Port forwarding on the router. How Port Forwarding works. Video: opening ports on a TP-Link router

Port forwarding on a router is a procedure that allows you to establish a direct connection between a computer from external network(for example, from the Internet) and a device located on the router’s internal network. Thanks to this, any device or application that knows the external IP address of your router and the port numbers that are forwarded on it can access from the Internet the corresponding devices on the network behind the router, for example, computers and laptops in the home local area. Provided that this is not prohibited by the firewall settings.

Figure 1. Diagram local network

There are many goals and objectives for the implementation of which it is necessary to assign port forwarding on the router. For example, for full-fledged work peer-to-peer clients, the ability to create any Internet servers - gaming (online competitions between computer players), WEB, FTP and others. If you are unable to organize a torrent distribution on BitTorrent tracker, or created by you gaming session“can’t be seen” by other remote players, which means the port on the router is not forwarded. The problem is aggravated if the router is not in your home and does not belong to you, but to the provider. This often happens to users of dedicated broadband access via Ethernet, when only a cable is installed into the apartment, and the router is reliably protected from unauthorized entry. In this case, the issue of how to forward the port is resolved directly with your provider.

What is NAT and how does it interfere?

Figure 2. When connected to the network through a router, the computer is under the NAT of the router.

For those who have their own router, for example, ADSL broadband users, it will be useful to learn how to forward a port on the router. But first, let's find out why without this procedure direct access to the local grid from the outside is impossible. The fact is that almost all user routers operate based on NAT technology - this is a special network mechanism used to convert the IP addresses of data packets transiting through firewall or router.

Thanks to it, separation is made global network into two independent segments, each with its own address space: external (“public”) and internal (“private”), located under NAT. The “local area” created using a router is an internal network where each computer can be assigned its own unique IP, and this will not cause conflicts or a lack of addresses in the external network, since the external and internal address spaces are independent of each other.

From the outside, the entire local area will be visible under one single public IP assigned to a specific router. Accordingly, the internal address space will not be visible from the outside, and all the private addresses that the user has assigned to computers in his personal network will simply not exist for external users - only the router “knows” about them. (FIG. 1)

Why is port forwarding necessary?

Routing technologies with using NAT great for solving most daily tasks ordinary Internet users.

Figure 3. In order to enter the router configuration menu, you need to start it and connect it to your computer.

When one of the local network computers needs access to a server on the Internet (for example, to load a web page in a browser), at its request, the router connects to the server using its external IP, then receives and redirects the necessary data to the internal address to the computer that requested it . From the server side, this computer conditionally “does not exist”, since it is under the NAT of the router, and the server can only “communicate” with the router itself via its public IP. (FIG. 2)

This mechanism is widely used by Internet providers because it has many advantages:

Saving address space. Thanks to NAT, there is no need to give each user a unique external address; it is enough to create your own internal network and freely manage the private address space, using only one or several public IPs to access the outside world.
Increased security. All computers on the local network are protected from detection and use from " global web" The connection is initiated only from within. A public address can receive data from a private one only as part of the broadcast it initiates.
Ability to manage addresses and ports, perform port-address translations, etc.

https://site/

However, in some cases, the main advantage of this mechanism is invisibility and inaccessibility internal computers from the outside - turns into a serious obstacle. To fully operate in a peer-to-peer network or in server mode, it is necessary that any user from the Internet can freely connect to the computer. Is it possible to do this if the computer is behind the router, that is, on its private network, and NAT hides it from detection? This is precisely why port forwarding is configured on the router.

How port forwarding works

Figure 4. After completing the virtual server setup, the router needs to be rebooted.

The essence of the technology is that the router redirects the data flow for specific TCP/IP ports from its public address to a private address specific device in the local area. Simply put, to gain access from outside to internal address, just contact the external IP of the router to one of the specified ports corresponding to the desired private address.

To do this, you need to enter a table of correspondences between certain ports and addresses so that he “knows” what traffic to send to which computer. Such a “table” in many routers is called a “Virtual Server”, because the server is physically created on an internal node, but is accessible from the outside via public IP and specific number port.

