Port Forwarding

Suppose you have a local network, and you have two web servers on the network, Web Server 1 on 192.168.1.10 and Web Server 2 on 192.168.1.20. Suppose you also want an external client to be able to connect to either of these servers.

Only one IP is associated with the network, the external IP of the router: 1.2.3.4 in the schematic above. In order for a client to be able to communicate with both web servers, we can forward a port on the router to port 80 on Web Server 1 and forward a different port on the router to port 80 Web Server 2. So, we might forward port 8001 on the router to Port 80 on Web Server 1 and 8002 on the router to Port 80 on Web Server 2. This way, the external client could connect to Web Server 1 at http://1.2.3.4:8001/ and Web Server 2 at http://1.2.3.4:8002/

These options let you forward a single port from the router to a host on the local network. The options are:

• Description: A description of this forward. This is just a label for the rule, it doesn't affect how the forward functions, and is optional.
• Protocol: Whether to forward TCP packets, UDP packets or Both.
• From Port: The external port (on the WAN interface of the router) to forward to the host on the local network.
• To IP: The IP address of the host on the local network to which you want to forward the port
• To Port: The port on the local host to which you are forwarding traffic. If unspecified, this is assumed to be the same as the From Port

These options let you forward a range of ports to a single local host. The source port range and the destination port range are the same.

The options are:

• Description: A description of this forward. This is just a label for the rule, it doesn't affect how the forward functions, and is optional.
• Protocol: Whether to forward TCP packets, UDP packets or Both.
• Start Port: The first (lowest) port in the port range being forwarded
• End Port: The last (highest) port in the port range being forwarded
• To IP: The IP address of the host on the local network to which you want to forward this range of ports

When a DMZ (De-Militarized Zone) is configured, all ports not specifically used by the router or forwarded to other hosts are forwarded to one specific host on the local network. This can include a lot of hostile traffic, so only activate this option if this host has a firewall configured.

UPnP is a protocol that allows hosts to dynamically open and forward ports. Since this can pose a security risk, it is disabled by default. However, some applications require UPnP. Think carefully before enabling UPnP.