Port forwarding sounds far more complicated than it is. It's just like receiving a stack of letters in your mailbox and then handing each one out to the relevant family members.
Port forwarding is often related to gaming, but there are other uses. Below, we explain what ports are, why they need to be forwarded, how to set up port forwarding on a typical router, and common cases that can be solved with port forwarding.
What Are Ports?
You may already know what IP addresses are. Every device on your network (smartphones, computers, consoles, or anything else plugged into the router or connected to Wi-Fi) is given an IP address. But there are two types of IP addresses: public and private.
Public IP addresses are what other computers on the internet see when you connect to them. It's assigned by your Internet Service Provider (ISP) to your modem. You can use Google or DuckDuckGo to check your public IP address. Search "what is my IP address?" and that's it.
On the other hand, private IP addresses are used on internal networks—devices connected to the same router. Those sometimes need to "talk" to one another, such as transferring files between two computers or using a network printer.
In a nutshell, a public IP is like your home address—including zip code, street name, and building number—and a private IP would be an apartment number, only useful once you're inside. You couldn't send a letter from anywhere in the world to "Apartment 603".
It's the same when you access a website: you're asking for some data to be returned to your device. To do that, the webserver must be given your public and private IP addresses. The data is sent back from the website, first to your router with the public IP, then to your device with a private IP.
This is pretty easy when we're just talking about browsing the web, but what happens when you request different kinds of data—like email or where the enemy has moved in a multiplayer game? How does your computer know which application the data should be given to? It wouldn't be particularly useful to send your latest emails to Call of Duty.
That's where ports come in.
How Do Network Ports Direct Data?
Ports are like mail sorting tubes inside the computer. When data reaches your device, the operating system checks the port number it's destined for. Each port can correspond to a different application, and there are 65536 of them.
The first 1024 of these are standardized. For example, unsecured web traffic goes through port 80, while secured websites use 443. Emails over POP3 use port 110, but outgoing SMTP emails use 25. Wikipedia has a full list of standard ports.
So, when you open an HTTPS website, the data returns to your computer in the following order: public IP (your modem/street address), private IP (your computer in the router's internal network/apartment number), and finally, port 443 (the application that used HTTPS/your name in the mail envelope).
From ports 1025 to 65536, there are no strict definitions. This is by design. New applications are created daily and need to have available paths to the web. If a single piece of software exclusively used one of these ports, even if present in millions of computers, several other millions would be unable to use that port.
Web-connected apps can choose the port they want to use. While it sounds difficult and time-consuming, there is a solution: Universal Plug and Play (UPnP).
What Is UPnP and How Does It Work?
Having all ports open all the time is a huge security risk, so any non-standard ports (ports 1025+) are blocked by default on most routers. This prevents malicious requests from reaching services that might be running on your network. However, closed ports also cause trouble for online applications—the router will simply block it as a security feature.
Therefore, they need to tell the router, "Hey, I'm using this port; please keep it open."
UPnP was invented to automate this process. Applications can request a port to be opened, and the router will automatically set up the required port forwarding rules. This doesn't come without risks. For example, if malware gets installed on your computer, it'll be trusted by the router, thus being able to open up ports for malicious activities.
Since UPnP can be dangerous if exploited, many people disable it. A common example where UPnP will be disabled is an IT team at a large company. Usually, each department requires a specific suite of programs. Everyone uses email, but online payroll management is mostly for HR and Finances, and it's unlikely someone not on customer support requires ZenDesk.
In such cases, UPnP is disabled, and the ports required for each team's workflow are opened just for the computers that need them. That said, even if you haven't disabled UPnP, sometimes it just doesn't work right. So let's look at how you can manually create port forwarding rules.
Disabling UPnP and Using Manual Port Forwarding
Anyone can disable UPnP at home for improved security—this gives granular control over which ports are open for each device. Just follow the instructions below.
Step 0: What You Need for Port Forwarding
To successfully set up port forwarding, you need some information. It's not a long list:
- The router's IP address to access your router admin page. Usually, there's a sticker listing this on the router, along with the default username and password. If you're unsure, Port Forward lists default router addresses by the manufacturer.
- Which port (or port range) needs to be forwarded—the software that requires port forwarding should list them.
- The private IP address for the device that will have its ports open. We have guides on how to find your private IP address on:
- Some applications also specify if they use UDP or TCP packets. The difference isn't important, and you can select both—there are no adverse effects or security risks in doing so.
Many modern routers have integrated apps for easy router configuration. Of course, it's not guaranteed to have port forwarding options, but it could save a few minutes.
