How to Set Up Port Forwarding

Port forwarding lets external internet traffic reach a specific device inside your home network. Your router blocks all unsolicited incoming connections by default — port forwarding creates an exception for a specific port number, directing that traffic to the device you choose. It is required for hosting game servers, running a home web server, accessing security cameras remotely, and many online games that need open NAT.

Before You Start — Two Prerequisites

1. Set a static IP reservation for the target device. Your router uses DHCP to assign IP addresses to devices, and those IPs can change on reboot. Port forwarding rules are tied to an IP address — if the device's IP changes, the rule stops working. Before creating the forwarding rule, set an IP reservation (also called DHCP reservation or Address Binding) for the device's MAC address. This permanently assigns it the same IP every time.

Find IP reservations in your router under: LAN → DHCP Server (ASUS), Advanced → LAN Setup → Address Reservation (NETGEAR), DHCP → Address Reservation (TP-Link).

2. Know which port(s) to forward. Common ports:

Service / Game	Protocol	Port(s)
Web server (HTTP)	TCP	80
Web server (HTTPS)	TCP	443
SSH remote access	TCP	22
FTP	TCP	21
Minecraft Java	TCP	25565
Minecraft Bedrock	UDP	19132
Plex Media Server	TCP	32400
PlayStation Network	TCP/UDP	80, 443, 1935, 3478–3480
Xbox Live	TCP/UDP	3074, 53, 80, 443
Steam	TCP/UDP	27015–27030
Remote Desktop (RDP)	TCP	3389
Home Assistant	TCP	8123

NETGEAR — Port Forwarding

1. Log in at 192.168.1.1 or routerlogin.net
2. Go to Advanced → Advanced Setup → Port Forwarding / Port Triggering
3. Select Port Forwarding and click Add Custom Service
4. Enter a name, select TCP, UDP, or TCP/UDP, enter the port range, and enter the IP address of the target device
5. Click Apply

TP-Link — Port Forwarding

1. Log in at 192.168.0.1
2. Go to Advanced → NAT Forwarding → Virtual Servers
3. Click Add
4. Set a name, enter the external port and internal port (same unless you want to remap), select protocol, and enter the device IP
5. Click Save

ASUS — Port Forwarding

1. Log in at 192.168.50.1
2. Go to WAN → Virtual Server / Port Forwarding
3. Toggle Enable Port Forwarding to Yes
4. Click the + button to add a rule: enter Service Name, Protocol, External Port, Internal Port, and the device's IP address
5. Click the checkmark to save

Linksys — Port Forwarding

1. Log in at 192.168.1.1
2. Go to Security → Apps and Gaming → Single Port Forwarding or Port Range Forwarding
3. Enter Application Name, port(s), protocol, and the device's local IP
4. Check the Enabled box and click Save

D-Link — Port Forwarding

1. Log in at 192.168.0.1
2. Go to Advanced → Port Forwarding
3. Click Add Rule and fill in name, protocol, public port, private IP, and private port
4. Click Save

ISP Gateways

ISP	Path
Xfinity	10.0.0.1 → Advanced → Port Forwarding → Add Service
AT&T	192.168.1.254 → Settings → Firewall → Applications, Pinholes, and DMZ
Verizon Fios	192.168.1.1 → Advanced → Port Forwarding
Spectrum	192.168.1.1 → Advanced → Port Forwarding (requires DHCP reservation first)
Cox	192.168.0.1 → Advanced → Port Forwarding

Verify It's Working

After setting up the rule, test it with an external port checker. Search for "port checker" or "open port test" and use a site like canyouseeme.org. Enter your public IP address (visible at the top of those sites or at whatismyip.com) and the port number. If it shows "open," the forwarding is working. If it shows "closed" or "timed out," see troubleshooting below.

Troubleshooting Port Forwarding

Port test shows closed even though the rule is set: First confirm the service is actually running on the device and listening on that port. On Windows, run netstat -an | findstr LISTENING in Command Prompt to see active listening ports. If the port is not listed, the application is not running or is listening on a different port.

Double NAT — two routers: If you have a router behind another router (common with ISP gateways), you need to forward the port on both routers, or put the outer router in bridge mode. Use tracert 8.8.8.8 on Windows — if you see two private IPs (like 192.168.0.1 and 10.0.0.1) in the first two hops, you have double NAT.

ISP is blocking the port: Some ISPs block common ports like 80, 443, and 25 on residential connections to prevent customers from running servers. If your rule is correctly configured but the port still shows blocked externally, call your ISP or try an alternative port number (e.g., 8080 instead of 80).

Device firewall is blocking: Windows Firewall and macOS firewall can block incoming connections even when the router is forwarding them. Check your device's firewall settings and create an exception for the application or port.

Using a VPN: If either you or the person connecting is using a VPN, port forwarding to your home IP will not work as expected — VPN traffic routes differently. Test with VPN disabled.

Carrier-grade NAT (CGNAT): Some ISPs, especially mobile/cellular and some budget providers, use CGNAT — they share a single public IP across many customers. Port forwarding is impossible with CGNAT since you do not have a unique public IP. Contact your ISP to ask if they can assign you a dedicated public IP (sometimes free, sometimes a small fee).

DMZ — When to Use It

DMZ (Demilitarized Zone) sends all unsolicited incoming traffic to one designated device, bypassing the router's firewall entirely for that device. It is useful for gaming consoles to get an Open NAT type, or for network appliances that need all ports open.

DMZ is a blunt instrument — the device gets no firewall protection from the router. Only use it for devices with their own robust security (like a dedicated game console) or in a lab/test environment. Never put a Windows PC in DMZ without a properly configured host firewall.

Find DMZ settings in most routers under: Advanced Setup → WAN Setup → Default DMZ Server (NETGEAR), WAN → DMZ (ASUS), Advanced → NAT Forwarding → DMZ (TP-Link).