EdgeRouter - Port Forwarding


Readers will learn how to forward UDP and TCP ports to an internal server using the Port Forwarding feature.

  • Applicable to the latest EdgeOS firmware on all EdgeRouter models.
  • The latest EdgeOS firmware can be downloaded from the EdgeRouter Downloads page.
  • More information on the Ubiquiti Network Management System can be found on the UNMS website.

Table of Contents

  1. Frequently Asked Questions (FAQ)
  2. Adding Port Forwarding Rules
  3. Related Articles

Frequently Asked Questions (FAQ)

Back to Top

What is the difference between Destination NAT and Port Forwarding?

Destination NAT and Port Forwarding serve the same purpose and can both be used to forward ports to an internal host behind NAT.

Do I need to manually add firewall entries for each Port Forwarding rule?

No, see the steps below.

Do I need to manually configure Hairpin NAT?

No, see the steps below.

When using Hairpin NAT, add the LAN interfaces of all networks that need to use the router's external address to access the internal host(s).

Adding Port Forwarding Rules

Back to Top


The HTTPS traffic (TCP port 443) from external clients will be forwarded to the UNMS server.

Follow the steps below to add the Port Forwarding rules to the EdgeRouter:

GUI: Access the EdgeRouter Web UI.

1. Select the WAN and LAN interfaces that will be used for Port Forwarding. The auto-firewall feature will automatically open the required ports in the firewall.

Firewall / NAT > Port Forwarding

  • Check: Show advanced options
  • Check: Enable auto firewall
  •  Check: Enable Hairpin NAT
WAN interface: eth0
LAN interface: eth1 
ATTENTION:The WAN and LAN interfaces might differ depending on your EdgeRouter model and setup. For example, the ER-X / ER-X-SFP / ER-10X / ER-12 / ER-12P and EP-R6 are able to use switch0 as the LAN interface. There is an example in this community post.

2. Add the port-forwarding rules for TCP ports 443.

+Add Rule

Original port: 443
Protocol: TCP
Forward-to address:
Forward-to port: 443
Description: https

3. Apply the changes.

The above configuration can also be set using the CLI:

CLI: Access the Command Line Interface.You can do this using the CLI button in the GUI or by using a program such as PuTTY.

set port-forward auto-firewall enable
set port-forward hairpin-nat enable
set port-forward wan-interface eth0
set port-forward lan-interface eth1

set port-forward rule 1 description https
set port-forward rule 1 forward-to address
set port-forward rule 1 forward-to port 443
set port-forward rule 1 original-port 443
set port-forward rule 1 protocol tcp

commit ; save

Related Articles

Back to Top

EdgeRouter - Destination NAT

EdgeRouter - Hairpin NAT

Intro to Networking - How to Establish a Connection Using SSH

Was this article helpful?
148 out of 313 found this helpful