Control Network Newsletter
Enabling Port Forwarding on an IP Router
The EIGR series high-speed routers link two 10/100/1000 Mbps Internet Protocol (IPv4) networks — passing appropriate traffic while blocking all other traffic. One network is the local-area-network (LAN); the other is the wide-area-network (WAN). The built-in stateful firewall passes communication initiated on the LAN-side while blocking WAN-side initiated communication. With Port Address Translation (PAT), LAN-side clients can access the Internet. With Port Forwarding, LAN-side devices can be accessed from the Internet.
Port forwarding allows remote devices to traverse a firewall and access specific services or applications hosted on a private network. By configuring port forwarding settings on a router or firewall, incoming requests to a specific port (e.g., port 80 for HTTP) are directed to a particular device within the network. This feature is commonly used for accessing webpages and applications to configure and program devices at remote jobsites.
Port forwarding allows computers on the WAN side to access devices on the LAN side by opening selected WAN IP ports. To forward WAN-side requests through the IP router, requests must specify both:
- The router's WAN address
- A destination IP port number that exists in the router's IP port forwarding table
When this match is made, the message is forwarded to the indicated IP address on the LAN side. This is very useful when only one public IP address is available but there is a need to access multiple LAN-side devices. In this example, we want to access a private web server at 192.168.92.101, which is normally not visible from the Internet. Using port forwarding, a WAN-side request can be made to the router's public (WAN) address. For additional security, the port numbers have been translated. Port Range Forwarding can also be selected to allow a range of addresses to pass through the firewall.
Note that any WAN-side device can use port forwarding, but you can greatly enhance security by creating a Allowlist of allowed WAN-side devices.
For more information about this configuration and others, go to EIGR Application Guide.pdf.