Port Forwarding for Beginners: Beginning To Understand This Connection Protocol

Port forwarding allows you to seamlessly connect to other devices or create an open channel to your own device when you aren’t home, but it can also make you a target for hackers.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

Port forwarding is an advanced process to understand, but here are the basics you need to know. A port is an open docking station inside any network-connected device. Think of your computer, phone, or tablet as a train station. Ports are the individual gates where the trains stop, and people enter the station. So port forwarding is the ability to send the train from one station to the other. You can take your information from one port and transfer it to another that you choose.

Different ports handle different types of requests. This is how they’re able to manage all of the traffic coming into your machine from the internet. Since ports are designated for different functions, you’ll likely need to know the port number if you want to manually process a request.

Ports also pose a security risk. Since they’re a direct route into your computer, you’ll need to make sure they stay protected to keep hackers from easily installing malware onto your device. We'll teach you how port forwarding works, explain types of port forwarding, and go over how to use port forwarding with a VPN.

In this article
How port forwarding works
Types of port forwarding
Uses for port forwarding
Port forwarding risks
How to use port forwarding safely
Port forwarding with a VPN
Port forwarding FAQ
Bottom line

How port forwarding works

So what exactly is port forwarding? The basic concepts should be easy for anyone to understand, but there are going to be a lot of acronyms. One of us may cry. In the end, however, we should have a basic understanding of what this is, how it’s useful, and what the vulnerabilities are with open ports.

First, we’ll discuss LAN and WAN networks and their role in information exchange. Next, we’ll look at connection requests and how they work in relation to trading information between machines. We’ll also get a glimpse into different types of port forwarding, what they’re best for, and who should use them. Ok, let’s begin.

LAN and WAN networks

If you’re a home user, you might not know much about port forwarding because it’s done automatically for you. Your router acts as the little switchboard operator that directs requests to the internet-connected devices you use.

You have two types of networks. The wide area network (WAN) and local area network (LAN) refer to your router’s public and private IP addresses, respectively. The LAN can be any type of personal connection, like your home network, the internet connection at school, or the free Wi-Fi at your favorite coffee shop.

When you connect to the internet, your device sends a request to your router. The router then assigns you a Dynamic Host Configuration Protocol (DHCP), which contains the router’s IP address for your specific device and requests an associated port. Your router then slaps a little label on your device IP and port request with the router’s public IP address and a relevant port — remember, different ports handle different requests.

Connecting requests

Your router needs to remember the label it created and categorize it appropriately. The Network Address Translation (NAT) table is a spreadsheet, for lack of a better term, that remembers all the labels given by all the routers. Once your request to visit, let’s say, AllAboutCookies.org (AAC) is sent out, AllAboutCookies.org sends a request back. Your router reads the NAT for the label AAC’s website created and searches your device to match the IP address and specific port necessary to visit AAC.

Once the connection is made, the label is deleted from the NAT spreadsheet. All of this is done wicked fast. (It probably took you a lot longer to read the explanation than it did for the entire process to execute.) Port forwarding is a request from someone outside your device trying to complete this process. What that means is that the machine trying to initiate the port forward is requesting permission to dock at one of your stations (ports). Instead of trying to access a website, they’re trying to access your machine.

Types of port forwarding

There are three common types of port forwarding: local, remote, and dynamic. Each one has a different use but still performs the same functions. They connect one port to another through a series of requests. Secure Shell or Secure Socket Shell (SSH) is a tool that allows computers to talk and share data. This technology needs to be enabled for any port forwarding to happen.

Local port forwarding

Local is the most common type of port forwarding. It allows a user to connect to a web server from their computer. This is used frequently by gamers to bypass restrictions or anyone trying to get around a firewall or other blockade. Local port forwarding requires an SSH connection.

It’s important to use security software for this type of port forwarding so you aren’t vulnerable to cybersecurity attacks. Don’t connect to unknown servers or allow unverified incoming connections.

Remote port forwarding

This type of connection is for remote access. Think about when you call tech support and grant them access to “remote into” your computer. You can see them clicking around and working on things. This is achieved through remote port forwarding. It’s useful when you need to access a machine that’s not in front of you. It’s also extremely dangerous. You should only grant access to verified services — if you receive a popup telling you your computer is infected and to call a number, just don’t do it.

Dynamic port forwarding

This one might be the most confusing. Dynamic port forwarding creates a SOCKS proxy. If you know anything about virtual private networks (VPNs) and their alternatives, you know proxy servers can be used to access geo-restricted data, because they make you look like you’re operating out of the location you’ve accessed. This is an oversimplified way of explaining that a SOCKS proxy allows the person porting to work out of the accessed space like they were there. This is used frequently as a VPN substitution or to mask location.

Uses for port forwarding

Port forwarding allows you to bypass restrictions like firewalls, access data, and use other machines remotely without being physically present. It sounds like a difficult concept, but if you use a service like TeamViewer, Chrome Remote Desktop, or AnyDesk, you’re using this technology.

