How to Port Forward – Step-by-Step Guide

So you’re having issues getting your game or software to connect properly, and you heard that something called “port forwarding” might help. But what exactly is it, and how do you set it up? That’s where this handy guide comes in.

Whether you’re trying to reduce gaming latency, host a server, or access a device remotely, understanding how to port forward can make all the difference. Before you go any further, I need to ask you a few questions:

Is your video game or other software having trouble connecting to the internet? Port-forwarding might be the solution, and this guide will show you exactly how to set it up.

Does your connection feel just a little slow? If so, port forwarding won’t help you make your internet faster. However, you might still want to keep reading as we’ll be covering some useful networking tips that might come in handy. 

Now, get comfy, grab a drink, and let’s break down how to port forward step by step.

What is port forwarding?

Here’s the short version: Ports are like virtual doors or gateways through which data can flow into and out of your computing devices—your PC, smartphone, console, smart fridge, or what-have-you. Port forwarding is the process of making a specific port on a specific device accessible to the world at large, indefinitely, so that other devices on other networks can send data back and forth through that port.

But here’s the catch: Leaving a port open is like having a small pet door in your house that’s permanently unlocked so your dog or cat can leave at will… and so other dogs or cats can also come in. It’s convenient, but if not managed properly, it can introduce a security risk—which we’ll discuss later.

Why would you need port forwarding?

In most circumstances, you don’t. When everything is working correctly, your router will have a system called UPnP, or Universal Plug and Play, that automatically handles port forwarding when you need it and only when a device on your network asks for it.

But sometimes, it doesn’t work as intended, or you might have a very old router that doesn’t have UPnP, and you need to do it manually. Here’s why you might want to handle your ports yourself.

Gaming and low-latency connections

Many online games require specific ports to be open for smooth multiplayer connections. When UPnP isn’t working properly for some reason, it can prevent games from connecting to servers, leading to issues like failed matchmaking or lag spikes. Manually opening the specific ports for those games can solve this problem.

Remote access to devices and servers

If you’re traveling or working from a cafe or coworking space but want to access your devices at home, port forwarding is your friend. It will allow you to control your devices from outside your home, so you can log in via the terminal or use a remote desktop solution.

Ideally, you’ll also have a static public IP address, or else use Dynamic DNS to have a domain name attached to your home network.

Hosting websites and online services

Maybe you want to host a website on your own hardware and your own internet connection. Or maybe you’ve ripped all of your physical media to make personal digital copies, as is your right (depending on where you live), and want to watch it on the go, so you set up a Jellyfin server to have your own private streaming service.

Either way, you’ll need to use port forwarding to make the website available on the internet and access the things you’re self-hosting. 

Improving security and network control

Let’s be clear: Port forwarding itself does not improve your security. In fact, it often slightly decreases security. But it can be a useful tool if you want complete control over your network and want to decide which apps on your devices are allowed to connect to the internet at all.

In that case, you might decide to disable UPnP entirely, and only open the ports used for specific apps and games. Just don’t forget to close those ports when you’ve decided you’re not going to play that specific game anymore, for example.

If carefully managed, this approach can improve your network security somewhat, but it’s really not worth it for most people. It’s best used with servers, and other systems that depend on being as closed-off as possible with only a couple of services and apps that are intentionally exposed to the internet.

How does port forwarding work?

At the most basic level, you need to sign into your router, and set up what’s called a “rule.” The rule will say something like, “This router needs to always have port 45693 open to the internet, and all connections to port 45693 should be routed to my Xbox.” It won’t say that in plain English, of course, but that’s essentially what you’re doing.

Understanding ports and protocols (TCP vs. UDP)

As mentioned above, ports are gateways (or endpoints) that allow computers to send information back and forth. There are 65,635 ports available, but not all of them open at once.

You’ll also need to specify a protocol, which is a set of instructions for how data should be processed and handled. Now, when data is sent from one computer to another, it will be sent according to either TCP (Transmission Control Protocol) or UDP (User Datagram Protocol). TCP is designed for communication that depends on a stable, reliable connection: Website browsing, email, text messaging, etc. UDP is used for real-time communication where speed is more important, such as gaming, streaming video, and DNS requests.

Another thing to know is that protocols can be layered on top of each other. For example, when you browse a website, your computer sends a request to the web server for information via a protocol called HTTPS (Hypertext Transfer Protocol Secure). This lets the server know that your computer is asking to see web pages. If it has any to share, it’ll send them on over. And all that HTTPS-structured information essentially “rides” on top of TCP to get into your browser.

