Port Forwarding
What is Port Forwarding?
Port ForwardingA NAT configuration in which a router redirects traffic arriving on a specific public port to a chosen internal host and port.
Port forwarding (also called destination NAT or DNAT) lets services on a private network be reached from the Internet by mapping a public IP and port on a gateway to an internal host and port. Common uses include exposing a home web server, a game console, or a remote-desktop endpoint. While convenient, port forwarding directly exposes the target service to the public Internet and removes the implicit protection of NAT, so the service must be patched, authenticated, and ideally protected by a firewall, VPN, or zero-trust access proxy. Insecure port forwards have led to many compromises of IP cameras, NAS appliances, and RDP hosts.
● Examples
- 01
A home router forwards public TCP/443 to the internal NAS at 192.168.1.50:443.
- 02
A game console requests UPnP port mapping so it can host multiplayer matches.
● Frequently asked questions
What is Port Forwarding?
A NAT configuration in which a router redirects traffic arriving on a specific public port to a chosen internal host and port. It belongs to the Network Security category of cybersecurity.
What does Port Forwarding mean?
A NAT configuration in which a router redirects traffic arriving on a specific public port to a chosen internal host and port.
How do you defend against Port Forwarding?
Defences for Port Forwarding typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Port Forwarding?
Common alternative names include: DNAT, Destination NAT, Port mapping.