What is port forwarding? Also known as port mapping and port tunneling, port forwarding is a way of accessing private networks, such as your home or business servers and devices from outside. It also shields the private network from unwanted external connections.
At the same time, port forwarding allows external devices to communicate with your device that’s on a private network. Without port forwarding, devices connecting from outside cannot see internal IP addresses, only the external one which belongs to a gateway (i.e., VPN, proxy, router, or firewall). A gateway can block both incoming and outgoing traffic, depending on its settings.
How to enable port forwarding in 2023
- Subscribe to a VPN with the port forwarding feature. Our top choice is PrivateVPN, currently available with 85% off!
- Install the VPN and visit the settings menu
- Enable port forwarding
- Enjoy forwarder ports and all the benefits they bring!
Why should I enable port forwarding?
You can use port forwarding in many different ways for work and entertainment purposes. Here are some examples of the most common uses of port forwarding:
- Online games. It can be either a computer or a game console that’s behind the router. Occasionally, routers block incoming gaming servers’ traffic because they find it suspicious. Another popular reason to use port forwarding is when you want to create your own game server. In that case, it’s best to grab a VPN for gaming with port forwarding available.
- Seeding torrent files. If you’re behind a router, it might prevent you from seeding torrent files. This can be a problem if you’re using a tracker that counts your download/upload ratio or if you just want to share some files. You can remedy this by purchasing a torrenting VPN that has port forwarding.
- Accessing your work computer from home. You are probably familiar with remote desktop access software. It also uses port forwarding to allow access to a private network of your office or pass your home router.
- Increasing downloading speed. In a way, your router acts like a border guard that stops everyone, checks their documents, and occasionally inspects their belongings. However, you can make the process more Schengen-like by using port forwarding. This way, the traffic goes straight to your computer, which can be crucial if you want to stream in UHD (4K) or do other bandwidth-heavy tasks. Naturally, a fast VPN provider will ensure minimal speed reduction during such activities.
- Improving your security and privacy. Knowing your public IP address allows anyone to check if some of the most commonly used ports are open. You can shield yourself by allowing only one port for external access.
- CCTV and security. The Internet of Things (IoT) is extending the use of port forwarding rapidly. It’s needed to remotely access security cameras and different devices at your home or work.
- Running a public HTML server. With the advent of cloud hosting, using your computer as a shared server becomes obsolete, at least in the home environment. Nevertheless, you may want to have some of your resources available to your family, coworkers, or yourself while traveling. However, a router might block incoming traffic, especially if you use some random port. Therefore, a router should also know that it’s OK to let the right ones pass.
- Allowing FTP connection. FTP, or File Transfer Protocol, is another dwindling service that netizens can use to download files from a remote server. It can be helpful if you host large files that are above your cloud storage quota. Like before, the router has to know where to direct FTP requests from outside so they can reach your internal IP address.
How does port forwarding work?
To establish a connection with a private network, port forwarding intercepts the traffic and uses the gateway to redirect your request from one IP address and port address to another by applying network address translation (NAT). NAT allows internal devices to communicate with the external network using only one IP address. This is possible because NAT stores all the maps (IP+port) of that connection.
All internet traffic consists of packets that hold your data and a header that defines its destination. When port forwarding is used, the gateway rewrites the header so it can reach the private server. So while the external device thinks that it sent a request and received an answer from IP 184.108.40.206, in reality, the whole communication process went to IP 10.0.01.
The scheme below should help you better understand how the actual IP and port address forwarding happens.
IP is the address of the system in the network. They can be public or private and static or dynamic. Your public IP address is given to you by your internet service provider (ISP) and is used to communicate with other public IP addresses. In contrast, private IP is used only in your LAN or “behind the router.”
Port is the address of the service within the system. A router uses it to connect you to the desired service that uses a particular port. A port can lead anyone directly to your private IP address and device that uses it – the router won’t stop such traffic.
While your device can only have one IP address, it can use multiple ports to access numerous services. Ports can also identify what kind of applications or services are running on your device. IP and port together are known as a socket.