Why does all this matter? When you open up a port for a game or app to use it, you will need to specify whether the port is allowed to send traffic via TCP, UDP, or both. If you only allow TCP traffic on a particular port, and a game needs to send and receive information via UDP, it won’t work.

NAT (Network Address Translation) and its role in port forwarding

Routers use Network Address Translation (NAT) to decide which bits of internet traffic are supposed to be going to your PC, and which go to your smartphone, your TV, your console, etc.

By default, NAT blocks unsolicited traffic from reaching your network. Port forwarding creates an exception, telling the router to allow connections through a specific port you opened to a designated device of your choice.

Common misconceptions about port forwarding

Many people assume that port forwarding will improve their lag, ping, or latency. This is not true. It will not make your internet faster. It will not make gaming faster. It’s just a way to guarantee that specific games, apps, or servers on your network can send and receive data without being blocked by your router.

Another common misconception is that port forwarding is more secure than UPnP. For most home users, UPnP will be safer and more convenient, since it automatically automatically opens ports when needed and closes them when they are no longer in use.

How to set up port forwarding on your router

Every router will have a slightly different process to set up port forwarding. However, the basic principles are the same.

Here’s how it works:

Step 1: Find your router’s IP address

In most home networks (most networks even), there are two kinds of IP addresses. First, there’s the public IP address of your router. This is the IP address that other computers see when you connect to them from any device on your home network.

Then there are local IP addresses. Every device on your network gets assigned one when they connect, whether via Wi-Fi or ethernet, which makes it easy for devices on the same network to share files, etc. It will probably look something like 192.168.0.3, depending on your router.

Your router also has a local IP address. You might find it on a sticker on the router itself or in the user manual, or contact your ISP’s customer service team for help. 

You can also try the following:

• Windows: Open Command Prompt and type ipconfig. Look for the Default Gateway—that’s your router’s IP address.
• Mac: Open Terminal and type netstat -nr | grep default.
• Linux: Open Terminal and “type ip route | grep default” (without the quotes).

Step 2: Log in to your router’s admin panel

1. Open a browser on your computer or phone. 
2. Type the router’s IP address into the address bar (e.g., 192.168.1.1). Note: If you get an error, make sure the address bar doesn’t show “https://” in the browser next to the IP address. Some browsers force you to use HTTPS, which will cause problems, as these local router control panels can usually only be accessed with regular HTTP (The lack of an S matters).
3. You should see a login page prompting you for a username and password. (Consider updating these credentials, as it’s more secure than using the defaults.)

Step 3: Locate the port forwarding section

Once you’re logged in, look for the menu option called “Port Forwarding,” “Virtual Server,” or “NAT Forwarding.”

Step 4: Configure port forwarding rules

Choosing the right ports (common port numbers)

Different applications use different ports. Some of the most commonly used ports include:

• Port 80 (HTTP): Hosting websites
• Port 443 (HTTPS): Secure, encrypted connections to websites you host. Learn more about HTTPS here.
• Port 22 (SSH): Secure remote access, allowing you to control other computers via the command line.

For gaming or custom applications, check the documentation for the required port numbers.

Selecting TCP or UDP protocols

Again, you’ll need to consult the documentation for the specific app or game for which you’re opening this port. 

• TCP (Transmission Control Protocol): Reliable for web browsing, emails, and file transfers.
• UDP (User Datagram Protocol): Faster, used for gaming and video streaming.

Some will require TCP, some UDP, and some will require both protocols to be allowed through.

Assigning a static IP address

Your device’s local IP address can change depending on when different devices get turned off or on, and your router hands out local IP addresses on a first-come, first-served basis. One way to ensure your forwarded port always sends traffic to the right device is to set up a static IP address for that device.

On Windows, Linux, and Mac, you can actually change your network settings to always request the same static IP address for your device. But, if you want to be really sure, you can set up your router to hand out the same IP address to a given device every time. This helps to ensure that traffic to the port you opened always goes to the correct PC or console, every time the router gets rebooted, and that it doesn’t share that IP address with another device first.

Step 5: Save and apply the changes

After setting up port forwarding in your router’s settings, click Save or Apply Changes. You might lose your connection to the internet briefly while your router applies the new configurations.

Step 6: Test if your ports are open

Using online port checkers

There are a ton of online port checkers you can use, including portchecker.io and yougetsignal.com. These websites will test your external IP address for access to the ports you specify, and tell you if they’re open.

If the checker says they’re closed, you’ll need to try again.

Testing via Command Prompt (Windows, Mac, Linux)

For you command line nerds out there, you can test using built-in terminal commands. Note: I don’t recommend using netcat, as it continually gave me false positives, telling me ports were open on UDP when they weren’t.

