====== Security Considerations ===== Secure your port forwarding configuration to protect your network. > //Port forwarding opens a hole in your router's firewall. Each open port is a potential entry point.// ===== Overview ===== Port forwarding punches a hole in your router's firewall. Every open port is a potential entry point for attackers. Follow security best practices to minimize risk. ===== Security Risks ===== * Opens hole in router firewall * Exposes services to internet attacks * Each open port is potential entry point * Automated bots scan common ports constantly ===== Security Best Practices ===== * **Only forward needed ports**: Close rules when no longer needed * **Use non-standard ports**: Change SSH from 22 to random high port * **Strong passwords**: Essential for any exposed service * **Keep software updated**: Patch vulnerabilities quickly * **Use TLS/SSL**: Encrypt web traffic with HTTPS * **Restrict by IP**: Limit access to specific IPs if possible * **Monitor logs**: Check for suspicious connection attempts ===== Never Forward These Ports ===== * Port 23 (Telnet) - unencrypted, insecure * Port 21 (FTP) - unencrypted, insecure * Port 3389 (RDP) - common ransomware entry point * Any port to unsecured IoT devices ===== Use VPN Instead When Possible ===== * WireGuard or OpenVPN more secure than port forwarding * Encrypts all traffic * Requires authentication before access * No ports exposed to internet ===== Additional Protections ===== * Enable fail2ban to block brute force attempts * Use firewall rules on server to restrict access * Implement rate limiting on services * Use two-factor authentication where available * Regularly audit open ports ===== References ===== * [[https://pingie.net/en/blog/port-forwarding-explained|Port Forwarding Explained: How It Works, Risks and Setup]] * [[https://routerhax.com/port-forwarding-explained/|What Is Port Forwarding? Why You Need It and How It Works]] ===== See Also ===== * [[hosting:networking:start|Networking Overview]] * [[hosting:networking:port_forwarding|Port Forwarding]] Last updated: 2026-06-19 * [[hosting:start|Return to hosting]]