Port forwarding with ufw ubuntu

  • Thread starter gfd43tg
  • Start date
  • Tags
    Ubuntu
In summary, the user is new to Linux and needed to forward certain TCP ports (1119, 3724, and 1120) and a range of ports (6881-6999) to play a game. They used ufw to block all traffic and then allowed the necessary ports. They are unsure if this is the correct way to set up port forwarding and are also unsure if UPnP is enabled on their router. They also have concerns about using iptables instead of ufw.
  • #1
gfd43tg
Gold Member
950
50
Hello,

I am new to linux and I have a few ports that I need to forward to allow me to play my game

TCP Ports 1119 and 3724 are forwarded.
TCP ports 6881-6999
TCP port 1120

So I used ufw and used the default settings to block everything. Then I allowed the aforementioned ports.

Code:
~$ sudo ufw allow 3724/tcp
Rule updated
Rule updated (v6)

And this is my status
Code:
sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
1119/tcp                   ALLOW       Anywhere                  
3724/tcp                   ALLOW       Anywhere                  
6881:6999/tcp              ALLOW       Anywhere                  
1120/tcp                   ALLOW       Anywhere                  
22 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
1119/tcp (v6)              ALLOW       Anywhere (v6)             
3724/tcp (v6)              ALLOW       Anywhere (v6)             
6881:6999/tcp (v6)         ALLOW       Anywhere (v6)             
1120/tcp (v6)              ALLOW       Anywhere (v6)

My question is, I don't know if this is the same as port forwarding. I denied access to two of the ports which are needed to play the game and I was still able to, which prompts me to believe that this isn't correct. I used ufw instead of iptables because I don't feel comfortable using iptables since it looks more complicated. If these aren't forwarded, then what did I do with these commands? Just allow those ports to go through my firewall?

Thanks!
 
Technology news on Phys.org
  • #2
Are you directly connected to the internet or are you behind a router? Do you have UPnP set up?

BoB
 
  • #3
Hello BoB

I am using WiFi. I don't know what UPnP is. Based on Wikipedia's description, I automatically connect to the wifi server when I log on, so I assume that it is on. If I had to manually set that up, then I never did so. How can I tell?
 
  • #4
UPnP is a group of protocols to make networking easier. One feature of that is that port forwarding is configured automatically. To determine if it is on you need to find out if your router supports it and then log in and look at the setting.

BoB
 
  • #5
With ufw, I thought the firewall goes through the computer, not the router. Shouldn't I be able to configure everything on my laptop?
 
  • #6
Maylis said:
Hello,

I am new to linux and I have a few ports that I need to forward to allow me to play my game

TCP Ports 1119 and 3724 are forwarded.
TCP ports 6881-6999
TCP port 1120

So I used ufw and used the default settings to block everything. Then I allowed the aforementioned ports.

And this is my status
My question is, I don't know if this is the same as port forwarding. I denied access to two of the ports which are needed to play the game and I was still able to, which prompts me to believe that this isn't correct. I used ufw instead of iptables because I don't feel comfortable using iptables since it looks more complicated. If these aren't forwarded, then what did I do with these commands? Just allow those ports to go through my firewall?

Thanks!

Normally, with
Code:
ufw allow
you can allow ports (use a colon between the first and last port of the range). The
Code:
/tcp
or
Code:
/udp
part is mandatory. It may be the case that game needs also udp besides tcp, so check it. Also, is there any other firewall getting in the way?
 
  • #7
I don't believe I have any other firewall. I already did the these you mentioned, the question is whether port forwarding or allowing a port are functionally the same thing. I denied some of the necessary ports in order to test if what I am doing is correct, yet I was still able to play the game. But then I read that perhaps only patching (downloading updates) is why the game needs the ports forwarded. Maybe it doesn't care about those ports when playing, only when downloading an update.

I then denied ports 443 and 80, to test if I could use the browser. I was still able to, so it seems to me that ufw doesn't actually work? I must be mistaken.
 
  • #8
Maylis said:
the question is whether port forwarding or allowing a port are functionally the same thing.

They are not the same thing. Allowing some port means allowing the incoming (and/or) outgoing packets through that port. Port forwarding refers to redirecting a request from a combination of address and port number to another such combination, using NAT (Network Address Translation) protocol through a network gateway (e.g. a router or a firewall) (for details see Wikipedia). For example, you could redirect incoming packets from port 80 to port 8080 (just an example).

