11111'.
Find the port forwarding section
This is probably the most 'difficult' part in port forwarding, finding how it is called on our router. We could find it on Network -> NAT -> Port Translation...
...Forwarding -> Port Range Forwarding...
...Advanced -> Virtual Server...
...Port Forwarding / Port Triggering...
...Network -> NAT -> Port Forwarding...
...plain Forwarding, and more.
In any case, we are looking for the section that mentions protocols, internal and external ports, and a destination IP address or Server IP address, such as this:
Create a rule
Once we found the appropriate section, we can now create the a rule for a specific port.
Firstly, we set a name for the rule. We can choose anything; it's just a reminder of the service for which we need the port forwarding, and visible only to us.
In 'protocol', we can select TCP, UDP, or Both. The correct choice depends on the application that needs port forwarding.
For instance, a torrent client will need both TCP and UDP. An FTP Server needs only TCP.
Some routers only have a TCP or a UDP option, not both. On those routers, if we need port forwarding or both protocols, we have to create two rules, one for TCP and one for UDP.
The external and destination port will be the same. Because some lower-numbered ports are being used by the system by default, or by specific applications, it's best to choose a port between 50000 and 65535.
Finally, on the destination IP address, we select the static IP we assigned on our PC.
After that, we save the new rule.
On most routers, port forwarding activates immediately. Some routers, though, need a reboot to apply the rule.
Set up Windows Firewall
After setting up the port forwarding rule, we are done with the router, and we can close the web interface. However, we also need to allow the port of our choice on the Windows Firewall, for the port forwarding to work.
The fastest way to get access to the Windows Firewall is by pressing the Windows key + R and typing wf.msc at the Run window.
On the Windows Firewall with Advanced Security, we select 'Inbound Rules'.
Some programs, such as torrent clients, usually create their rules within Windows Firewall during the installation, and we can check them out by double clicking the entry and selecting the 'Protocols and Ports' tab.
In this case, we just need to visit the 'Advanced' tab and make sure the rule applies to Private networks.
If we can't find an existing entry for an application, to create one we click on 'New Rule...'.
The easiest way is to select 'Program'...
On the next screen, we select the path to the program executable.
On the 'Action' and 'Profile' screens, we leave the default options. For the name, we choose a descriptive name for the rule.
And that's it. From now on, this particular program will be open to communicate with the Internet.
Check Port Forwarding
To make sure that port forwarding works correctly, we can use one of the multiple free services on the Internet.
Firstly, we ensure that the program that needs port forwarding is up and running, and uses the proper port. In the example, we will use qBittorrent.
Then, we navigate to canyouseeme.org
We just need to add the proper port and select 'Check Port'.
It is important that the program is running while we check for the port. Finally, if we did everything correctly, we will get a success message.
Can two PCs on the same LAN use the same port for the same app?
Port forwarding is set up on a unique IP address, and we can't set up a rule for the same port with two or more IP addresses.
So, if we want to set up the same program on two different PCs, we need to create two rules for two separate ports, one for each PC.
Is UPnP better than port forwarding?
Universal Plug and Play is a system developed to make port forwarding obsolete. If an app and our router both support UPnP...
...then the router will dynamically open the port the application needs when it needs it.
While it sounds great in theory, UPnP can be a huge security vulnerability. Since now we know how to do a proper port forwarding, we should disable UPnP on our router.
What is DMZ?
DMZ, or De-Militarized Zone, is a function that opens all the ports on our router for a particular IP.
We should only use it for test purposes, to make sure that a connectivity problem doesn't come from wrong settings.
DMZ is never a substitute for setting up port forwarding.
Did you have any trouble setting up port forwarding?
If any of the above instructions didn't work for you as intended, let us know in the comments below.
Support PCsteps
Do you want to support PCsteps, so we can post high quality articles throughout the week?
You can like our Facebook page, share this post with your friends, and select our affiliate links for your purchases on Amazon.com or Newegg.
If you prefer your purchases from China, we are affiliated with the largest international e-shops:
ReadyMedia (previously MiniDLNA) is server software with the aim of being fully compliant with DLNA/UPnP clients. The MiniDNLA daemon serves media files (music, pictures, and video) to clients on a network. Example clients include applications such as totem and Kodi, and devices such as portable media players, Smartphones, Televisions, and gaming systems (such as PS3 and Xbox 360).
ReadyMedia is a simple, lightweight alternative to MediaTomb, but has fewer features. It does not have a web interface for administration and must be configured by editing a text file.
- 2Configuration and starting
- 3Other aspects
- 4Building a media server
- 5Troubleshooting
Installation
Install the minidlna package.
If you want to use an unofficial branch which supports transcoding, install the readymedia-transcode-gitAUR package.