There are two ways to forward ports: automatically (when UPnP help) and manually. During the forwarding procedure, you must manually select port numbers for each address that should be accessible from the Internet. These numbers, along with the public IP of the router, are then reported to the client program on the other side of the connection. The router, having received a request to its address on the corresponding TCP/IP port, redirects the data directly to the device that is assigned to this port. At the same time, the private IP still remains invisible, and no other client number savvy port, it will not hit it.

How to forward a port on a router?

Let's look at an example of how to forward a port on a router D-Link any models with firmware 1.4.X or later. This procedure is not much different for different manufacturers and on various models, That's why this instruction It is quite suitable for any modern router with a web interface.

Figure 5. Router settings allow you to set both one and several ports.

First you need to enter the router configuration menu. To do this, it must be running and connected to the computer. In the line of any Internet browser, enter the internal IP of the router, under which it is visible in the private local network. In our case it is 192.168.0.1. In the authorization window, in the “username” and “password” lines, enter the same word: admin. First of all, let's look at automatic forwarding using a wizard. Having entered the menu, look for the link “Virtual Server Setup Wizard” and click on it. (FIG. 3)

On the configuration page that opens, we see several fields. In the “Template” field you can select one of the built-in templates. Below you can enter any convenient name. Next, we need to select the interface with which our virtual server will be connected. Then enter the private address of the local network node for which ports will be opened, and the remote public address to which access will be allowed. If the Remote IP field is left blank, access will be open to everyone. Save the settings and reboot the router. (FIG. 4)

https://site/

To install the server manually, you need to go to advanced settings and select “ Virtual servers", on the page that opens, click "Add". In addition to the already known previous method fields, we see 4 new ones: external and internal start/end ports. The data flow from the external port is redirected via the internal port to the private address specified in the “Internal IP” field. You can specify a whole range of ports using the start and end numbers. If you need to use only one port, fill in the “start” field and leave “end” empty. The port number can be any number from 0 to 65535, values above 49152 are recommended. (FIG. 5)

The topic of opening ports on routers is very popular, and not only for routers Asus. In this article we will look in detail at how to open ports specifically on Asus routers, and over time I will definitely prepare similar instructions for devices from other companies. First, I will tell you in my own words what ports are on a router, why open (forward) them, and how to do this on Asus routers. This instruction is suitable for everyone Asus models, such as: (which we recently set up, wrote about it), RT-N65U, RT-AC66U, Asus RT-N10, RT-N56U, RT-N18U, etc. I will show using the example of RT-N12+, but Since they have almost the same control panel, everything will be clear.

We have a router, the Internet is connected to it. This means that only the router has an external IP address that can be accessed from the Internet. And computers and other devices that are connected to the router already receive internal IP addresses. It turns out that if we access an external IP address, we will not be able to reach any computer if it is connected through a router. For this you need to do port forwarding. With this we create a rule in the router settings that says that all packets that go to a specific port must be immediately redirected to the port specific computer(IP address) for which we have opened the port.

What is it for? This is needed for different programs that receive incoming connections from the Internet: DC++, various torrent clients, FTP servers, also, port forwarding may be needed when running a web server on a computer with access from the Internet, when setting up IP cameras, or for some games. Some programs can open ports on the router themselves using UPnP technology, which is the majority modern programs and does it if the router allows it (if UPnP is supported). But there are still cases when you need to open ports manually.

The topic with these ports is a little confusing, but if somewhere in the instructions for some program, or in some article, you came across information that you need to open ports for a certain program or game to work, and you have an Asus router, then just do everything according to the instructions and you will succeed.

We will configure it according to this scheme:

Let's appoint static IP address for a computer, in the router settings.
Let's open desired port on an Asus router.

Set a static IP for the computer in the settings of the Asus router

There is one on the router useful service which is called DHCP. It automatically issues an internal IP address to each device when connected to the router. But the fact is that to open the port (For normal operation redirects), you need the computer to have a static IP address that will not change after each time the computer is turned off/on, or after the router is rebooted. Therefore, we will "ask" DHCP for our computer (for which we will do port forwarding) reserve a static IP and issue only it each time.

