About port forwards

Typically, port forwards are used to forward requests that arrive at an external network interface to a network host in an internal network zone. It's common to think of such requests arriving from hosts on the Internet. However, port forwards can be used to forward any type of traffic that arrives at an interface, regardless of whether the interface connects to the Internet or some other network zone. You can also create port forwarding rules for requests from an internal network address.

For example, you can create a port forward rule to forward HTTP requests on port 80 to a web server listening on port 81 in a Demilitarized Zone (DMZ). If the web server has an IP address of 192.168.2.60, you can create a port forward rule to forward all port 80 TCP traffic to port 81 on 192.168.2.60.

Port forwards can be configured where network traffic uses the following path through the Smoothwall:

  • Client IP addresses: Traffic coming from these IP addresses. Leave blank for all (default).
  • Local IP(Interface): The interface the traffic will be arriving on (the Internet facing IP address).
  • Service: The services the traffic will try to reach (For example, a web server on TCP ports 80 and 443).
  • Target IP address: The internal IP address of the hosting server.
  • Ports: The service ports on the hosting server.

Note: It's important to consider the security implications of each new port forward rule. Any network is only as secure as the services made available upon it. Port forwards allow unknown hosts from the external network to access an internal host. If a hacker or cracker manages to break into a host that they have been forwarded to, they might gain access to other hosts in the network. For this reason, we recommend that all port forwards are directed towards hosts in isolated network zones, that preferably contain no confidential or security-sensitive network hosts. Use the Firewall rules page to make sure that the target host of the port forward is contained within a suitably isolated network, that is, a DMZ scenario.

Port forward rules are applied in the top-down order they're listed in the Port forwards table. Once a match is found, no further searching is made.