Configuration and starting
Warning: The current version of ReadyMedia has a serious bug: The
-i
command-line option and network_interface
configuration option used to bind to a specific IP address does not apply to the HTTP server. Bug reported in 2017 to upstream. The webserver remains accessible on all interfaces, potentially creating a security problem if running on a publicly accessible host.By default, minidlna runs as a system service (alternatively, you can run it as your own user). It can be configured in
/etc/minidlna.conf
. Set the following necessary settings:By default MiniDLNA runs as the minidlna user, which can be changed with the
user
line in /etc/minidlna.conf
. If you change MiniDLNA user, you should also change the db_dir
and log_dir
options to directories that are writeable by that user.The minidlna service can be managed by
minidlna.service
using systemd.Automatic Media_DB Update
Kernel adds one inotify watch per each folder/subfolder in Media_Collection Directories set in
/etc/minidlna.conf
to monitor changes thus allowing MiniDLNA to update Media_DB in real time. When MiniDLNA is run as a regular user, it does not have the ability to change the kernel's inotify limits. If default number of inotify watches is non-sufficient to have MiniDLNA monitor all your media folders, increase inotify watches through sysctl
(100000 should be enough for most uses):To have it permanently changed, add to
/etc/sysctl.d/90-inotify.conf
inotify performance may depend on device type. Some do not rescan media drives on a consistent basis or at all. If files are added/deleted to monitored media directories, they may not be noticed until the device DLNA client is restarted.
Check inotify updates via MiniDLNA presentation_url by comparing files count. If it does not change, make sure the user running MiniDLNA has rw access to the DB folder. If the issue persists, copy or download new files first to a non-watched by inotifyDownloads folder on the same drive, and then move them to appropriate media folders, since lengthy media files copying or downloading may confuse inotify.
You can also clean or rebuild MiniDLNA DB manually after stopping MiniDLNA daemon, or analyze its debug output (Ctrl+C to exit):
Stop the MiniDLNA daemon.
To rebuild Media_DB forcibly:
Stop the daemon after rebuilding Media_DB e.g.
killall minidlnad
.To run in debug mode:
Ctrl+C
to exit it.Troubleshooting service autostart
Sometimes the minidlna daemon fails to start while booting. NetworkManager#Enable NetworkManager Wait Online solves this issue. See FS#35325
Running minidlna as your own user
Alternatively to a system service, you can run minidlna as your own user. This can be useful if you want to share media but do not have administrator access to the machine.
Create the necessary files and directories locally and edit the configuration:
Configuring should be as above, specifically:
You can now start minidlna with the following command:
To autostart it at login, add the previous line to
~/.bash_profile
.Other aspects
Other aspects and MiniDLNA limitations may need to be considered beforehand to ensure satisfaction from its performance.
Firewall
If using a firewall the the ssdp (1900/udp) and trivnet1 (8200/tcp) ports will need to be opened. For example, this can be done with arno's iptables firewall by editing
firewall.conf
and opening the ports by doing:File System and Localization
When keeping MiniDLNA Media_DB on an external drive accessible in both Linux and Windows, choose proper file system for it. NTFS preserves in Windows its Linux defaults: rw access for root user and UTF8 font encoding for file names, so media titles in your language are readable when browsing Media_DB in terminal and media players, since most support UTF8. If you prefer Vfat (FAT32) for better USB drive compatibility with older players when hooked directly, or your Media_Collection drive is Vfat and has folder & file names in your local language, MiniDLNA can transcode them to UTF8 charset while scanning folders to Media_DB. Add to Media_Collection and Media_DB drives' mount options your FS language codepage for transcoding to short DOS file names, and iocharset for converting long file names to your terminal's locale, i.g. codepage=cp866,iocharset=utf8 (or ISO-8859-5). Set rw permissions for all users, since Vfat does not preserve Linux access permissions:
While your iocharset would be present in the system with a matching locale, if your terminal or player supports only short file names, check if the set codepage is also present and enabled (like ru_RU.CP866), i.e. was included in system config when ArchLinux release was compiled, or consider recompiling the release to add it:
MiniDLNA lists Movies and Photos by file name in its DB, and Music entries by ID3 tags instead of file names. If Music collection was not tagged in UTF8 but in a local charset, MiniDLNA might not identify and transcode it correctly to UTF8 for display in media players, or the original tags codepage(s) may be absent in your system, so the tags will not be readable even when media file names are. In this case consider re-tagging your collection to UTF-16BE or UTF-8 encoding with an ID3 Tag Converter.