TCP/IP network ports
TCP/IP is a suite of communication protocols named after the core TCP (Transmission Control Protocol) and IP (Internet Protocol) protocols. It provides the rules for sending and receiving data online. All TCP/IP protocols are managed by the Internet Engineering Task Force (IETF) volunteer organization.
Port numbers ranging from 0 to 1023 are for the most popular service types. Then there’s the 1024–49151 port range reserved for specific services and registered by Internet Assigned Numbers Authority (IANA). Finally, there are the so-called dynamic ports (49152–65535) that are not available for claiming. This range is for private or temporary use.
While it’s common to assign a port for internal-to-external connections randomly, it doesn’t work the other way around. That’s because the external client assumes you will use a standardized port for that connection type.
Here are some of the standardized TCP/IP suite ports from all ranges:
|20, 21||Well-known||FTP transfer and control|
|993||Well-known||IMAP over TLS/SSL|
|4244, 5242, 5243, 9785||Registered||Viber|
|5000–5500||Registered||League of Legends|
|49152–65535||Dynamic||Certificate Management over CMS|
Is port forwarding safe?
While there are some dangers in port forwarding, port forwarding is safe in general. Furthermore, port forwarding can help hide your public IP address.
Finally, you can always combine different cybersecurity resources, such as VPN, with port forwarding to reach a desirable level of security and privacy. That’s because VPNs encrypt all your traffic, which is usually not the case with routers or firewalls.
Dangers of port forwarding
The dangers of port forwarding are real. Whenever you’re opening a port, there’s always a chance, no matter how small, that cybercriminals will exploit it. The likelihood goes up if your traffic isn’t encrypted. What’s more, using the user-friendly but not always secure Universal Plug and Play (UPnP) protocol for port forwarding also increases the risk of cyberattacks.
But what if someone randomly checks some well-known ports to see if they can access a remote system? Well, there’s the external and internal port. The external port can be a totally random number, while the internal one will correspond to the actual service that uses this port. What’s more, most routers come with a firewall that automatically closes down the often exploited ports.
If you’d like to avoid the risks of port forwarding and only encrypt your web tracking – consider using a VPN. Our top recommendation is NordVPN, currently available for $3.49/month with a 57% discount.
Port forwarding and VPNs
Most home routers already offer port forwarding functionality. And customers can set up routers manually with a VPN. Plus, some VPN services even provide dedicated router apps. What’s crucial is that you need to learn how to configure a router with a VPN connection.
However, VPN port forwarding can be tricky because these two do not always work together. Luckily, you don’t have to turn off a VPN whenever you want to enable port forwarding because some providers support this feature.
Using a VPN and port forwarding has plenty of benefits. For starters, a VPN masks your traffic with AES-256 encryption and hides your IP address, significantly increasing security and privacy. Additionally, you can enjoy other perks that come with VPNs, such as unblocking websites and streaming platforms, allowing P2P, and avoiding bandwidth throttling, among others.
Best VPNs for port forwarding in 2023
Here are some of the best VPNs that support port forwarding:
- PrivateVPN – starting at $2.00/month
- PureVPN – starting at $1.33/month
- Ivacy – starting at $1.00/month
- Mullvad – starting at $5.00/month
- Windscribe – starting at $1.00/month
Naturally, each provider has a slightly different implementation of this feature. Thus, you should check their official guides or ask customer support how to enable port forwarding.
How to set up port forwarding
Setting up port forwarding is easier than you may think. You can do that without prior technical knowledge. Below you will find step-by-step instructions on setting up port forwarding with UPnP, manually, and with a Virtual Private Network.
Which IP do I use for port forwarding?
You need to use a static IP for port forwarding. As is often the case, your IP address will be dynamic, meaning there’s no way to link it with an open port. After you set up the static IP on your device, go to your router settings. These are usually accessible by typing 192.168.0.1 or 192.168.1.1 in your browser. Enter your static private IP, local port, external port, and protocol to enable port forwarding in router settings.
Port Forwarding with UPnP
With UPnP, you’re sacrificing some security in return for simplicity. I don’t recommend it for sharing sensitive information. Also, don’t be surprised if your router doesn’t have this option. There are certain models and makes where you need to install the UPnP feature yourself.
