Port Forwarding Guide
Set up port forwarding on your router to allow external access to services on your network.
What Is Port Forwarding?
Port forwarding tells your router to send incoming traffic on a specific port to a specific device on your local network. Without it, NAT blocks all unsolicited inbound connections.
Why You Need It
Your router's NAT (Network Address Translation) protects your network by blocking incoming connections that weren't initiated by an internal device. But sometimes you want to allow external access:
- Game servers — Host multiplayer games for friends
- Remote access — Connect to your home computer via SSH or RDP
- Security cameras — View cameras from outside your network
- Web servers — Host a website from home
- Media servers — Access Plex or Jellyfin remotely
How to Set Up Port Forwarding
Step 1: Assign a Static IP
Give the target device a fixed IP address so the forwarding rule always points to the right device:
- Router admin → DHCP → DHCP Reservation / Address Reservation
- Add the device's MAC address and desired IP (e.g.,
192.168.1.50)
Step 2: Create the Forwarding Rule
In your router's admin panel, find Port Forwarding (may be under NAT, Firewall, or Advanced):
| Field | Example | Description |
|---|---|---|
| External Port | 25565 | Port incoming traffic arrives on |
| Internal IP | 192.168.1.50 | Device to forward to |
| Internal Port | 25565 | Port on the target device |
| Protocol | TCP / UDP / Both | Match the service requirements |
Step 3: Test the Rule
From an external network (not your home Wi-Fi), try connecting to your public IP on the forwarded port. You can use online port checker tools to verify the port is open.
Common Ports to Forward
| Service | Port | Protocol |
|---|---|---|
| SSH | 22 | TCP |
| HTTP | 80 | TCP |
| HTTPS | 443 | TCP |
| Minecraft | 25565 | TCP |
| RDP | 3389 | TCP |
| Plex | 32400 | TCP |
Security Considerations
Port forwarding exposes services to the internet. Follow these practices:
- Only forward ports you actively need — Close ports when not in use
- Use non-standard ports — Forward external port 2222 to internal port 22 for SSH
- Keep software updated — Exposed services must be patched promptly
- Use strong authentication — SSH keys instead of passwords, strong passwords for all services
- Consider alternatives — VPN access (like Tailscale or WireGuard) is often more secure than port forwarding
- Monitor logs — Watch for unauthorized access attempts