• On Windows, run “Test-NetConnection -ComputerName <IP> -Port <port number>” without the quotes. Replace <IP> and <port number> with the necessary info, without the brackets.
• On Linux, install nmap, and run “nmap -p <port number> <hostname or IP>”. Again, that’s without the quotes, and replacing the brackets where necessary.
• On macOS, you can install nmap and use the same command as above.

Port forwarding on different routers – step-by-step guides

How to port forward on ASUS routers

Note: This process will work for most but not all ASUS routers.

1. Log in to your router’s settings page (usually 192.168.0.1 or 192.168.1.1).
2. Go to WAN > Virtual Server/Port Forwarding.
3. Find the Enable Port Forwarding switch, and click to turn it on.
4. Find the button below that says Add Profile, and click it.
5. Optional: Check the Famous Server List or Famous Game List to see if your app or game is listed there, for easy configuration.
6. Add the port you want to open, select the protocol, and select the internal IP address of the device you want to open the port for.
7. Click OK.

How to port forward on TP-Link routers

TP-Link has at least three different kinds of settings pages for its routers, each with its own process. They all follow the same process outlined in the previous section but with different menus. 

1. Log in to your router’s settings page (usually 192.168.0.1 or 192.168.1.1).
2. Go to Advanced > NAT Forwarding > Virtual Servers.
3. Click Add or Create New to set up a port forwarding rule.
4. Enter the required port number, protocols, and internal IP address of the device you want.
5. Click Save.

If you’re unsure about your router model’s interface, visit TP-Link’s official support page and search for port forwarding along with your router model.

How to port forward on Netgear routers

1. Log in to your router’s settings page at routerlogin.net.
2. Go to Advanced > Advanced Setup > Port Forwarding/Port Triggering.
3. Select Port Forwarding, and click the Add Custom Service button.
4. Add the ports, protocols, and the internal IP address of the device you want.
5. Click Apply.

How to port forward on Linksys routers

Linksys makes things a little easier by having an app that lets you easily configure port forwarding:

1. Log in to the Linksys app.
2. Tap the menu icon in the upper-left corner.
3. Tap on Advanced Settings > Port Settings.
4. Tap on Port Range Forwarding.
5. Tap on Add a rule.
6. Fill in the Rule Name, Start Port, End Port, and Device IP Address fields and choose the desired protocol. (Instead of putting in a device IP address, you can also just select any devices currently on your network by tapping Select a device.)
7. Tap Save.

How to port forward on Spectrum routers

Spectrum also makes things easier with an app.

• Log into the My Spectrum app.
• Select the Services tab.
• Under the Equipment section, select Router.
• Scroll down and select Advanced Settings, then select Port Forwarding & IP Reservations.
• To set up a static IP, select a connected device under Create IP Reservation.
• After setting up the static IP, select Add Port Assignment.
• Enter a name for the port assignment, add the ports and protocols.
• Tap on the check mark to save your settings.

How to port forward on Xfinity routers

For Xfinity Gateway users, it’s pretty simple. Non-Xfinity Gateway users should look up the instructions for their router model.

1. Open the Xfinity app and sign in with your Xfinity ID and password.
2. Select the WiFi tab, then select View WiFi equipment.
3. Select Advanced settings, then select Port forwarding from the menu.
4. Select Add Port Forward.
5. Choose the device you want from the dropdown list.
6. Choose from the list of common applications to use a preset configuration or tap on Manual Setup to enter the usual port numbers and protocols.
7. Select Apply Changes.

How to port forward on AT&T routers

AT&T offers several router models, and the setup process may differ based on the model. However, the general steps are:

1. Log in to your router’s admin panel (usually 192.168.1.254).
2. Look for a section labeled Firewall, NAT/Gaming, or Port Forwarding.
3. Click Add a New Application or Custom Services.
4. Enter the required port numbers, protocol, and internal IP address.
5. Click Save or Apply.

Since AT&T routers vary widely, we recommend that you visit AT&T’s support page and search for port forwarding instructions specific to your router model.

How to port forward on different devices

As mentioned above, you need to open up the desired port both on your router, and on the device to which you want to open up the connection. Here’s how to do it on every major operating system.

Note: When installing new apps or games on Windows and Mac, and even sometimes on Linux, this isn’t something you need to do. The installation process should open the necessary ports for you, if needed. You’ll only really need to do this if you’re setting up some sort of web or game server, or a similar application.

Second note for nerds: What we’re doing on these devices is just “opening ports” and not “port forwarding.” Technically speaking, you can forward ports on these devices, but that’s a different process, and you only need to do it if you’re hosting your own websites and services in containers or VMs, or if you’re redirecting ports 80 and 443 to a Node.JS server, or something like that.

