Summary #

Port forwards and address forwards both forward incoming traffic from an outside interface to a host on the inside interface. The difference between the two types of forwards is that a port forward will only forward incoming traffic on a specific port to an internal host, but address forwards will forward all traffic from an external IP address to an internal host. For almost all situations where you need to forward traffic to an internal host a port forward is all that is needed.

Port Forwards #

Port forwards only forward network traffic for a specific port. For example, you have a web server on your internal network with an IP address of 10.2.0.10 that users need to access from outside your network. To allow those user to access the server you need to set up a port forward to the internal web server. Go to Firewall -> Port Forwarding -> Add Forwarded Port. Set incoming traffic on your outside interface for port 80 to forward to port 80 on your internal web server at 10.2.0.10.

Note: You can make as many port forwarding rules as you need as long as they don’t conflict with each other. The port on the outside interface does not need to forward to the same port on the inside interface but usually you would use the same port number.

Address Forwards #

Address forwards will forward all traffic from a public IP address to a host on your internal network. Address forwards are only needed for special cases, and are not recommend if you only need a few ports forwarded. One of the uses of address forwarding is for video conferencing where you would need a very large range of ports opened for incoming traffic. To add an address forward go to Firewall -> Address Forwarding -> Add Forwarded Address.

Note: If you use address forwarding you should add firewall rules to limit what IP addresses can send traffic to your internal host for security reasons. Otherwise a host on your internal network would be completely open to the Internet.