Picking the 'right' file system for your Media_Collection is a trade-off: XFS and EXT4 show fast read/write for HDs and lower CPU load critical for small Plug Computers with attached storage. NTFS is most compatible with Windows when plugging a drive directly for faster copy, while network file systems like Samba, NFS or iSCSI allow import to Windows any Linux FS with slower data copy. As file fragmentation affects playback, store your Movies on a non-system drive formatted in XFS (prevents fragments), NTFS (fragment resistant and easy to defrag), or EXT4 (uses large file extents), and avoid EXT3 or less resistant FAT32. For smaller Flash drives with seldom fragmented Music and Photo files, VFAT (FAT32) and EXT4 show faster writes with less CPU load, but EXT4 may affect memory wear due to journaling, and less compatible with media players. Proper drive partitioning, block alignment and mount options (i.e. async,noatime...- choice depends on file system and memory type) can greatly accelerate flash and HD drive speed among other advantages.
Media Handling
MiniDLNA is aimed for small devices, so does not generate movie thumbnails to lower CPU load and DB built time. It uses either thumbs in the same folder with movie if any, or extracts them where present from media containers like MP4 or MKV with embedded Album Art tags, but not AVI. One can add thumbs (JPG 160x160 pxl or less) to media folders with a Thumbnail Maker, and miniDLNA will link them to media files after rescan. Larger thumbs will be resized and stored in Media_DB that slows scan. At one movie per folder, follow thumb naming rules in minidlna.conf. For multiple show episodes per folder, each thumb name should match its episode name without ext. (<file>.cover.jpg or <file>.jpg). To handle MS Album Art thumb names with GUID, add * to the end 'AlbumArt_{*'.jpg . MiniDLNA will list on screen only chosen media type (i.e. Movies), but will not other files in the same folder.
When viewing photos, progressive and/or lossless compression JPG may not be supported by your player via DLNA. Also resize photos to 'suggested photo size' by the player's docs for problem free image slideshow. DLNA spec restricts image type to JPG or PNG, and max size to 4096 x 4096 pixels - and that is if the DLNA server implementation supports the LARGE format. The next size limit down (MEDIUM) is 1024 x 768, so resizing may help to show photos correctly.
To decrease system load, MiniDLNA does not transcode on the fly unsupported media files into supported by your player formats. When building Media_DB, it might not correctly identify whether certain formats are supported by your player, which may play via UPnP a broader formats choice. DLNA standard is quite limiting UPnP subset in media containers and codec profiles allowed. If you do not see on TV screen or cannot play some media files listed in Media_DB, check if your HD started spinning or try connecting to your media player via USB for their playback. MiniDLNA might not support choosing audio tracks, subtitles, disk chapters, list sorting, and other advanced playback features for your player model.
Building a media server
Media served could be based on lightweight and cheap system like development board (Raspberry Pi, CubeBoard, etc.). You do not even need to put X Server on this board.
Automount external drives
This is very useful if you want to automate the server. See udisks#Mount helpers for more information.
Issues
Media server based on MiniDLNA could face the drive re-scan issue. Ex.: external HDD you have plugged will be scanned each time again and again. This happens due to MiniDLNA removes DB records for unplugged drive. If your drive plugged all the time it is not a problem, but if you have 'pluggable' media library on large external drives this could take a big while till you start watching your video.
One can resolve the rescan issue by using this minidlna fork. It creates a metadata file next to each video file. This can significantly decrease the scan time for large media.
Troubleshooting
Server not visible on Wireless behind a router
On some network configurations when the machine hosting MiniDLNA server is connected to the router through Ethernet, there may be problems accessing MiniDLNA server on WiFi (same router). To solve this, make sure that 'Multicast Isolation' is turned off on the router. For example, on ADB / Pirelli P.RG EA4202N router, connect to the configuration page, then Settings->Bridge and VLAN->Bridge List->click edit on Bridge Ethernet WiFi->set Multicast Isolation to No->Apply.
Media directory not accessible
Please note that the default systemd service file enforces the parameter
ProtectHome=on
. If you intend to share files that reside within the /home/
file system you may want to lessen that restriction.You can achieve this by updating the systemd unit override file.DLNA server stops being visible after some time when being shared on a bridge device
If you are using ReadyMedia to 'broadcast' on a bridged device (such as an OpenVPN device bridged to an Ethernet device), the server may stop being seen by the clients after some time (which may vary from a few seconds to half a day).In order to solve this you need to disable 'multicast snooping'. You can do it instantly with the following command:
This should make the server visible to the clients *immediately*, but the change will be lost on reboot.If this works, you can make it a permanent change by using a systemd service file. Edit the file
/etc/systemd/system/multicast_snooping.service
with the following content:Now all you have to do is enable the service file:
This approach should disable multicast_snooping on every boot.
Retrieved from 'https://wiki.archlinux.org/index.php?title=ReadyMedia&oldid=578320'