How to port forward on Windows (using Windows Firewall)

1. Open Windows Firewall Settings.
2. Click on Advanced Settings
3. In the left sidebar, click Inbound Rules and New Rule in the right sidebar.
4. Select Port and click Next.
5. Select your protocol: TCP or UDP. If you need both, you can create a separate rule for each protocol on the same port.
6. Enter the port number(s) you want to forward in the Specific local ports field.
7. Select Allow the connection and click Next.
8. Select which kinds of networks the rule should apply to (Domain, Private, Public) and click Next. Note: By default, any network you connect to is set to “Public,” which is the least trusted.
9. Give the rule a name and click Finish.
10. Optional: repeat the process and create an Outbound rule, as necessary.

Want to know more? Find out how firewalls work.

How to port forward on macOS

Mac OS makes this a bit more complicated than it is anywhere else.

How to port forward on Linux (iptables and ufw)

In ufw, the firewall software used on Ubuntu and quite a few other distributions, just open up a terminal, and run: “sudo ufw allow (port number)/(tcp or udp)”.

In firewalld, the firewall software favored by Fedora, Red Hat, and various derivative distributions like Rocky Linux, it’s pretty simple. Run the following command in a terminal, replacing the brackets with the relevant info where necessary:

sudo firewall-cmd –permanent –zone=public –add-port=(port number)/(tcp or udp)

Then, to see the changes, run “sudo firewall-cmd –reload”.

If you’re still using iptables, please comment down below and tell us (or really just tell me, the author) which Linux distribution you’re using, because I’m curious to know which modern distros are still using it. In most of them, iptables is deprecated, and has been replaced. But, for the sake of thoroughness, here’s how you do it:

Start with this command, replacing things as necessary: “iptables -A INPUT -p tcp –dport 8000 -j ACCEPT”

That will allow incoming traffic to enter that port. To allow outgoing traffic, run the command again with one small change: “iptables -A OUTPUT -p tcp –dport 8000 -j ACCEPT”

How to port forward on PlayStation (PS4/PS5)

You don’t need to open up any ports on the console itself. As long as your router is configured correctly, with a static IP set for your PlayStation, you’re good to go.

How to port forward on Xbox (Xbox Series X/S, Xbox One)

Again, this is all done on the router.

How to port forward on Nintendo Switch

Once again, you only need to set up port forwarding on the router.

Troubleshooting port forwarding issues

Why isn’t my port forwarding working?

There are several reasons why it might not work, and here are some of the most common:

Double NAT issues (using a second router or ISP modem)

If you’ve bought a gaming router for better Wi-Fi or faster ethernet ports and plugged your internet into it, you need to remember to enable port forwarding for both routers. On your ISP router or modem, the forwarded internal IP address should be that of your gaming router; on the gaming router, the forwarded internal IP address should be that of your gaming device.

Firewall and antivirus blocking the connection

So that section above about opening up ports for your apps or servers on Windows/Mac, etc.? This is what that’s for. If your game or server’s ports aren’t open on your device, it doesn’t matter if they’re open on the router.

ISP restrictions on port forwarding

Some internet service providers (ISPs) don’t allow port forwarding for security reasons. You may need to change ISPs or ask if your existing ISP can open a port for you.

How to fix common port forwarding problems

Enabling UPnP (Universal Plug and Play) on your router

Most modern routers support UPnP, and have all the port forwarding stuff handled for you, especially if you’re just trying to play some online games. This can eliminate the need for manual port forwarding.

Using a DMZ (Demilitarized Zone) as an alternative

This is a bit of a last resort option, as it’s much less secure than anything else. But, if all else fails and you can’t connect to your favorite game, you can use your router’s settings page to put your console or gaming PC in a DMZ. This will essentially separate your gaming device from everything else on your network and allow all traffic to and from it.

This means your device’s security will rest entirely on how well its internal firewall is configured, and that’s why this method isn’t recommended.

Why is my port forwarding slowing down my connection?

It most likely isn’t. Port forwarding has nothing to do with internet speed. Check to see that your internet connection isn’t overloaded, and try using a gaming VPN to see if that helps to speed up your connection.

Why is my port forwarding not working with a VPN?

Not all VPNs support port forwarding, so make sure you’ve got one that does. ExpressVPN offers port forwarding functionality via VPN-enabled routers. See our guide to choosing the best routers here.

