EdgeRouter - Port Forwarding


Overview


Readers will learn how to forward UDP and TCP ports to an internal server using the Port Forwarding feature.

NOTES & REQUIREMENTS:
Applicable to the latest EdgeOS firmware on all EdgeRouter models. Please see the Related Articles below for more information.
 
Devices and products used in this article:

Table of Contents


  1. Frequently Asked Questions (FAQ)
  2. Adding Port Forwarding Rules
  3. Related Articles

Frequently Asked Questions (FAQ)


Back to Top

What is the difference between Destination NAT and Port Forwarding?

Destination NAT and Port Forwarding serve the same purpose and can both be used to forward ports to an internal host behind NAT.

Do I need to manually add firewall entries for each Port Forwarding rule?

No, see the steps below.

Do I need to manually configure Hairpin NAT?

No, see the steps below.

When using Hairpin NAT, add the LAN interfaces of all networks that need to use the router's external address to access the internal host(s).


Adding Port Forwarding Rules


Back to Top

topology.png

The HTTPS traffic with TCP port 443 and 10443 from external clients will be forwarded to the UNMS server.


Follow the steps below to add the Port Forwarding rules to the EdgeRouter:

GUI: Access the EdgeRouter Web UI.

1. Select the WAN and LAN interfaces that will be used for Port Forwarding. The auto-firewall feature will automatically open the required ports in the firewall.

Firewall / NAT > Port Forwarding

  • Check: Show advanced options
  • Check: Enable auto firewall
  •  Check: Enable Hairpin NAT
WAN interface: eth0
LAN interface: eth1
NOTE:The WAN and LAN interfaces might differ depending on your EdgeRouter model and setup. 
 
For example, the ER-X and ER-X-SFP are able to use the switch0 interface. There is an example in this community post.

2. Add the port-forwarding rules for TCP ports 443 and 10443.

+Add Rule

Original port: 443
Protocol: TCP
Forward-to address: 192.168.1.10
Forward-to port: 443
Description: https443

+Add Rule

Original port: 10443
Protocol: TCP
Forward-to address: 192.168.1.10
Forward-to port: 443
Description: https10443

3. Apply the changes.


The above configuration can also be set using the CLI:

CLI: Access the Command Line Interface. You can do this using the CLI button in the GUI or by using a program such as PuTTY.
configure

set port-forward auto-firewall enable
set port-forward hairpin-nat enable
set port-forward wan-interface eth0
set port-forward lan-interface eth1

set port-forward rule 1 description https443
set port-forward rule 1 forward-to address 192.168.1.10
set port-forward rule 1 forward-to port 443
set port-forward rule 1 original-port 443
set port-forward rule 1 protocol tcp

set port-forward rule 2 description https10443
set port-forward rule 2 forward-to address 192.168.1.10
set port-forward rule 2 forward-to port 443
set port-forward rule 2 original-port 10443
set port-forward rule 2 protocol tcp

commit ; save

Related Articles


Back to Top

EdgeRouter - Destination NAT

EdgeRouter - Hairpin NAT

Intro to Networking - How to Establish a Connection Using SSH


We're sorry to hear that!