Now, in the context of ufw command ,with ufw you essentially enforce firewall rules. What is allowed and what is not to pass through firewall in some specified port(s). In order for ufw command to do port forwarding, you have to add some lines in the configuration file: /etc/ufw/before.rules - you can google it to find the details. Then restart ufw.
 
  • #9
If you are behind a NAT router you have a default incoming deny all rule to computers behind it regardless of whether the router contains anything that would be considered a firewall. Port forwarding and some of the features of UPnP will add routes to allow incoming traffic. To allow those incoming connections you may have to modify your local firewall as well.

If there is a firewall included in your router you may have to modify it to allow some of the above features as well.

What game are you trying to play? We may be better able to help if we knew the specifics.

BoB

Edit: IPV6 complicates things because you may have a public IPV6 address and the port forwarding is meaningless.
 
  • #10
Unfortunately I am just renting a room in a house, so I can't really go into my landlords' router and start changing settings. I was hoping that I could set a sort of "internal firewall" just through my laptop.

I'm playing World of Warcraft
https://help.ubuntu.com/community/WorldofWarcraft

Router & Firewall

If you have a router or firewall you might have problems running World of Warcraft or services such as the Blizzard Downloader. The following ports need to be forwarded for World of Warcraft to work correctly:

World of Warcraft requires that TCP Ports 1119 and 3724 are forwarded.
The Blizzard Downloader requires that TCP ports 6881-6999 to be forwarded.
The World of Warcraft Voice Chat feature uses UDP Port 3724.
The Battle.net service features uses TCP port 1120.

Just want to make it clear that I am able to play the game, but my goal is to have as much security on my laptop as possible (while still able to play), that's why I want a firewall.
 
  • #11
What worries me is that I am using this website right now even though I set to deny all incoming connections. Why am I still able to get onto my web browser?

Code:
~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
 
  • #12
Maylis said:
I set to deny all incoming connections. Why am I still able to get onto my web browser?

Web browsing only requires outgoing connections.

Maylis said:
I was hoping that I could set a sort of "internal firewall" just through my laptop.

If the ports are blocked at the router and no automatic configuration mechanism like UPnP is present, nothing you can do locally to a firewall will will allow access from the outside world. Publicly the connection point is the router. All outgoing connections appear to come from the router. All incoming connections must also go to the router. Internally to that it decides that the connection should be forwarded (or in most cases not) to what computer.

You could use a VPN service to give you a real public IP. That will increase latency and reduce speed. WoW may not be playable under those restrictions.

BoB
 
  • #13
Thank you, I realized that without access to my landlord's router, I will just remain content with what I have. My game runs, but I was just trying to make my laptop as secure as possible. I guess denying incoming connections is the best I can do for now.
 

FAQ: Port forwarding with ufw ubuntu

1. What is port forwarding and why is it used?

Port forwarding is a networking technique used to redirect incoming network traffic from one port on a network device to another port on a different device. It is commonly used to allow external access to a specific port on a private network, such as for hosting a website or accessing a remote server.

2. How do I enable port forwarding with ufw on Ubuntu?

To enable port forwarding with ufw on Ubuntu, you can use the following command: sudo ufw allow /tcp. Replace with the desired port number. You may also need to configure your router or firewall settings to allow the incoming traffic.

3. What is ufw and how does it relate to port forwarding?

Ufw, or Uncomplicated Firewall, is a program used for managing firewall rules on Ubuntu. It allows you to easily configure and enable port forwarding, as well as other firewall settings, through a user-friendly command-line interface.

4. Are there any security risks associated with port forwarding?

Yes, there are certain security risks associated with port forwarding. By opening up a port on your network, you are creating a potential entry point for hackers or malicious software. It is important to only enable port forwarding for necessary and trusted services, and to regularly monitor your network for any suspicious activity.

5. Can I use ufw to forward ports on a remote server?

Yes, you can use ufw to forward ports on a remote server, as long as you have SSH access to the server. You can use the -r flag with the ufw command to specify a remote server, and then follow the same steps as you would for local port forwarding.

Back
Top