Security risks of port forwarding and how to stay safe

The risks of exposing open ports

Every open port in your router and on your devices opens you up to security risks such as hacking. You can open ports and still keep your system pretty secure, but you need to be careful about it, and not just randomly open ports and leave them that way for no reason.

Basically, every open port should have a properly updated and secured bit of software connected to it, be that your favorite game, a media server, or a web server.

How to secure your network while using port forwarding

By following these best practices, you can safely use port forwarding while minimizing security risks.

Use strong router passwords and disable remote access

Remember what I said about changing your default router password? Do that. And if there’s an option for accessing your router settings from outside your local network, turn it off. 

Regularly update your router firmware

That’s right, your router needs regular  updates, both for security and to fix bugs. Open up your router’s admin page or app regularly to see if any updates are available. Many routers will also offer an auto-update feature to save you the trouble.

Monitor open ports and close unused ones

You can use apps like Wireshark to monitor all the traffic on your network, and some routers offer monitoring functionality as well. Keep an eye on any ports you’ve opened to make sure they’re not being used in any suspicious or irregular ways.

And when you’re not using a port anymore, close it.

Consider using a VPN as an alternative to port forwarding

VPNs route all of your traffic through a secure VPN server of your choice. In certain cases, they can be used to provide access to your home network for self-hosted applications and services. 

Can you use port forwarding with a VPN?

Does port forwarding work with a VPN?

Yes, but you need a VPN that supports port forwarding—which ExpressVPN does—and a router that supports VPNs. Then, you have to configure your router to not only forward ports, but also route all your traffic through ExpressVPN’s server network. (Can we interest you in an Aircove router, which will solve both those issues?)

If your router supports all of this functionality, then it shouldn’t take more than a few minutes to set up. If you’re a gamer, you might want to check out our guide to choosing the best gaming router for more details on how to make it all work.

How ExpressVPN can help with port forwarding security

As we’ve discussed, port forwarding can be a security risk because it exposes your network to outside connections. Routing your traffic through ExpressVPN’s network adds a layer or two of security to your connection, even when you’ve got port forwarding enabled. 

ExpressVPN hides your IP address by replacing it with one from its secure server network, preventing would-be attackers from accessing your home network. The built-in DDoS attack mitigation in every ExpressVPN server will also prevent attackers from blocking your access to the internet.

Also, sometimes video game internet traffic isn’t as secure as it should be. But all traffic going between you and the ExpressVPN server of your choice gets automatically encrypted, and that makes it a lot harder to spy on your specific online activities.

Alternative solutions to port forwarding with a VPN

Using a VPN instead of port forwarding for remote access

This technique is best used for when you want to access your devices at home, and any personal services you host there. Instead of exposing your home network to the internet directly, you could rent a virtual private server and use it to host your own personal VPN. Then, connect your devices at home to that VPN.

When you log into this VPN from a laptop in your hotel room, for example, it will act as though you and your devices at home are all on the same trusted network. You’ll be able to transfer files and browse your media collection just like you would at home.

It should be noted, however, that this option isn’t free—you need to pay for your server—and you’ll need to be at least somewhat familiar with managing and securing servers. After all, your personal VPN server will be exposed to the internet, even if your home network isn’t.

How a VPN improves gaming and P2P connections without port forwarding

While port forwarding won’t improve your latency or lag, in some instances, using a VPNcan improve your gaming connection in a few ways.

VPNs like ExpressVPN use optimized servers to route your traffic more efficiently, which can improve gaming speeds. Some ISPs also throttle gaming traffic and a VPN allows you to mask your activity, preventing your ISP from slowing your connection due to gaming. VPNs also prevent DDoS attacks, which can occur in competitive gaming.

Using ExpressVPN’s secure network for remote work

ExpressVPN offers tons of benefits for people working outside the office, or even remote work abroad. Its powerful encryption makes working on public Wi-Fi safer by preventing anyone on the network from snooping on your internet traffic, which is especially important when you’re working on sensitive work documents. Even your ISP doesn’t have to know what you’re looking at.

When you use ExpressVPN, all your traffic is encrypted, which helps to unlock all your favorite websites and games that might be blocked on certain networks, allowing you to spend your lunch break enjoying any kind of content and entertainment as you see fit.

How to set up ExpressVPN for secure connections without port forwarding

ExpressVPN is easy to set up on almost any device. On Windows, Mac, and Linux, it’s just a matter of downloading the ExpressVPN app for your platform, logging in, choosing a VPN server, and connecting to it. It’s basically the same for Android and iOS devices as well.

For Xbox, PlayStation, and other consoles, you’ll need a router that supports VPNs, and you’ll need to configure it to use ExpressVPN’s server network, but that only takes a few minutes at most.