Go to your settings Asus router. This can be done either by , or simply by typing the address 192.168.1.1 into the browser and specifying the username and password.

Go to the settings tab The local network, and select from above DHCP server. Near the point Enable Manual Assignment install Yes. Below, in the list where MAC address select the computer for which we will assign a static IP. If your computer is connected, simply select it from the drop-down list. Be guided by the computer name. The IP address will be set automatically, you can leave it or set another one (like mine). Then just click the button Add, and press Apply. Here is a screenshot for clarity:

The router will reboot and a static IP will be assigned to your computer.

Opening a port on the Asus router

You need to know which port to forward, this will now need to be specified in the settings of our Asus. If you are wondering about opening ports, then I think you know which port you need. You can open a range of ports "from and to". If anything, go to the program settings and look, the port should be specified there.

Here is an example screenshot of the connection settings from the µTorrent program:

You see, the port is indicated there (you need to open it on the router). Also, I highlighted UPnP forwarding, this is the same port forwarding setting, which, by the way, works great in this program. I showed this as an example, but you may have a completely different case with another program or network device.

Let's get down to business. This means that in the router settings go to the tab Internet - Port Forwarding. We put Yes near the point Enable port forwarding.

Please note two points: List of favorite servers, And List of favorite games. There you can select the most popular servers and games, for which the settings will be set automatically. For example: FTP, BitTorrent, TELNET Server, FINGER Server, Age of Empires, Counter Strike, Warcraft III, WOW, etc.

Service name- you can specify the name of the program for which you are opening the port.
Port range- here we set the port itself, if there is only one, as in my example. If you want to specify a range, then specify it separated by a colon, like this: 30297:30597.
Local IP address- select from the list of IPs that we assigned to our computer.
Local port- here we indicate the port on the computer to which the redirected messages will go. As a rule, this is the same port as in the "Port range" field.
Protocol- select from the list the protocol by which the router will make redirects.

Press the button Add And Apply.

That's all. After saving the settings and rebooting the router, everything should work. Now, all connections that will be directed to the port we specified will be redirected by the router to the computer. You can open new ports, or delete old rules.

If after setting nothing works, then check specified parameters again, and then try disabling your antivirus and/or firewall. They really like to block such connections.

The need for port forwarding on a router arises when you want to organize access from the Internet to some resource home network. It could be like game server, so RDP server, FTP or install a security camera at home to constantly see what is going on in your home (for example, if you left your child at home with a hired nanny).

Sometimes unconditional port forwarding is required for IP telephony. This depends on the principle by which your communications company operates.

Almost any router correctly supports all this functionality. The only thing I would like to pay close attention to is the need to obtain an external IP from the provider. Static or dynamic, in in this case doesn't have of great importance. In fact, you just have to have it.

We prepare the computer by registering a fixed (static) IP address (Method 1)
We prepare the computer by fixing its address on the router (Method 2)

Why is it necessary to forward ports to access internal resources from the Internet?

This need arises due to the fact that your router automatically filters out data that you did not request. This is primarily due to the need to ensure the security of your network. Imagine this: you have a computer, laptop, and file storage at home. And anyone can access all this from the Internet...

In order to prevent any evil spirits from entering the home network, the router allows only those requests and only to the computer on the network that it requested. For this, smart engineers came up with NAT - Network Address Translation network addresses). This system allows you to hide your internal address from the entire Internet. Thus, all devices connected to the Internet on your home network are seen on the Internet under one single IP address - external or white. Moreover, this can be either your white IP, or simply any provider’s, if the provider distributes gray IPs within its network.

Thus, if you want, for example, to connect remotely to your home computer via RDP - the router simply will not understand to whom exactly on the home network to redirect the request - you didn’t explain this to it... It will simply filter it. Of course, there is also the opportunity to add yours home service to the DMZ (Demilitarized Zone) section - demilitarized zone. But in this case, absolutely all requests from outside that no one has requested, as well as those for which a specific rule for ports is not specified, will be redirected to your node. This way you will make it completely defenseless, so unless absolutely necessary, it is better not to use this section for security reasons.

