The Broadband Guide
search advanced
FAQs Categories:

How do I allow inbound traffic (run servers) behind NAT?

To allow unsolicited inbound traffic (run servers) behind NAT you need to use port mapping/forwarding, which instructs the NAT device to pass all traffic on a certain port to a certain private IP on the LAN side. For example, to allow inbound web traffic you have to map port 80 to the IP address of the internal webserver. The downside of all that is you can only have a single internal IP receiving the inbound requests on a particular port... If you were to run a second server behind NAT, you'd need to use a different external port (the internal port can usually remain the same, this limitation only applies to the external port. You could map external port 8080 to internal port 80 on a second webserver behind NAT).

Another option is to use DMZ and open one host behind the NAT entirely for bi-directional traffic on all ports, although that poses some additional security risks.

  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About