By default, Keenetic routers do not allow incoming connections from the Internet to computers and other network devices on your home network. Imagine that you have a webcam working at your home and connected to the Internet through a Keenetic router. Computers on your home network will be able to connect to it, but you won't be able to connect to your webcam from the Internet without port forwarding. In this case, sometimes it is said that 'you need to open the port on the router'. The term 'port forwarding' can sometimes be replaced by the same term 'port mapping'.
Port forwarding is a part of the NAT (Network Address Translation) mechanism. Port forwarding aims to provide access from the Internet to your network services using an open port.
With the UPnP service, home network devices can allow their own connections. UPnP allows you to forward ports automatically. Nowadays, torrent clients, messengers, game consoles, media servers and others use UPnP. Enable the UPnP service on your home network device or application. For a Keenetic router to accept UPnP settings, all you need to do is make sure that the UPnP service component is installed, allowing you to configure the necessary NAT and firewall rules automatically. You can do this on the General system settings page in the 'Updates and components options' section by clicking on 'Component options'.
In some cases, you may need to open certain ports manually. For example, to provide access from the Internet to a network storage (NAS) or server (WWW, FTP, etc.) on a local network; to provide remote access from the Internet to a computer on a home network using special services for remote connection of desktops (Remote Desktop from Windows, or via Radmin, VNC, etc.); to perform a port mapping from one port to another.
NOTE: Important! Port forwarding will only work if the router uses a public IP address to access the Internet. You will find more information in the article What is the difference between a public and private IP address?.
TIP: Tip: Before setting up port forwarding, find out which protocol and port number is used in the application, network device or server. Usually, this information can be found in the settings menu or documentation. If you do not know which port number is being used, go to http://www.portforward.com/ports.htm for information. There you will find a list of the most popular applications, protocols and their port numbers.
Below is an example of port forwarding configuration in the Keenetic router.
Suppose you want to provide access to your home computer from the Internet using the Windows Remote Desktop (RDP) application (server).
In Keenetic's settings, you will need to open a specific TCP/UDP port used for incoming connections. In this example, RDP uses TCP port number 3389 by default.
Register the connected device on the home network to which the ports will be redirected. When registering, you must enable the 'Static IP' option so that the computer on the home network always receives the same IP address. You can find more information in the article Connected device registration.
1. Port forwarding
Go to the 'Forwarding' page and click 'Create Rule'.
In the 'Port forwarding rule' window that appears, configure the rule.
Select an interface or set a subnet for incoming traffic, protocol, and port to be passed to the local network. Select the connected device or interface to which the appropriate traffic is forwarded.
You need to specify the value of the 'Input' field correctly. Select the connection or interface through which Keenetic accesses the Internet in this field. In most cases, you should select the 'Provider' interface. If you have an Internet connection via PPPoE, PPTP or L2TP, you should choose the appropriate connection. When connecting to the Internet via a 4G/3G USB modem, you should specify this connection, and when connecting via WISP, select the connection with the name of the network to which Keenetic is connected.
In the 'Output' field, select the device, connection or interface to which the appropriate traffic will be forwarded (in our example, it is a PC registered in the home network). In the 'Output' field, you can select 'Other device' and specify the IP address. If you select 'This Keenetic', the destination address will be Keenetic itself.
In the 'Protocol' field, you can specify a protocol from the list of pre-installed ones, which will be used when redirecting the port. If you choose 'TCP' or 'UDP', you can manually specify the port number or port range (in our example, the 'TCP' protocol is used, and in the 'Open the port' field, the application port 3389 is specified).
In the 'Work schedule' field, you can add a schedule, according to which this rule will function.
NOTE: Important! To check the port forwarding performance, you need to access the router's WAN interface from the Internet. Port forwarding will not work when accessing from the local network.
Now, to connect to the desktop from the Internet, you will need to use Keenetic_WAN_IP_address:port_number.
For instance: 109.210.53.211:3389
NOTE: Important! There is no need to make additional firewall settings because the router opens access to the specified port by itself when you use the forwarding rule.
TIP: Tip: If you want to open a range of ports, when creating a forwarding rule, select 'Port range' in the 'Rule type' option and enter the start and end number of the range in the 'Open the ports' fields. For example, to open the TCP port range of 45000 - 65000, create the following rule:
2. Port forwarding with the port number changing (port mapping)
Sometimes, you need to change one port number X to another Y. Port mapping can be used in case of blocked standard port numbers on the ISP side or when the required port numbers are already occupied.
2.1 Let's take an example of an RDP server running on TCP port number 3389 and being accessed from the Internet using the new port number 4389. In this case, the connection to port 4389 will be forwarded to the specific local IP address and port 3389.
In the 'Open the port' field, specify a new destination port (for Internet access), and in the 'Destination port' field, enter the real port number used on the server in the local network.
NOTE: Important! When creating a port forwarding rule, the port mapping will only work from the WAN to the LAN (Internet to a home network). Port forwarding will not work when accessing from the home network.
Now, to connect to the desktop from the Internet, you will need to use Keenetic_WAN_IP_address:new_port_number
For example, 109.210.53.211:4389
2.2 For example, two identical IP cameras (with IP addresses 192.168.1.101 and 192.168.1.102) are placed in the local network of the Keenetic router, and their web interfaces are available on port 80. It is necessary to configure remote access to IP cameras from the Internet.
In this case, we use port mapping to make the web interface of the first camera available when accessing from the Internet on port 10101 and the second camera on port 10102.
Now, to connect to IP cameras from the Internet, you will need to use Keenetic_WAN_IP_address:new_port_number
For example, 109.210.53.211:10101 to access the first camera and 109.210.53.211:10102 to access the second camera.
TIP: Tips:
If port forwarding does not work for some reason, see the article What to do if port forwarding doesn't work.
Sometimes there is a task to organize a DMZ-host in the local network of the Keenetic router (it can be a web-server, a network video recorder, IP camera or another device), which has all the ports open and thus provide full access to it from the Internet: Forwarding all ports to the local host (DMZ host).
Read In what cases should I Use Port Forwarding and Firewall Rules?.
Additional information for connecting game consoles: Using Xbox and PS4 when connecting via Keenetic.
If there is a public IP address for Internet access, with the help of the port forwarding setting, you can organize remote access to the device of the local network: Internet access to an IP camera connected to a Keenetic device.