We do port forwarding

Checklist of necessary operations

In order to do correct port forwarding, you need to do several things, which we will now go through point by point, and then we will see how this all happens with a clear example.

1. You need to assign a static IP address to your computer, which will provide some kind of service. There are two ways to do this.

1.1. Method 1. You can assign a static IP by registering it in the properties network card- this is very reliable way, because nothing will change without your intervention. I think that this will be quite enough for a home network. The only thing that needs to be taken into account is the need to adjust the settings of your DHCP server, which is located in the router. We'll look at this with an example below.

1.2. Method 2. This method is more elegant, because. will not require changing the range of addresses issued by the DHCP server. In this case, you must assign an address to the computer using the same DHCP server. This method is a little less reliable, but it also has a right to life. Once in my life I encountered a situation where a computer that was “fixed” by a router to a certain IP suddenly began to receive a different address. Naturally, this was a problem with the router’s buggy firmware. However, we must keep in mind that such an outcome is also possible.

2. You must determine which ports and protocols will need to be forwarded. IN currently There are two transport protocols used in everyday life - TCP and UDP. For example, in order to connect via RDP or organize access to an FTP server, we need TCP. IP telephony uses UDP for data transmission. Keep this in mind. If this information is unknown to you, do not be lazy to open Yandex or Google and make the appropriate request. Although, in most cases, routers already have pre-installed port forwarding for the most frequently occurring needs. We will also look at this below.

3. You need to make sure that you have a white IP. Some providers may provide it to all network subscribers by default (nowadays this is becoming less and less common), or you will have to activate it (call the provider or go to Personal Area). You can find out by going to the web interface of the router admin panel.

Go to the admin panel of the router

We will work on port forwarding on a TP-Link router, because... Routers of this brand are gaining more and more popularity due to their price-quality ratio. Now in times of crisis this is especially relevant. Don’t worry if you have a router of a different brand - port forwarding in 95% of cases is practically no different, you just need to do everything by analogy.

So, go to the admin panel of the router by entering address bar address 192.168.0.1 - this address is set by default in most routers. In rarer cases, this may be the address 192.168.1.1 or, in even rarer cases, 192.168.10.1. If you use the Yota Internet center, most likely you need to go to 10.0.0.1. And, so as not to guess at the coffee grounds and not scour half the Internet in search of correct address, you can go to Start>Control Panel>Network and Sharing Center>Click on the active shortcut network connection and click the Details button. The Default Gateway item will contain the address of your router.

After requesting a login and password, enter the word admin in the login field and in the password field (unless otherwise written on the router body or you have not changed it yourself).

And immediately in the web interface we see that our IP address is internal to the provider (gray, in other words). You need to look specifically at the WAN section - these are the settings for your Internet!

To make it clear how to distinguish white from gray, I wrote this mini-cheat sheet. The fact is that back in the early 80s, when the specification was approvedTCP/IP smart heads immediately decided to reserve various address spaces (subnets) for special purposes. We even reserved a couple of subnets so that these addresses could be mentioned in technical documentation, otherwise they go to court in the homeland of the protocol more often than to buy bread... Well, this is already a lyric. Of all this reserved splendor, we are interested in subnets allocated specifically for private networks. There are few of them:
10.X.X.X
172.16.Х.Х
192.168.Х.Х
where X is a number from 0 to 255.

In my example, we see that the address starts with ten - this means that my address is internal. Well, I’m not offended - if I need a white one, I’ll ask my provider for an allocation.

Checking and adjusting DHCP settings

Before forwarding a port, we need to allocate address space on our home network that we can use for our network services that need to be accessed from the Internet. Let's go to the section DHCP.

We are interested in three things here:

On or off DHCP server(DHCP Server Enabled/Disabled - I will give the names of English-language menu items in parentheses, since not all routers are equipped with a Russian-language interface);

- ElementaryIP address (Start IP Address) - initial value the address space range from which the DHCP server will distribute IP addresses;

- FiniteIP address (EndIPAddress) - the final value of the address space range from which the DHCP server will distribute IP addresses.