Step 1: Disable UPnP
Before proceeding, here are a few notes:
- The following port forwarding guide uses a Nokia G-140W-H modem/router combo. Routers from other manufacturers use different menus, but the wording should be similar.
- If you use a modem/router combo and can't find UPnP/port forwarding options, your ISP may block these settings. In such cases, contact the provider's customer support.
- Port forwarding needs to be set up for each application in each device. UPnP only needs to be disabled once since it affects the whole router.
The router's home page will show after login. For the Nokia G-140W-H, the menus are on the left side, with UPnP and port forwarding under Application.
Disabling UPnP in most cases is as easy as deselecting a toggle and clicking Save/Apply. If the option is already disabled, no action is needed.
Step 2: Enable Port Forwarding
With UPnP disabled, it's time to open the needed ports for your applications.
Many routers list dozens of popular software/devices that need port forwarding. Most of them are games, but there are IoT gadgets, file-sharing apps, instant messengers, and much more.
If the app or device isn't listed, you'll need to create a custom port forwarding rule. That's easier than it seems, and everything you need is listed in Step 0 at the start of this guide. Type the port (or port range) and name the new rule. WAN and LAN port numbers should be the same.
Whether the app or service is listed or not, you need to point to which device needs that port forwarded. World of Warcraft still won't work if linked to your phone instead of the computer running the game.
Some newer routers remember devices by their names, which are set up in the device itself. This way, port forwarding works even if the private IP address changes—more on that in the Troubleshooting section. For routers without this feature, you'll need the private IP address, which is also covered in Step 0.
Double-check everything, click Save/Apply, and you're good to go. Rebooting the router isn't necessary, but it won't hurt either.
It's important to remember that each application that needs port forwarding must have the port forward rule set up on each device where it's installed. For example, if you have three computers running the same software, you'll need to create a rule for each of them. The same goes for a computer with different programs that require port forwarding. Every software requires its own rule for that device.
Troubleshooting Port Forwarding
You've disabled UPnP, and port forwarding is set up. You launch the application, and... No connection. Problems happen, so let's try some solutions.
Firstly, check again if the settings are correct. It's easy to type "192.168.1.29" instead of "192.168.1.19" or mistake port numbers.
On the port forwarding page, confirm the same device still uses the private IP address you chose for the port forwarding. If the router has rebooted, the IP address may have changed. Many routers reboot automatically after any configuration change, and modem/router combos that deal with ISP settings reboot regularly.
For example, you configured port forwarding for 10.0.0.4, which was your phone, but after rebooting, the router assigned this address to your TV.
In this case, you'll need MAC binding, which binds the MAC (Media Access Control, a unique identifier for network adapters) address to a static IP. This way, whenever that device connects to that router, it'll have the same IP. We have a complete guide on MAC binding, which is used for more than just port forwarding. That's not what this article is about, so we won't go into detail.
Can You Fix Double-NAT Port Forwarding Issues?
Another common port-forwarding issue is double-NAT.
Remember those IP addresses? Port forwarding will only help if you have a unique public IP address. In some cases, your IP address will be shared with other users. Effectively, you have another layer of routing outside of your control before you reach the wider internet.
This is commonplace in college dormitories and some apartment complexes with limited internet options. Port forwarding won't help in this case because the ports will still be blocked on the other router you can't control, so the packets will never reach your router. Unfortunately, it's not always possible to fix a double-NAT situation.
If you can configure both routers, the one closest to the public side (usually the one provided by your ISP) should be switched to Bridge mode. This disables all routing features, including any built-in Wi-Fi, effectively turning it into a simple modem.
Other than helping with double-NAT, this can be necessary to fine-tune home connections. For example, power users could favor their own router running OpenWRT, and some mesh networks become more reliable using the modem in Bridge mode.
Some ISP-provided routers don't let you do this. If that's not possible, you may also want to try setting up a DMZ (demilitarized zone) pointing to your other router. That's outside the scope of this guide but essentially means "trust everything and forward it all onto this other device to deal with."
Don't Let Port Forwarding Confuse You
You need to consider if port forwarding will solve your network's issues. For example, safety concerns about UPnP will no longer exist. But, if online games fail to connect due to a double-NAT you don't control, port forwarding won't help.
There are positive and negative sides to port forwarding. While port forwarding may fix issues with games or IoT devices with UPnP disabled, and its manual setup on a per-application basis delivers more security, that's not all there is to it.
On the other hand, port forwarding rules must be reconfigured if the private IPs change. MAC binding helps but isn't always possible. Furthermore, ports need to be manually forwarded for every application and device, which can be a nuisance for large networks, and even small ones.
Disabling UPnP and setting up port forwarding is a good way to enhance network security, even if it's not always simple to configure.