What is Port Forwarding? by Seth Kenlon

Port forwarding transfers network traffic from one network listener (called a "port") to another, either on the same computer or a different computer. Ports, in this context, are not physical objects but a software routine listening for network activity.

When traffic directed at a specific port arrives at a router or a firewall, or other networked application, the response it receives can be defined according to the port it's trying to communicate with. When you use port forwarding, you can catch communication coming in on port 8080, for instance, and forward it on to port 80 instead. The new destination port may be on the same device as the one receiving the signal or on a different device. There are many ways to forward ports, and there are different reasons for doing it. This article demonstrates the most common scenarios.

Port forwarding with your router

You usually need to forward ports when you host a server at home. Your home router (usually the WiFi appliance you get from your ISP) has a built-in firewall designed to prevent the outside world from getting onto your home network. You can use port forwarding to allow traffic on a specific port through your router's firewall, sending it to a specific IP address on your network.

For instance, say you're hosting a Minetest server and want to invite friends. For them to get through your router and into your Minetest server, you must forward a port from the router to the computer hosting Minetest. By default, a Minetest server runs on port 30000. You can port forward 30000 on your router to port 30000 on your Minetest server, or you could arbitrarily invent a simpler port for your players to remember and then forward that instead. I find that people inevitably miscount the zeroes in 30000 (especially without the benefit of a comma to help), so I use port 1234 and forward it to my internal 30000 port.

Router interfaces differ from manufacturer to manufacturer, but the idea is the same regardless of what brand of router you have in your home. First, log in to your router. Its IP address and login information is often printed on the router itself or in its documentation. I own a TP-Link GX90 router, and I log in to it by pointing my web browser to, but your router might be or some other address.

My GX90 router calls port forwarding "Virtual servers," which is a category found in the router's NAT forwarding tab. NAT stands for Network Address Translation. Other routers may just call it Port forwarding or Firewall or Services. It may take a little clicking around to find the right category, or you may need to spend some time studying your router's documentation.

When you find the port forwarding setting, add a new rule that names an external port (1234, in my example) and an internal one (30000). Forward the external port to the internal port on the IP address of the computer you want people to be able to access.

IDService Type External Port Internal IP Internal Port Protocol
1Minecraft 1234 30000 TCP

In this example, I'm forwarding traffic that reaches my home network at port 1234 to port 30000 of my home server located at

Next, you need to know your home network's public IP address. You can obtain this from websites like or Either open a browser to one of those sites or get the IP using the curl command:

$ curl

Your friends can now join your Minetest server by entering the into their Minetest client.

Port forwarding with a firewall

Sysadmins sometimes need to forward ports for traffic reaching a server. For example, you may want to accept traffic to port 80 but present the user with a service running on port 8065. Without port forwarding, your users would have to remember to append a specific port at the end of the URL they enter into their browser, such as Most users aren't used to thinking about ports, so intercepting a call to the common web port 80 and redirecting it to the obscure one your web app runs on is a big convenience for your users.

You can forward traffic on a server using firewall-cmd, the front-end command to the firewalld daemon.

First, set the ports and protocols you want to forward:

$ sudo firewall-cmd \
--add-forward-port \

To make the change permanent, use the --runtime-to-permanent option:

$ sudo firewall-cmd --runtime-to-permanent

Network forwarding

In networking, there are other kinds of forwarding aside from port forwarding. For instance, both IP forwarding and proxying are forms of forwarding. As you get familiar with how network information is processed as it's routed, you can try different kinds of forwarding (and watch it with tcpdump or similar) to see what works best for your setup.

About the Author

Seth KenlonSeth Kenlon - Seth Kenlon is a UNIX geek, free culture advocate, independent multimedia artist, and D&D nerd. He has worked in the film and computing industry, often at the same time. He is one of the maintainers of the Slackware-based multimedia production project Slackermedia. aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. Red Hat and the Red Hat logo are trademarks of Red Hat, Inc., registered in the United States and other countries.

Learn more at

More Network Troubleshooting and Support Articles:
• Structured Network Troubleshooting Methodology Step 7 Document Findings, Actions, Outcomes, and Lessons Learned
• Network Design and Proof of Concept Testing
• Configuring DHCP for Your SME Network
• Lean IT in Simple Terms
• Five Open Source DevOps Tools
• How to Connect a Wireless Router
• Network Design Process - Effective Network Planning and Design
• What is the Difference Between NAT and PAT?
• How to Choose Work Area Network Cable Faceplate Locations
• Letting Your SME Users Access the Internet