Also, look at the title on the green background and try to guess what the translator was thinking about when he did the Russian localization, the programmers were in agreement. Just kidding, I'm kidding - I think people had a very tight deadline and didn't have time to catch all the mistakes.

In principle, if you are the proud owner of a TP-Link router, then most likely you will have this range set by default. I did not change this setting to home router, because Allocation of a range of 200 addresses will be enough for me with a tenfold margin. In general, Zyxel brand routers usually have a default range somewhere from 192.168.0.20 to 192.168.0.39 - 20 addresses.

Now let's decide whether we will record the IP address of the computer to which we want to open access or set this through the appropriate DHCP server settings.

We prepare the computer by registering a fixed (static) IP address

It happens that by default the router distributes the address space of the entire subnet (in the settings it is from 192.168.0.2 (the router address should not be in the address range) and 192.168.0.254). If you want to use the first method, then you need to adjust this range, freeing up the address for our computer. Change the FROM field, for example, to 192.168.0.3 - then we can use the address 192.168.0.2 for our computer to which we are opening access. Although, for a home network, as a rule, such a number of addresses is not required, so in the FROM field you can write, for example, 192.168.0.10, or 192.168.0.100 at the end - in case you have to open something else - you definitely won’t miss the address.

In order to assign a static IP address to your computer, go to Start>Control Panel>.

We click on the link indicating an Internet connection (Access type: Internet) and get into the following window:

Here we click Properties and choose Internet Protocol Version 4

And press Properties

Choose Use nextIP address: and enter there the static address that was freed in the previous step. (IP address, subnet mask, default gateway, preferred DNS server). Click everywhere OK.

We prepare the computer by fixing its address on the router

This is the second way. It no longer requires you to make any settings on your computer, but you need to know the MAC address network adapter. However, first things first.

We follow the already familiar path: Start>Control Panel>Network and Sharing Center.

Only now in the window

Select a section Intelligence

Here we are interested in the line indicating the Physical address - this is the same MAC. Don’t be surprised that I have it so exclusive, I slightly corrected it in one famous program. Otherwise, my computer will be easy to track. I certainly don't suffer from paranoia, but unnecessary information I have no great desire.

So, we found out the MAC address, now go to the section DHCP>Address Reservation (Address Reservation)

Here I already have a certain address reserved with an equally magical MAC address (of course, I also corrected it). Click Add new... (AddNew...) (but such a translation makes my soul happier).

We drive in our wonderful MAC address and any IP address allocated for this matter, and located in the range that distributes DHCP! Otherwise nothing will work. And press Save.

Actually, now we click where the router asks to restart. For the purity of the experiment, we reboot the target computer and move on to the next stage.

Configuring port forwarding on the router

We are interested in the section Forwarding (Forwarding), and in this section Virtual servers (Virtual Servers- who would have thought? - approx. ed.). This section opens immediately by clicking on a menu item.

By default, we should have empty here. To correct this injustice, we press Add new... (Add New…)

And we get into this form. Let's go in order:

Service port (Service Port) is a port, or a range of ports, which we will use from the outside. Having seen the request on this port, the router will understand where to redirect our packet so that it reaches the goal.

Internal port (Internal Port) is the port that our home network service listens on. If we turn to internal service on another port - nothing will work.

IP address (IPAddress) is the address of our computer or other device that we need to reach from the Internet. As you can see, it is clearly indicated here. Therefore it needs to be fixed.

Protocol (Protocol) - here you can choose either TCP, or UDP, or you can process both protocols on one port at the same time. However, my good advice is that if you know that exactly one is required transport protocol, and you also know which protocol is required - it is better to choose it strictly. Because, as the old admin wisdom says, an extra open port- an extra security gap. Keep this in mind.

State (Status) - Included (Enabled) / Turned off (Disabled) - well, there’s not even anything to comment on here - the rule can be turned on or off.

Standard service port (Common Service Port) - the most commonly used services and preset ports for them. If you expand this drop-down list, you can see that there are a lot of preinstalled ports there and in most cases there are enough of them.

