This article describes how to enable & configure port forwarding on ISP Wireless devices, as well as steps to test & troubleshoot that port forwarding was successfully set up. The instructions in this guide assume that your device is already configured with an active Internet connection.
- Steps: How to Port Forward on airCube
- Testing & Verification
- Steps: How to Port Forward on airMAX
Port forwarding is required in order to access devices behind a NAT. For example, if a web server or SSH server is running at a home location, and you would like to reach those devices from outside your home network.
Most home routers have NAT (Network Address Translation) enabled. To access a service behind the router's NAT (LAN side), Port Forwards must be used (sometimes called Destination NAT). For example, if you choose not to enable remote accessibility for your UniFi Network application, and you are attempting to reach it from outside your network, you will need to use Port Forwarding.
In this example, we will be Port Forwarding TCP 8443 (GUI) and TCP 8080 (device inform) to a UniFi Network application behind an airRouter. In Router mode on the airRouter LAN = WAN Port and Bridge0 = your LAN. Depending on your model, this may be different. For the purposes of this article, the private IP address of the UniFi Network application will be 203.0.113.48.
Note: The device being Port Forwarded to should either have a static IP (with a router as default gateway) or a DHCP Lease Reservation. If not, your Port Forward may stop working on a router or device reboot.
Steps: How to Port Forward on airCube
The following steps apply to airCube on firmware version 2.4.0 and above.
- Navigate to the airCube's LAN address. By default, the LAN address is 192.168.1.1.
- Update to the latest stable firmware version. Find this firmware in our Downloads page.
- Log in to the airCube's user interface and navigate to the Network page.
- Select the Port Forward tab.
- Click the Add New Rule button.
- Give the new rule a descriptive name, then configure your source port, internal IP address, destination port, and protocol.
Testing & Verification
From outside the network, test the port forward by trying to reach the internal device. In the example above, external traffic is being forwarded from the router’s WAN IP to the web server that has the internal IP address of 192.168.1.155. The web server is running on port 80, but it can be reached by typing the public IP into the browser and pointing towards port 8080. For example, if the public IPv4 address is 203.0.113.54, the website should be reached successfully by going to http://203.0.113.54:8080
Steps: Port Forwarding on airMAX
1. Navigate to the Network tab of the airMAX device.
2. Under Port Forward, enter the port forwarding details. The minimum info required is:
- Private IP
- Private Port
- Public Port
Once you have entered these details, make sure to click Add and Change.
3. (Optional) If you would like to restrict access to the port forward, you can also add a Source IP/CIDR subnet mask. For example, adding 192.0.2.1/32 to Source IP/Mask would allow only 192.0.2.1/32 to access the Port Forward.
4. Test your Work. Once all Port Forwards have been added and applied, you can test from outside your LAN. In this example, you would try to access https://203.0.113.48:8443 from another connection to verify the port forwarding was set successfully.
Still having trouble? Check the following:
- Verify the device IP and service are available on the LAN.
- Verify that the device has the correct default gateway/subnet if configured with a static IP. The gateway should be the airRouter IP in this example.
- Check that your router is getting a public IP address (not private RFC 1918).
- Some ISPs will block common service ports like http/80, https/443, smtp/25. If trying to forward one of these, please confirm with ISP and/or check with TCPDump to verify packets are hitting the router.
For this example, run this command:
tcpdump -i eth0 port 8443