Cipafilter Support:
Support@Cipafilter.com
309 517 2022 option 2
Mon - Fri 7 AM - 6 PM CT
Cipafilter Documentation - Port Forwarding
Posted by Jim Giseburt, Last modified by Jim Giseburt on 06 April 2017 11:54 AM

Port forwarding is a system by which connections to ports on the router can be forwarded on to devices inside your network that only have private IPs. Oftentimes this feature will be used, for example, to forward RDP connections from your router to a server inside to enable remote management. When a client connects to a particular port on an IP address belonging to your router, the router instead causes it to connect to the Destination IP address on the second port number entered.

In the example table below, if your router has the IP 203.0.113.10, and you would like to enable RDP to a server with the address 10.0.0.5 and another server with the address 10.0.0.6, you would create a set of port forwards like the first two. This would allow you to connect to 203.0.113.10 with the default port to access the first server, and the custom port 3390 when you want to access the second server.

The third example demonstrates a dynamic port-forward, one in which the Source IP is in fact an interface with a dynamic IP address assigned via DHCP. When an interface is configured to use DHCP to obtain its IP address, the DHCP — eth# option will appear in the list; selecting this option creates a forwarding rule which is bound to the interface rather than to the interface's current IP address. This eliminates the need to update the rule when the interface's IP changes.

The fourth example demonstrates the use of port ranges, with the colon (:) character, to forward the 1000 ports starting at 64000 to 10.0.0.4.

A comma (,) can be used to specify multiple ports, port ranges, or a combination of the two. Up to 15 distinct port references may be specified in a single rule. (A port range counts as two references.)

The ALL keyword in the port field (as shown in the second-to-last example) is used to forward all ports of a particular protocol to the same ports on another machine.

Note: Using the ALL keyword in the protocol field activates a 1-to-1 NAT between the Source IP and the Destination IP. In addition to standard port forwarding (all traffic to the Source IP will be directed to the Destination IP), all outbound traffic from the Destination IP will also appear to come from the Source IP.

Warning: Forwarding port 443 or port 22 on your router's only outside IP will make the Cipafilter's Web interface or remote management system (respectively) unreachable. If forwarding of these ports is required, attempt to obtain a second IP for your router. If this is not feasible, be sure that there is at least a second private IP address on the router, so you can manage the Cipafilter yourself.

Example port-forwarding configurations

Protocol Src IP Src Port Dest IP Dest Port Comment
TCP 203.0.113.10 ALL 10.0.0.5 3389 RDP to 10.0.0.5
TCP DHCP — eth0 3390 10.0.0.6 3389 RDP from a DHCP-enabled interface to 10.0.0.6
UDP 203.0.113.10 64000:65000 10.0.0.4 64000:65000 1000 UDP ports (those between and including 64000 and 65000) to 10.0.0.4
UDP 203.0.113.10 123,161 10.0.0.4 123,161 Two UDP ports (123 and 161) to 10.0.0.4
TCP 203.0.113.10 20:25,70,79 10.0.0.4 20:25,70,79 Eight TCP ports (20 through 25, 70, and 79) to 10.0.0.4
TCP 203.0.113.11 ALL 10.0.0.7 ALL All TCP ports to 10.0.0.7
ALL 203.0.113.12 ALL 10.0.0.8 ALL 1-to-1 NAT of 10.0.0.8 to 203.0.113.12

(1 vote(s))
Helpful
Not helpful

Comments (0)
©Cipafilter 2017. All Rights Reserved.