Here are the generic steps for setting up port forwarding with UPnP – the actual flow depends on your router and device:
- Log in to your router by entering 192.168.0.1 in your browser
- Locate the tab with port forwarding settings
- Enable UPnP port forwarding
That’s it – router software will create all the rules automatically.
Now that you have UPnP enabled on your router, you can set it up on your desired application, i.e., torrenting client.
“Enable UPnP port mapping” should be ticked by default. The only thing you might need to change is the port number to correspond with the one in your router configuration.
Manual port forwarding
As the name implies, manual port forwarding is the most difficult of all three options. This means you may need to check your router’s manual or ask customer support for help. In general, the process looks as follows:
- Check if your device has a static IP address
- Log in to your router by entering 192.168.0.1 in your browser
- Locate the tab with port forwarding settings
- Choose the ports that you want to open
- Pick a tunneling protocol
- Enter your static IP address
- Add rules and settings (if any)
Like with the UPnP method, you will also need to enable port forwarding on a particular service, such as a torrenting client.
Port Forwarding with a VPN
Port forwarding with a VPN is probably the best option of all three. That’s because a VPN adds a key component – security. Without it, your traffic is not automatically encrypted, and your external IP is not hidden. Last but not least, you get to enjoy all the other benefits that a VPN brings, including streaming and torrenting.
These are the steps for setting up VPN port forwarding:
- Get a VPN that supports forwarding. Our top pick is PrivateVPN, an affordable and secure VPN provider
- Install the VPN software and go to its Settings
- Enable port forwarding if it’s not enabled by default
- Follow the instructions (if any)
In case you get stuck at some point, don’t hesitate to contact customer support. Most worthwhile VPN providers offer live chat with polite and knowledgeable representatives.
How to test port forwarding?
The easiest way to check if port forwarding is working is to use an online port forwarding tester, such as yougetsignal.com. It will show your IP address and which of the most commonly used ports are open.
You can manually test any other port that’s not on the list. Port forwarding testers can also identify what services are running on these ports.
Port forwarding is crucial if you want to enable certain activities and maximize efficiency. However, the feature can expose your device to unexpected cyber attacks as well. That is why you need the additional security benefits of a VPN service. It will hide your IP address and encrypt your web traffic, rendering it unreadable to outsiders.
You may also like to read:
What is split tunneling
What is a VPN kill switch
Best VPN services with a dedicated IP
Cheapest VPN services
How to pay for a VPN anonymously
Should I leave my VPN on all the time?
Is port forwarding the same as port triggering?
No, it’s not. Both serve the purpose of giving access to a device on a private network. However, in the case of port triggering, the port is open only while it’s in use, which adds extra security. What’s more, it’s available to any device on a private network.
The main disadvantage of port triggering is that it allows only one device from the private network to hold a connection.
Why is port forwarding not working?
You should start troubleshooting by checking the IP address and the port. Can you access it inside the private network? If not, try checking your server settings.
Additionally, you can check the WAN IP of the router and make sure it’s getting a public IP. You can also see if the port is open by using an online checker. If all fails, try contacting your router manufacturer.
And if you’re using port forwarding with a VPN, consider reaching out to customer support for assistance.
Does port forwarding reduce lag?
Port forwarding can help reduce lag in some situations, such as online gaming or torrenting. This also means that voice chat can run at a higher quality. If you had problems with dropping out of games, port forwarding could help with that as well.
However, if you’re connecting to a server that’s thousands of miles away, you might experience increased latency.
What is local port forwarding?
Local port forwarding allows you to connect to other servers from a local computer that runs a Secure Shell (SSH) client. Connections from the local computer are forwarded to the SSH server and then reach the destination server.
Local port forwarding can work even if the firewall blocks certain web pages. Furthermore, it can help receive mail securely or connect to a website using an SSH tunnel.
In the meantime, remote port forwarding uses SSH but is suited for server-side communication with the client. Finally, dynamic port forwarding is a powerful but not popular type requiring manual configuration to secure data before forwarding.