How to Set Up Port Forwarding with Static IPs for Remote Access
When running servers like web/app servers or remote desktops behind a firewall, you’ll need to open specific TCP/UDP ports to allow external traffic. This tutorial covers how to configure port forwarding using static IP addresses for secure remote access.
Common use cases include:
- Hosting a public website or web app
- Enabling remote desktop connections like RDP
- Providing access to internal resources like databases or file shares
- Allowing external inputs to hit internal servers and services
We’ll explain the background on NAT, public/private IPs, and the role of port forwarding. Then walk through the hands-on steps to set up port forwarding from your router to internal servers, using static IP address assignments.
Follow along to learn how to open specific ports for secure remote access to your network resources.
Background: NAT, Public/Private IPs and Port Forwarding
When you connect to the internet, your ISP (Internet Service Provider) assigns your router a public IP address to uniquely identify your network. Devices on your local network get private IP addresses like 192.168.1.x or 10.0.0.x.
Your router uses Network Address Translation (NAT) to route traffic between the public internet and private local network by tracking which internal IP initiated external connections.
Without port forwarding, devices on your network can access the internet, but external devices cannot directly reach internally-hosted resources.
Port forwarding maps ports on your public IP address to private IP addresses on your LAN. This allows incoming external connections to hit specific ports and be routed to internal IPs.
With port forwarding set up, traffic coming to designated ports on your public IP address can now reach internal resources for remote access.
Before setting up port forwarding, you’ll need:
- A static public IP address range assigned by your ISP
- The private IP address of the internal server you want to forward ports to
- The target TCP ports like 443 for SSL or 3389 for Remote Desktop access
Having a block of static public IP addresses is necessary since port forwarding maps to a specific address. Internal server IPs can be static or dynamic.
Common port forwarding use cases include:
- Port 80 – HTTP web hosting
- Port 443 – HTTPS/SSL web traffic
- Port 25 – SMTP email
- Port 3389 – Remote Desktop Protocol
Decide which TCP ports you need open for your specific application or service. Also plan your public IP address assignments based on how many internal resources need port forwarding.
Configure Router Port Forwarding
Once you have your static IP address block and internal server IP mapped to desired ports, set up port forwarding on the router:
- Access your router admin interface and go to port forwarding/virtual server settings
- Assign your allocated static public IP addresses to the router WAN interface
- Create new forwarding rule specifying:
- Public port(s) to open (like 80, 443 etc)
- Protocol – TCP vs UDP
- Private IP address of internal server
- Private port (typically same as public port)
- Save rules and they will now forward traffic from the public IP to internal IP
Repeat steps to add additional forwarding rules for other servers/apps. Configure the router firewall to only allow required traffic.
Now external users can access those ports on your public IP and get routed to the internal resource.
Allow Inbound Connections on Server Firewall
After configuring port forwarding on the router, adjust firewall policies on the destination server to allow incoming connections:
- Modify server firewall rules to open the forwarded ports
- Configure any application/services on the ports to accept remote access like Remote Desktop
- Consider limiting access to specific IP ranges
This complements the router port forwarding, enabling the server to receive and respond to requests.
Test External Access
Perform tests to confirm remote access via the opened ports:
- From an external network, try accessing a port like visiting the website URL
- Verify ability to remotely connect to services like Remote Desktop on forwarded ports
- Confirm traffic is hitting the server as expected in logs
Fine tune firewalls and router port forwarding as needed until connectivity is working smoothly.
Setting up port forwarding with static IPs enables secure remote access to internal resources. Potential use cases include hosting web apps, remote administration, and offsite database access.
For a full guide on port forwarding, check out [Link to Vendor ABC resources]. And reach out if you need help designing and implementing solutions tailored for your environment.