# Port Forward

Port forwarding applies *network address translation* (NAT) and redirects a communication request from one address and port number combination. Port Forwarding allows remote computers to connect the outdoor router within a private local-area network (LAN).

## Enable WAN Forward

To configure the port forwarding, log in to the router and go to "Network > Firewall."

* Under the tab of "General Settings," change forward to "Accept."
* In the **Zones** section, change the **Forward** on the WAN row from "Reject" to "Accept."
* Click the **Save & Apply** button on the bottom right corner.

<figure><img src="/files/F8j3DxUStkVyxY2B7cRy" alt=""><figcaption><p>Enable WAN Forward on the Firewall</p></figcaption></figure>

## Public Port Forwards <a href="#public-port-forwards" id="public-port-forwards"></a>

Click the tab "Port Forwards" to enter the configure section on the **New port forward** section:

1. **Name:** Enter the reference name. e.g., *Test*
2. **Protocol:** Select "TCP, UDP, or TCP+UDP."

   *If you don't know the protocol, please choose TCP+UDP. If you know whether it is TCP or UDP, select TCP or UDP. This can effectively reduce resource consumption.*
3. **External Zone:** Select "WAN"
4. **External Port:** Set the port number you want to access from the external network. We suggest selecting the WAN port between 1025\~25534. Do not use the standard ports occupied by other services, *such as 23, 80, 433, 3389, 7700, 10080, etc.*
5. **Internal Zone:** Select "LAN"
6. **Internal IP Address:** Select from the list of connected intranet hosts.
7. **Internal Port:** Enter the port number that needs to be forwarded from the intranet host
8. Click the button "Save & Apply" to execute the new settings.

<figure><img src="/files/CXi5mZo6Ph6vPihaq17s" alt=""><figcaption></figcaption></figure>

*The above example forwards a local host 192.168.30.113:80 to WAN port 1180. Thus, we can access the 80 port on the host of 192.168.30.113 from the public IP address plus port number 1180.*

*The public port forward does not change the accessing port in the local networks.*

**NAT Loopback** is turned on after saving a new port forward rule. It allows the intranet terminal to access the local hosts using the public IP address of the routed external network interface. To reduce the consumption of router resources, you can click the **"Edit"** button on the saved port forward rule list to disable it.

{% hint style="info" %}
Public port forwarding relies on a public IP address, which most 4G/5G SIM card internet connections require. Please get the public IP from the 4G carrier to activate the public port forwarding.

Except for a public 4G IP address, you can also try forwarding it to an OpenVPN or WireGuard server through the VPN tunnel.
{% endhint %}

## Intranet Forwards <a href="#intranet-forwards" id="intranet-forwards"></a>

To access another host from the local network, we can set up intranet forwarding based on IPtables and the firewall settings.

Go to "Network > Firewall," and click on the tab "Custom Rules." Add the new iptable rules. Below are the example codes to forward 192.168.30.113:80 to router IP 192.168.30.1:1180.

`iptables -t nat -A PREROUTING -d 192.168.30.1 -p tcp --dport 1180 -j DNAT --to-destination 192.168.30.113:80 iptables -t nat -A POSTROUTING -d 192.168.30.113 -p tcp --dport 80 -j SNAT --to 192.168.30.1`

<figure><img src="/files/TdEAZlISWe0ohLnyp88C" alt=""><figcaption></figcaption></figure>

## Open New Port <a href="#open-new-port" id="open-new-port"></a>

After accessing the router, go to "Network > Firewall > Traffic Rules: Open port on router" to add a new port on the 4G router.

* **Name:** Input name of the new port
* **Protocol:** Choose from TCP or UDP
* **External port:** The new port number

After entering the above parameters, click the "Add" button. Then click the "Save & Apply" button in the bottom right corner. The new port will appear on the "Traffic Rules" list.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://how.router.works/net/firewall/port-forward.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.