Gamers are big fans of port forwarding because it allows access to other game servers, mods, and large files. They’re able to torrent via the connection or transfer large files without the hassle of traditional file transfer methods. Additionally, remote workers can access remote desktop protocol (RDP) ports to work from their company server from anywhere in the world. This is also the technology that gives remote tech support the ability to enter your computer and fix any issues you may be experiencing. Individuals can set up their home networks like a VPN to use when they’re not in the same location.

Port forwarding risks

Port forwarding is dangerous if you don’t know what you’re doing. It’s like opening the door to your house and just letting anyone wander in. If you have an event planned and are expecting guests, it’s cool to leave your door open because you can guard it. If you’re going to sleep, you should probably close and lock it to the outside world.

There are plenty of bad actors and hackers that use software to scan the internet for open ports. Because it’s such a vulnerable door into your machine, leaving an open port can wreak havoc. If you don’t encrypt your traffic or require a password to enter, you can quickly find yourself the victim of a cybercrime.

How to use port forwarding safely

It’s very important to understand that nothing is 100% safe. You can reduce your chances of getting hacked by using the same common sense safety measures used across the web:

  • Have strong and up-to-date antivirus and anti-malware software
  • Use a VPN
  • Require complex passwords to your ports
  • Close the ports when not in use

Even though port forwarding can be used to bypass firewalls, a firewall with the right configuration can be effective in stopping hackers. You may also want to consider software that guards RDP ports. Something with a kill switch that notifies you of unrecognized access could be useful in shutting down open ports if something fishy starts to happen.

Port forwarding with a VPN

It’s important to note that not all VPNs allow for port forwarding. When you use a VPN, you encrypt the traffic you’re sending across the web. You also hide your IP address, which is necessary to access your ports. Using a VPN can help block all of the ports not accessed by the VPN, keeping you safe from anyone trying to get in.

There is a protocol called Universal Plug and Play (UPaP) which makes accessing ports easier and can automate the process. Again, this is something you don’t want to enable unless you really know what you’re doing. Using a VPN in port forwarding is a bit more complicated than UPaP, but does make port forwarding moderately safer. Below is a general tutorial of how to set up port forwarding, but the specifics will depend on your router.

  1. If you want to port forward with a VPN, you’ll first need to make sure you’re using a static IP address.
  2. Next, you’ll log into your router and note your IPv4 address, then change from DHCP to Manual.
  3. You’ll have to find your port forwarding tab and then establish entry and exit ports.
  4. Enter the static or local IP address of the port you want to open.
  5. Enable the connection.

VPNs like NordVPN decided against offering port forwarding in exchange for increased safety for its users. However, ExpressVPN, Surfshark, and Private Internet Access all allow for port forwarding.

Port forwarding FAQ


What’s the difference between port forwarding and port triggering?

Port forwarding opens the ports and leaves them open for access. With port triggering, the port is only triggered to open when a device within the internal network makes a request outside the network. After the exchange is made, the port is closed again. The port will not open from outside requests.


Is port forwarding the same as a VPN?

No, while both are tunnels for transporting data, a VPN is an encrypted connection that hides your sensitive information. Additionally, a VPN grants you access without requiring a specific key each time you want to make a connection, while port forwarding requires you to enter the credentials to enter the port.

It’s important to keep your data encrypted when sharing via a method like port forwarding. This allows you to protect your local and public-facing IP addresses, so hackers don’t label you as an easy target.


Is port forwarding good for online gaming?

Port forwarding can be good for online gaming. Gamers can share servers, easily transfer data like mods, and torrent large files with faster speeds by accessing port forwarding capabilities. If you’re going to use port forwarding for gaming, make sure you’re using security software and close your ports when you’re done.

Bottom line

OK, you’re still here. That was a lot. While that was a gross oversimplification of port forwarding, we hope you got a sense of what this protocol does and its usefulness and pitfalls. It can take years to learn the nuances of networking, but port forwarding is a tool you can use if you need smoother access to another device. We highly recommend not opening your ports unless you know what you’re doing and how to close them.

If you’re looking for a tool to help with gaming, we suggest using a VPN with torrenting and P2P capabilities. This will give you faster downloads and save you from the security risks. If you do want to use port forwarding, we highly suggest including a VPN and a firewall to keep yourself safe. Make sure to require password access to your ports, and close the ports when you’re done.

Customizable Coverage That is Simple to Use
Editorial Rating
Learn More
On NordVPN's website
Up to 69% off 2-year plans + a Saily eSIM data gift
  • Ultra-secure, high-speed VPN complete with malware protection and automatic blocking of intrusive ads and third-party trackers
  • Other benefits include a premium password manager, dark web monitoring, and access to IP-restricted content
  • 3 plans to choose from for custom protection on up to 10 devices

Author Details
Mary is a seasoned cybersecurity writer with over seven years of experience. With a B.S. in Liberal Arts from Clarion University and an M.F.A. in Creative Writing from Point Park University, she educates audiences on scams, antivirus software, and more. Her passion lies in educating audiences on helpful ways to protect their data.