By default, your router's firewall blocks all unsolicited incoming connections. Port forwarding deliberately opens a path so that outside traffic on a specific port reaches a chosen device inside your network - needed for hosting a game server, running a security camera NVR, or some remote-access setups. Done carefully, it is safe; done carelessly, it exposes a device to the internet.
Before you start: reserve a static IP
A port forwarding rule points to a specific internal IP address. If that address changes (which DHCP can do on reboot), the rule breaks. First give the target device a fixed address with a static IP or DHCP reservation.
How to create the rule
- Log in to your router - see how to log in to your router.
- Find the Port Forwarding section (sometimes under NAT, Virtual Server, or Advanced).
- Create a new rule: enter the port (or port range), the protocol (TCP, UDP, or both), and the internal IP address of the device.
- Save and apply.
Look up the exact port numbers your application needs - game and server software publish them.
Test the rule
Use an online "open port checker" while the service is running to confirm the port is reachable from outside. If it is not, double-check the internal IP, that the device's own firewall allows the port, and that you do not have Double NAT (a second router that needs its own rule).
How to keep it safe
- Only forward what you need, and delete rules when you stop using them.
- Keep the exposed software patched - an open port to vulnerable software is the main risk.
- Use non-default external ports where possible to dodge automated scanners.
- Never forward management/remote-admin ports to the internet.
- Prefer a VPN for remote access - it is more secure because you authenticate before anything is reachable. See should you use a VPN on your router.
Understand the risk
Every forwarded port is a hole in your firewall. For a fuller discussion of the trade-offs, read is port forwarding safe before opening anything.
