====== Port Forwarding ======

===== Motivation =====
  
  
{{:portf-schematic.png?nolink&500}}

Suppose you have a local network, and you have two web servers on the network, Web Server 1 on 192.168.1.10 and Web Server 2 on 192.168.1.20.  Suppose you also want an external client to be able to connect to //either// of these servers.  

Only one IP is associated with the network, the external IP of the router: 1.2.3.4 in the schematic above.  In order for a client to be able to communicate with both web servers, we can //forward// a port on the router to port 80 on Web Server 1 and //forward// a different port on the router to port 80 Web Server 2.  So, we might forward port 8001 on the router to Port 80 on Web Server 1 and 8002 on the router to Port 80 on Web Server 2.  This way, the external client could connect to Web Server 1 at http://1.2.3.4:8001/ and Web Server 2 at http://1.2.3.4:8002/


===== Individual Port Forwarding =====

{{:portf-i.png?nolink}}

These options let you forward a single port from the router to a host on the local network.  The options are:

  * **Description:** A description of this forward.  This is just a label for the rule, it doesn't affect how the forward functions, and is optional.
  * **Protocol:** Whether to forward TCP packets, UDP packets or Both.
  * **From Port:** The external port (on the WAN interface of the router) to forward to the host on the local network.
  * **To IP:** The IP address of the host on the local network to which you want to forward the port
  * **To Port:** The port on the local host to which you are forwarding traffic.  If unspecified, this is assumed to be the same as the //From Port//


===== Port Range Forwarding =====

These options let you forward a range of ports to a single local host.  The source port range and the destination port range are the same.

The options are:

  * **Description:** A description of this forward.  This is just a label for the rule, it doesn't affect how the forward functions, and is optional.
  * **Protocol:** Whether to forward TCP packets, UDP packets or Both.
  * **Start Port:** The first (lowest) port in the port range being forwarded
  * **End Port:** The last (highest) port in the port range being forwarded
  * **To IP:** The IP address of the host on the local network to which you want to forward this range of ports
 

{{:portf-r.png?nolink}}

===== DMZ =====

{{:portf-dmz.png?nolink}}

When  a DMZ (De-Militarized Zone) is configured, all ports not specifically used by the router or forwarded to other hosts are forwarded to one specific host on the local network.  This can include a lot of hostile traffic, so only activate this option if this host has a firewall configured.


===== UPnP / NAT-PMP =====

{{:portf-upnp.png?nolink}}

UPnP is a protocol that allows hosts to dynamically open and forward ports.  Since this can pose a security risk, it is disabled by default.  However, some applications require UPnP.  Think carefully before enabling UPnP.