1. translating the address and/or port number of a packet to a new destination,
2. possibly accepting such packet(s) in a packet filter (firewall),
3. forwarding the packet according to the routing table.
The destination may be a predetermined network port (assuming protocols like TCP and UDP, though the process is not limited to these) on a host within a NAT-masqueraded, typically private network, based on the port number on which it was received at the gateway from the originating host.
The technique is used to permit communications by external hosts with services provided within a private local area network. Port forwarding allows remote computers, for example, computers on the Internet, to connect to a specific computer or service within a private local area network (LAN).
When configuring port forwarding, the network administrator sets aside one port number on the gateway for exclusive use of communicating with a service in the private network, located on a specific host. External hosts must know this port number and the address of the gateway to communicate with the network-internal service. Often, the port numbers of well-known Internet services, such as port number 80 for web services (HTTP), are used in port forwarding, so that common Internet services may be implemented on hosts within private networks.
Purpose
Port forwarding allows remote computers, for example, computers on the Internet, to connect to a specific computer or service within a private local area network (LAN).
In a typical residential network Internet access is obtained through a DSL or cable modem connected to a router or network address translator (NAT/NAPT). Hosts on the private network are connected to an Ethernet switch or communicate via a wireless LAN. The NAT device's external interface is configured with a public IP address. The computers behind the router, on the other hand, are invisible to hosts on the Internet as they each communicate only with a private IP address.
When configuring port forwarding, the network administrator sets aside one port number on the gateway for exclusive use of communicating with a service in the private network, located on a specific host. External hosts must know this port number and the address of the gateway to communicate with the network-internal service. Often, the port numbers of well-known Internet services, such as port number 80 for web services (HTTP), are used in port forwarding, so that common Internet services may be implemented on hosts within private networks.
Typical applications include the following:
Running a public HTTP server within a private LAN
Permitting Secure Shell access to a host on the private LAN from the Internet
Permitting FTP access to a host on a private LAN from the Internet
