Port forwarding

Hosts on the private network are connected to an Ethernet switch or communicate via a wireless LAN.

The computers behind the router, on the other hand, are invisible to hosts on the Internet as they each communicate only with a private IP address.

External hosts must know this port number and the address of the gateway to communicate with the network-internal service.

Typical applications include the following: Administrators configure port forwarding in the gateway's operating system.

BSD and macOS operating systems prior to Yosemite (OS 10.10.X) implement it in the Ipfirewall (ipfw) module while macOS operating systems beginning with Yosemite implement it in the Packet Filter (pf) module.

The Universal Plug and Play protocol (UPnP) provides a feature to automatically install instances of port forwarding in residential Internet gateways.

[8] In addition to SSH, there are proprietary tunneling schemes that utilize remote port forwarding for the same general purpose.

[12] DPF can be implemented by setting up a local application, such as SSH, as a SOCKS proxy server, which can be used to process data transmissions through the network or over the Internet.

Programs, such as web browsers, must be configured individually to direct traffic through the proxy, which acts as a secure tunnel to another server.

Since data must pass through the secure tunnel to another server before being forwarded to its original destination, the user is protected from packet sniffing that may occur on the LAN.