On an IPv4 router with Network Address Translation (NAT), port forwarding makes applications installed on a specific PC on the LAN available on the internet. These applications can range from online games, torrent clients, FTP servers, Web Servers, and more. Let's see how to enable port forwarding on any router and open the respective port on Windows Firewall.
Unblock any international website, browse anonymously, and download movies and Mp3 with complete safety with CyberGhost, just for $2.75 per month:
Give Windows a static IP
For port forwarding to work, our Windows PC needs always to have the same static internal IP on the LAN, and not a dynamic IP assigned by a DHCP Server.
The reason is that the NAT will forward a port only for a specific IP on the network, not for every connected device. Port forwarding lessens the network's security, by exposing ports to the Internet. Opening a port for every single device would be counter-intuitive.
For detailed instruction on this, check out our guide:
Set a static IP address in Windows for the LAN
Port forwarding on a router
As you probably know, different routers often have entirely different interfaces.
They can also have different names for port forwarding. We can find it as Address Translation, NAT, NAT table, virtual server, etc.
In this guide, we will try to approach port forwarding in a general way so that you can follow the instructions for every router. If, however, you are having any difficulty, you should check your router's documentation.
Enter the router web interface
When we set up the static IP on our Windows PC, we found out the default gateway IP address - usually 192.168.1.1 or 192.168.0.1.
Entering this address on any browser with http://...
...will take us to the login screen for our router.
You should never use https:// to access the web interface. No home router has a security certificate to support the https:// protocol.
If we don't know the administrator password, we will probably find it on a sticker underneath the router. If there is no sticker, it usually us an easy-to-guess default password, such as "admin - 12345" or "administrator - 11111".
Find the port forwarding section
This is probably the most "difficult" part in port forwarding, finding how it is called on our router. We could find it on Network -> NAT -> Port Translation...
...Forwarding -> Port Range Forwarding...
...Advanced -> Virtual Server...
...Port Forwarding / Port Triggering...
...Network -> NAT -> Port Forwarding...
...plain Forwarding, and more.
In any case, we are looking for the section that mentions protocols, internal and external ports, and a destination IP address or Server IP address, such as this:
Create a rule
Once we found the appropriate section, we can now create the a rule for a specific port.
Firstly, we set a name for the rule. We can choose anything; it's just a reminder of the service for which we need the port forwarding, and visible only to us.
In "protocol", we can select TCP, UDP, or Both. The correct choice depends on the application that needs port forwarding.
For instance, a torrent client will need both TCP and UDP. An FTP Server needs only TCP.
Some routers only have a TCP or a UDP option, not both. On those routers, if we need port forwarding or both protocols, we have to create two rules, one for TCP and one for UDP.
The external and destination port will be the same. Because some lower-numbered ports are being used by the system by default, or by specific applications, it's best to choose a port between 50000 and 65535.
Finally, on the destination IP address, we select the static IP we assigned on our PC.
After that, we save the new rule.
On most routers, port forwarding activates immediately. Some routers, though, need a reboot to apply the rule.
Set up Windows Firewall
After setting up the port forwarding rule, we are done with the router, and we can close the web interface. However, we also need to allow the port of our choice on the Windows Firewall, for the port forwarding to work.
The fastest way to get access to the Windows Firewall is by pressing the Windows key + R and typing wf.msc at the Run window.
On the Windows Firewall with Advanced Security, we select "Inbound Rules".
Some programs, such as torrent clients, usually create their rules within Windows Firewall during the installation, and we can check them out by double clicking the entry and selecting the "Protocols and Ports" tab.
In this case, we just need to visit the "Advanced" tab and make sure the rule applies to Private networks.
If we can't find an existing entry for an application, to create one we click on "New Rule...".
The easiest way is to select "Program"...
On the next screen, we select the path to the program executable.
On the "Action" and "Profile" screens, we leave the default options. For the name, we choose a descriptive name for the rule.
And that's it. From now on, this particular program will be open to communicate with the Internet.
Check Port Forwarding
To make sure that port forwarding works correctly, we can use one of the multiple free services on the Internet.
Firstly, we ensure that the program that needs port forwarding is up and running, and uses the proper port. In the example, we will use qBittorrent.
Then, we navigate to canyouseeme.org
We just need to add the proper port and select "Check Port".
It is important that the program is running while we check for the port. Finally, if we did everything correctly, we will get a success message.
Can two PCs on the same LAN use the same port for the same app?
Port forwarding is set up on a unique IP address, and we can't set up a rule for the same port with two or more IP addresses.
So, if we want to set up the same program on two different PCs, we need to create two rules for two separate ports, one for each PC.
Is UPnP better than port forwarding?
Universal Plug and Play is a system developed to make port forwarding obsolete. If an app and our router both support UPnP...
...then the router will dynamically open the port the application needs when it needs it.
While it sounds great in theory, UPnP can be a huge security vulnerability. Since now we know how to do a proper port forwarding, we should disable UPnP on our router.
What is DMZ?
DMZ, or De-Militarized Zone, is a function that opens all the ports on our router for a particular IP.
We should only use it for test purposes, to make sure that a connectivity problem doesn't come from wrong settings.
DMZ is never a substitute for setting up port forwarding.
Did you have any trouble setting up port forwarding?
If any of the above instructions didn't work for you as intended, let us know in the comments below.
Support PCsteps
Do you want to support PCsteps, so we can post high quality articles throughout the week?
You can like our Facebook page, share this post with your friends, and select our affiliate links for your purchases on Amazon.com or Newegg.
If you prefer your purchases from China, we are affiliated with the largest international e-shops:
Aiden Brewer says
When I put in the default gateway address with https:/ It says cant reach page
Angelos Kyritsis says
Hi Aiden. We just updated the guide with the newest information.
Your router does not have an SSL certificate, so it doesn't support https://. The plain http:// should be OK.
i have a problem can you please help me i'm trying to setup a Arma3 Server but the problem is i have UpNp but the steps i did didnt work i dont know what to do please help me,, and a thing i thought you could help with is how to take a server from Lan and make it a fully public server
Hi Armand, we just updated the guide with the latest information.
Have you followed these instructions?https://community.bistudio.com/wiki/Arma_3_Dedicated_Server#Port_Forwarding
Have you opened all the ports mentioned, with the correct protocols?
To make a public server, since you probably have a dynamic IP at your home internet connection, you need to sign up for a dynamic DNS service, such as https://www.pcsteps.gr/dyndns.com
Hello I'm trying to open my port 4444 for kali linux but it doesn't work I tried disabling my firewall,add a rule,set static ip but nothing can you tell me what's the problem what is stopping my port forwarding.
Hello Genito,
For which Kali Linux application you need to open this port? Also, how are you running Kali Linux, as a dual boot, Virtual Machine, boot from live DVD/USB?
Hi Angelos, really helpful post, thank you. I did all the steps (in Windows 10 it asks for Subnet prefix length, IP addresses from .2-.254, so 252 should be correct, I assume), my torrent client says, that the incoming UDP listen port is OK, but for the incoming TCP listen port it says NAT Error - Connection timed out, and yougetsignal says also, that the port (50076) is closed. Torrents are OK, so these reports just mean, that it's just answering slower? I have dynamic IP from my internet provider, no other security software, just the Windows Defender, and there's a repeater between the notebook and the router, but nothing can be adjusted on it, just the password and MAC-filtering (both on), and if I connect directly to the router, I still get the timeout message. In total it works, but the performance could be better, I applied every setting, that I got from other sources, like shut off DoS protection etc., do you have any other suggestions? Thank You for your answer.
I cant open port 2626, i tried everything dont know what to do anymore.