This tutorial will look at a step-by-step guide on how to port forward on UniFi devices. When you port forward on your UniFi firewall, you’re allowing external users to access a device on your local network.
What is Port Forwarding and How Does it Work on UniFi Devices?
Port forwarding allows you to expose services on your local network to external users on public networks. A port forwarding rule creates a mapping between a public IP address and a private device and can be used for things like remote access, accessing services, and gaming
It’s generally a best practice to access your local resources by using a VPN server like WireGuard, OpenVPN, L2TP, or even Teleport (a UniFi-specific service). This ensures that users will authenticate to the VPN tunnel before accessing local services, but port forwarding is used for various services like website hosting where utilizing a VPN is not an option (though hosting a VPN server on a separate device will require port forwarding).
There are risks with port forwarding, as you’re exposing a service on your local network to the world. It’s important to always follow best practices and ensure that this is the best way to manage the overall requirements before proceeding.
If you’ve determined that you’d like to configure port forwarding, you can follow the steps below on how to port forward on UniFi devices.
How to Port Forward on UniFi Routers
The steps below will show how to port forward on UniFi for devices on your local network. It’s important to note that if you’re using a VPN that’s hosted on your UniFi Firewall, you won’t actually port forward – instead, a firewall rule will be created allowing internet access into your firewall.
1. Open the Settings and select Security.
2. Select Port Forwarding from the top menu, then select Create Entry at the bottom.
3. Update the port forward settings using the information below:
- Name: Port forward rule name (for your usage to know what this rule is for).
- From: Use Any to allow traffic from all IP addresses or Limited to limit it to a specific IP address.
- To limit access, you can enter an individual IP address, IP range, or subnet.
- Port: The port you’d like to forward.
- Forward IP: The local IP address of the service you’d like to expose.
- Forward Port: Same as the port listed above.
- Protocol: TCP or UDP. Depending on the service you’re using, select one or the other (unless you want to do both).
- Logging: If you’d like to enable logging, you can check this option off.
4. After completing these steps, the port forwarding rule is created and accessible. By default, a firewall rule will be created (viewable in the Firewall Rules tab), though the rule cannot be altered.
Limiting Access on Port Forwarding Rules
When the UniFi port forwarding rule is created, you have the option to limit access to an IP address, range, or subnet. However, the true value of limiting access to port forwarding rules is with UniFi’s Firewall, and an Internet In rule.
This allows you to limit access various ways, meaning IP addresses, but also by setting country restrictions and more. Firewall rules are a huge part of any UniFi network and if you’re port forwarding, you must understand how they work, so check out our tutorial on UniFi Firewall Rules.
Conclusion & Final Thoughts on UniFi Port Forwarding
This tutorial looked at how to port forward on UniFi devices. As mentioned above, if you’re looking to access your personal services remotely, utilizing a VPN is a better overall option. However, port forwarding is required for certain scenarios (even VPN servers), and the process is relatively straightforward with UniFi and Ubiquiti.
Thanks so much for checking out the tutorial on how to port forward on UniFi devices. If you have any questions, feel free to leave them in the comments!
