On an IPv4 router with Network Address Translation (NAT), port forwarding makes applications installed on a specific PC on the LAN available on the internet. These applications can range from online games, torrent clients, FTP servers, Web Servers, and more. Let's see how to enable port forwarding on any router and open the respective port on Windows Firewall.
Table of Contents
- Give Windows a static IP
- Port forwarding on a router
- Set up Windows Firewall
- Check Port Forwarding
- Can two PCs on the same LAN use the same port for the same app?
- Is UPnP better than port forwarding?
- What is DMZ?
- Did you have any trouble setting up port forwarding?
Give Windows a static IP
For port forwarding to work, our Windows PC needs always to have the same static internal IP on the LAN, and not a dynamic IP assigned by a DHCP Server.
The reason is that the NAT will forward a port only for a specific IP on the network, not for every connected device. Port forwarding lessens the network's security, by exposing ports to the Internet. Opening a port for every single device would be counter-intuitive.
For detailed instruction on this, check out our guide:
Port forwarding on a router
As you probably know, different routers often have entirely different interfaces.
They can also have different names for port forwarding. We can find it as Address Translation, NAT, NAT table, virtual server, etc.
In this guide, we will try to approach port forwarding in a general way so that you can follow the instructions for every router. If, however, you are having any difficulty, you should check your router's documentation.
Enter the router web interface
When we set up the static IP on our Windows PC, we found out the default gateway IP address - usually 192.168.1.1 or 192.168.0.1.
Entering this address on any browser with http://...
...will take us to the login screen for our router.
You should never use https:// to access the web interface. No home router has a security certificate to support the https:// protocol.
If we don't know the administrator password, we will probably find it on a sticker underneath the router. If there is no sticker, it usually us an easy-to-guess default password, such as "admin - 12345" or "administrator - 11111".
Find the port forwarding section
This is probably the most "difficult" part in port forwarding, finding how it is called on our router. We could find it on Network -> NAT -> Port Translation...
...Forwarding -> Port Range Forwarding...
...Advanced -> Virtual Server...
...Port Forwarding / Port Triggering...
...Network -> NAT -> Port Forwarding...
...plain Forwarding, and more.
In any case, we are looking for the section that mentions protocols, internal and external ports, and a destination IP address or Server IP address, such as this:
Create a rule
Once we found the appropriate section, we can now create the a rule for a specific port.
Firstly, we set a name for the rule. We can choose anything; it's just a reminder of the service for which we need the port forwarding, and visible only to us.
In "protocol", we can select TCP, UDP, or Both. The correct choice depends on the application that needs port forwarding.
For instance, a torrent client will need both TCP and UDP. An FTP Server needs only TCP.
Some routers only have a TCP or a UDP option, not both. On those routers, if we need port forwarding or both protocols, we have to create two rules, one for TCP and one for UDP.
The external and destination port will be the same. Because some lower-numbered ports are being used by the system by default, or by specific applications, it's best to choose a port between 50000 and 65535.
Finally, on the destination IP address, we select the static IP we assigned on our PC.
After that, we save the new rule.
On most routers, port forwarding activates immediately. Some routers, though, need a reboot to apply the rule.
Set up Windows Firewall
After setting up the port forwarding rule, we are done with the router, and we can close the web interface. However, we also need to allow the port of our choice on the Windows Firewall, for the port forwarding to work.
The fastest way to get access to the Windows Firewall is by pressing the Windows key + R and typing wf.msc at the Run window.
On the Windows Firewall with Advanced Security, we select "Inbound Rules".
Some programs, such as torrent clients, usually create their rules within Windows Firewall during the installation, and we can check them out by double clicking the entry and selecting the "Protocols and Ports" tab.
In this case, we just need to visit the "Advanced" tab and make sure the rule applies to Private networks.
If we can't find an existing entry for an application, to create one we click on "New Rule...".
The easiest way is to select "Program"...
On the next screen, we select the path to the program executable.
On the "Action" and "Profile" screens, we leave the default options. For the name, we choose a descriptive name for the rule.
And that's it. From now on, this particular program will be open to communicate with the Internet.
Check Port Forwarding
To make sure that port forwarding works correctly, we can use one of the multiple free services on the Internet.
Firstly, we ensure that the program that needs port forwarding is up and running, and uses the proper port. In the example, we will use qBittorrent.
Then, we navigate to canyouseeme.org
We just need to add the proper port and select "Check Port".
It is important that the program is running while we check for the port. Finally, if we did everything correctly, we will get a success message.
Can two PCs on the same LAN use the same port for the same app?
Port forwarding is set up on a unique IP address, and we can't set up a rule for the same port with two or more IP addresses.
So, if we want to set up the same program on two different PCs, we need to create two rules for two separate ports, one for each PC.
Is UPnP better than port forwarding?
Universal Plug and Play is a system developed to make port forwarding obsolete. If an app and our router both support UPnP...
...then the router will dynamically open the port the application needs when it needs it.
While it sounds great in theory, UPnP can be a huge security vulnerability. Since now we know how to do a proper port forwarding, we should disable UPnP on our router.
What is DMZ?
DMZ, or De-Militarized Zone, is a function that opens all the ports on our router for a particular IP.
We should only use it for test purposes, to make sure that a connectivity problem doesn't come from wrong settings.
DMZ is never a substitute for setting up port forwarding.
Did you have any trouble setting up port forwarding?
If any of the above instructions didn't work for you as intended, let us know in the comments below.
- Set a static IP address in Windows for the LAN
- How To Create Torrent Files to Upload with qBittorrent
- Delete Spam Permanently in Gmail and Outlook.com
- Windows 10 Free for Anyone, Without Windows 7/8 License
- Windows "GodMode" plus 70 Windows Settings Icons
Do you want to support PCsteps, so we can post high quality articles throughout the week?
If you prefer your purchases from China, we are affiliated with one of the largest international e-shops: