Port forwarding tells your router to send specific incoming internet traffic to a specific device on your network. Without it, your router blocks all unsolicited incoming connections by default – which is good for security, but means nobody outside your network can reach a server, game, or service you're hosting at home. If you're trying to host a Minecraft server, access your home security cameras remotely, or run any service that other people need to connect to, port forwarding is how you make that work.

What are ports?

Think of your IP address as a building's street address and ports as numbered doors in that building. Each door leads to a different service. When data arrives at your network, the port number tells the router which service it's meant for.

There are 65,535 ports available. Some well-known ones:

• 80 and 443 – web traffic (HTTP and HTTPS)
• 22 – SSH (secure remote terminal access)
• 25 and 587 – email (SMTP)
• 3389 – Windows Remote Desktop (RDP)
• 25565 – Minecraft Java Edition
• 19132 – Minecraft Bedrock Edition
• 32400 – Plex Media Server
• 27015 – Steam/Source game servers

Your router uses these port numbers to route traffic to the right place. When you browse a website, your browser connects to port 443 on the web server. When someone joins your Minecraft server, their game connects to port 25565 on your IP address.

When you need port forwarding

You need port forwarding when something on the internet needs to initiate a connection to a device on your home network. Common scenarios:

• Hosting a game server – Minecraft, Valheim, Factorio, Terraria, or any dedicated server
• Remote access – reaching your home computer, NAS, or security cameras from outside your network
• Self-hosted services – Plex, Jellyfin, Home Assistant, or a personal website
• Peer-to-peer applications – some torrent clients, voice chat, or file sharing tools that need inbound connections

You do not need port forwarding for normal activities like browsing the web, streaming video, playing online games as a client (joining someone else's server), or using cloud services. Those all use outbound connections that your router handles automatically.

How to set it up

1. Find your router's admin page

Open a browser and go to your router's IP address. The most common ones:

• 192.168.1.1
• 192.168.0.1
• 10.0.0.1

If none of those work, find your default gateway:

• Windows – open a terminal and run ipconfig, look for Default Gateway
• Mac – open System Settings > Network, select your connection, click Details, and check the Router field
• Linux – run ip route and look for the default via address

Log in with your router's admin credentials. If you've never changed them, check the sticker on the router itself or search for your router model's default login.

2. Find the port forwarding section

The location varies by router brand, but look for labels like:

• Port Forwarding
• NAT / NAT Forwarding
• Virtual Server
• Apps & Gaming
• Firewall (sometimes nested under this)

3. Add a port forwarding rule

Each rule typically needs:

• Service name – whatever you want to call it (e.g., "Minecraft Server")
• External port (or WAN port) – the port number incoming traffic will use
• Internal port (or LAN port) – the port the service is listening on (usually the same as external)
• Internal IP address – the local IP of the device running the service (e.g., 192.168.1.50)
• Protocol – TCP, UDP, or both (check your service's documentation for which one)

For example, to host a Minecraft Java server running on 192.168.1.50:

• External port: 25565
• Internal port: 25565
• Internal IP: 192.168.1.50
• Protocol: TCP

4. Verify it works

After saving the rule, test from outside your network. You can:

• Ask a friend to connect to your service using your public IP (find it at whatismyip.com)
• Use a port checker website like canyouseeme.org to verify the port is open
• Test from your phone with Wi-Fi turned off (using mobile data)

If the port shows as closed, double-check that the service is actually running, your device's firewall isn't blocking it, and the internal IP address is correct.

Give your device a static IP

Port forwarding rules point to a specific local IP address. If your device gets a new IP from DHCP (which can happen after a restart), the forwarding rule breaks because it's still pointing to the old address.

Fix this by assigning a static IP to the device:

• Option 1: DHCP reservation (preferred) – in your router's settings, find the DHCP or LAN section and reserve a specific IP for your device's MAC address. This way the router always assigns the same IP
• Option 2: Static IP on the device – configure the device itself to use a fixed IP instead of DHCP. Make sure it's outside your router's DHCP range to avoid conflicts

For more on IP addresses and how they work, see Understanding IP Addresses.

UPnP: automatic port forwarding

UPnP (Universal Plug and Play) lets applications on your network automatically ask the router to open ports without you configuring anything manually. Many games, consoles, and media servers use UPnP to set up port forwards on the fly.

The upside: it's convenient. You don't need to touch your router settings – the app handles it.

The downside: any software on your network can open ports, including malware. UPnP has also had security vulnerabilities in many router implementations over the years. If an attacker compromises a device on your network, UPnP gives them a way to punch holes in your firewall silently.

Recommendation: if you're comfortable setting up manual port forwards, disable UPnP on your router. If you rely on it for consoles or games that need it, at least keep your router firmware up to date and avoid running untrusted software on devices in your network.

Security considerations

Port forwarding exposes a service directly to the internet. Treat it seriously:

• Only forward what you need – don't open ports "just in case." Every open port is a potential entry point
• Use non-standard external ports – instead of forwarding external port 32400 to Plex, use something random like 48291. This won't stop a determined attacker, but it avoids automated scanners that probe well-known ports
• Keep services updated – a forwarded port is only as secure as the software behind it. Patch your game servers, NAS firmware, and any other exposed services
• Consider a VPN instead – for accessing home resources remotely, a VPN (like WireGuard or Tailscale) is more secure than port forwarding because it doesn't expose individual services to the public internet. See VPN Basics for more
• Don't expose sensitive services – never forward RDP (port 3389) or SSH (port 22) directly to the internet without additional protection. Use a VPN or at minimum change the external port and use strong authentication

Common ports reference

| Port | Protocol | Service | |------|----------|---------| | 22 | TCP | SSH | | 80 | TCP | HTTP (web) | | 443 | TCP | HTTPS (secure web) | | 587 | TCP | Email (SMTP) | | 3389 | TCP | Windows Remote Desktop | | 8080 | TCP | Alternative HTTP | | 25565 | TCP | Minecraft Java | | 19132 | UDP | Minecraft Bedrock | | 27015 | UDP | Steam/Source servers | | 32400 | TCP | Plex Media Server |