What is Port Forwarding
Port forwarding enables remote clients to access a specific service on a server located on the internal network behind the firewall. It is a form of NAT which allows you to forward a specific port to a specific host.
- The remote clients can be Internet users or remote employees.
- The services accessed by these users can be HTTP, FTP or SMTP to name a few.
Why Do You Need Port Forwarding
Port forwarding is used when you have a single public IP address or a limited number of IP addresses along with multiple internal servers that need to be accessible from the Internet. You cannot dedicate a public IP address to every internal server because you do not have so many IP addresses. Instead you forward a specific port to the needed internal server; the port forwarded is the port on which the service on the internal server listens to.
How Port Forwarding Works
Consider the case where you have a single public IP address on the WAN interface of the firewall and a couple of internal servers running different services. For example one server is a web server, other a FTP server and another one a SMTP mail server.
- The web server’s case: TCP port 80 used by HTTP will be forwarded to the internal web server. The remote clients’ requests will be destined to the firewall’s public IP address on port 80; the firewall will translate the destination IP address to the internal web server’s private IP address and will forward the translated requests to this server.
- Similar with the mail server; Assuming that SMTP is running on the mail server, the TCP port 25 used by SMTP will be forwarded to the internal mail server.
- Almost the same with FTP and its TCP port 21. The difference is that FTP may use additional dynamic ports for data transfers, so the firewall will use a FTP NAT helper to sense which other ports need to be automatically forwarded to the server.