If you select any of them, all fields will be filled in automatically. Let's choose HTTP protocol, as if we were going to make a home web server and make it accessible from the Internet.

As you can see, all we have to do is register our local address devices. If you need, for example, to forward RDP port- 3389, then instead of 80 you need to enter 3389 in both fields.

Sometimes it happens that the router settings include ranges strictly from and to. In this case, if you need to register only one port, enter the same values in these fields.

I entered 192.168.0.97 in the IP address field. You must enter the address that you have recorded for your target computer.

That's all, actually. All rules for virtual servers are usually applied without rebooting the router. Although, anything can happen. If it doesn't work, restart the router and try restarting your computer. After this everything should work.

What to do if suddenly nothing works?

There is one more point that may prevent you from accessing the service that you should see from the Internet. This is a Firewall or Firewall. And also all kinds of antiviruses that have their own Firewall and, sometimes paranoidly, try to protect the user’s computer from external threats at any cost.

Try disabling your Firewall and check if the service is available after that. If everything works, then you need to dig there.

What exactly and how to dig will be discussed in one of the following articles.

Connect to the web interface D-Link router and press the "Advanced Settings" button.

Select "Virtual Servers" in the "Firewall" section.

In the window that opens, click "Add".

In the window that opens, set required parameters virtual server. And click the "Change" button.

Sample- Select one of the six virtual server templates provided from the drop-down list, or select Custom to define your own virtual server settings.
Name- Virtual server name for easy identification. Can be arbitrary.
Interface- The connection to which the created virtual server will be attached.
Protocol- The protocol that the created virtual server will use. Select the required value from the drop-down list.
External port(start) / External port (end)- Router port from which traffic will be forwarded to the IP address defined in the Internal IP field. Set the initial and final values range of ports. If you need to specify only one port, specify it in the External port (start) field and leave the External port (end) field blank.
Internal port (start) / Internal port (end)- Port of the IP address specified in the Internal IP field, to which traffic from the router port specified in the External Port field will be forwarded. Specify the start and end values of the port range. If you need to specify only one port, specify it in the Internal port (start) field and leave the Internal port (end) field blank.
Internal IP- IP address of the server located on the local network. You can select the device connected to the router's LAN in this moment. To do this, select the appropriate IP address from the drop-down list (the field will be filled in automatically).
Remote IP- IP address of the server located on the external network (in most cases, this field must be left blank).

To set other parameters for an existing server, select the appropriate server in the table. On the page that opens, change the necessary parameters and click the “Change” button.

To save an existing rule, click on the "System" button and then "Save".

Port forwarding on TP-link routers.

Login to the web interface TP-Link router. Go to the menu "Forwarding" - "Virtual Servers". Click the "Add New" button.

Fill in the fields:
Service port - Network port, by which users will access your service.
Internal port- Internal port through which your service is available (within your local network).
Note: Service Port and Internal Port may be different.
IP address- Local IP address of your service, issued by the router.

Save the setting by clicking the "Save" button.

Port forwarding on ASUS routers.

Login to the web interface Asus router, select the "Internet" menu - the "Port Forwarding" tab, fill in the fields at the very bottom of the page.

Service name- arbitrary service name.

Port range- specify the ports from which the router will redirect incoming connections, for example, the port range 1000:1050 or individual ports 1000, 1010 or mixed 1000:1050, 1100.

Local address- the address to which the router will forward.

Local port- port number on the machine with IP to which the router will redirect connections;

Protocol- what type of connections should the router detect?

After specifying all the settings, click "Plus" to add a rule, then save the settings and click the "Apply" button.

Port forwarding on Zyxel routers.

Login to the web interface Zyxel router. Go to the "Security" - "Network Address Translation (NAT)" menu. Click "Add Rule".
In the new dialog box, complete the following items.

Attention! The field value must be specified correctly Interface. Depending on whether your ISP uses authentication (PPPoE, L2TP or PPTP), the meaning of this field may vary. If authorization with the provider is not used, you should always select the Broadband connection (ISP) interface. If your provider uses PPPoE to access the Internet, then you should select the appropriate PPPoE interface.
If you are given simultaneous access to the provider’s local network and the Internet (Link Duo), you need to select the Broadband connection (ISP) interface to forward a port from the local network, and select a tunnel interface (PPPoE, PPTP or L2TP) to forward a port from the Internet.

