Home Router Port Forwarding Configuration

Port forwarding allows Internet hosts to connect to computers on the local network

usually configured to:
- support multiplayer games
- allow remote access to home computers
- run a web server

Static IP Addresses and DHCP Reservations

To create a port-forwarding rule, you must identify the destination computer by IP address
- normally, IP address may change
- so need to configure a persistent IP address
create a reservation (DHCP) for the device on the DHCP server
- means that the DHCP server always assigns the same IP address to the host
- can usually choose which IP address this should be
need to input the MAC address of the computer in the reservation so that the DHCP server can recognize the host when it connects

Hosts on the Internet can only “see” the router’s WAN interface and its public IP address
Hosts on the local network are protected by the default block rule on the firewall
If you want to run some sort of server application from your network and make it accessible to the Internet, you must configure a port forwarding rule
- Process in which a router takes requests from the Internet for a particular application (such as HTTP) and sends them to a designated host on the LAN
- The request could also be sent to a different port
  - so this feature is often also called port mapping
    - Type of port forwarding where the external port is forwarded to a different internal port on the LAN host

Port triggering is a mechanism to configure access through a firewall for applications that require more than one port.

when the firewall detects activity on outbound port A destined for a given external IP address,
- it opens inbound access for the external IP address on port B for a set period

One of the basic principles of hardened configuration is only to enable services that must be enabled
If a port-forwarding rule is no longer required, it should either be disabled or deleted completely
Make sure you review the configuration of a home router every month