Packages to address– this field is active when no interface is selected. You can specify the external IP address of the Internet center to which packets will be sent. In the vast majority of cases, this item will not be useful to you.

In field Protocol you can specify a protocol from the list of presets that will be used when forwarding the port (in our example, TCP/21 is used - File Transfer (FTP)). If you select TCP or UDP in the Protocol field, you can specify a port number or a range of ports in the TCP/UDP Ports fields.

In field Redirect to address specify the IP address of the device on the local network to which the port is forwarded (in our example it is 192.168.1.33).

New destination port number– used for “port substitution” (for port mapping, for example from 2121 to 21). Allows you to broadcast calls to another port. Usually not used.

After filling in the required fields, click the Save button.

In this case, the rules for redirecting port 4000 via TCP and UDP protocol are specified.

As a result, a window with forwarding rules for tcp/4000 and udp/4000 should appear in the “Security” settings.

Connect to the web interface of the D-Link router and press the "Advanced settings" button.

Select "Virtual Servers" in the "Firewall" section.

In the window that opens, click "Add".

In the window that opens, set the necessary parameters for the virtual server. And click the "Change" button.

Sample- Select one of the six virtual server templates provided from the drop-down list, or select Custom to define your own virtual server settings.
Name- Virtual server name for easy identification. Can be arbitrary.
Interface- The connection to which the created virtual server will be attached.
Protocol- The protocol that the created virtual server will use. Select the required value from the drop-down list.
External port (start) / External port (end)- Router port from which traffic will be forwarded to the IP address defined in the Internal IP field. Specify the start and end values of the port range. If you need to specify only one port, specify it in the External port (start) field and leave the External port (end) field blank.
Internal port (start) / Internal port (end)- Port of the IP address specified in the Internal IP field, to which traffic from the router port specified in the External Port field will be forwarded. Specify the start and end values of the port range. If you need to specify only one port, specify it in the Internal port (start) field and leave the Internal port (end) field blank.
Internal IP- IP address of the server located on the local network. You can select the device currently connected to the router's local network. To do this, select the appropriate IP address from the drop-down list (the field will be filled in automatically).
Remote IP- IP address of the server located on the external network (in most cases, this field must be left blank).

To set other parameters for an existing server, select the appropriate server in the table. On the page that opens, change the necessary parameters and click the “Change” button.

To save an existing rule, click on the "System" button and then "Save".

Port forwarding on TP-link routers.

Go to the web interface of the TP-Link router. Go to the menu "Forwarding" - "Virtual Servers". Click the "Add New" button.

Fill in the fields:
Service port- Network port through which users will access your service.
Internal port- Internal port through which your service is available (within your local network).
Note: Service Port and Internal Port may be different.
IP address- Local IP address of your service, issued by the router.

Save the setting by clicking the "Save" button.

Port forwarding on ASUS routers.

Go to the web interface of the Asus router, select the “Internet” menu - the “Port Forwarding” tab, fill in the fields at the very bottom of the page.

Service name- arbitrary service name.

Port range- specify the ports from which the router will redirect incoming connections, for example, the port range 1000:1050 or individual ports 1000, 1010 or mixed 1000:1050, 1100.

Local address- the address to which the router will forward.

Local port- port number on the machine with IP to which the router will redirect connections;

Protocol- what type of connections should the router detect?

After specifying all the settings, click "Plus" to add a rule, then save the settings and click the "Apply" button.

Port forwarding on Zyxel routers.

Go to the web interface of the Zyxel router. Go to the "Security" - "Network Address Translation (NAT)" menu. Click "Add Rule".
In the new dialog box, complete the following items.

In field Redirect to address specify the IP address of the device on the local network to which the port is forwarded (in our example it is 192.168.1.33).

New destination port number– used for “port substitution” (for port mapping, for example from 2121 to 21). Allows you to broadcast calls to another port. Usually not used.