Port forwarding or port mapping is a name given to the combined technique of
1.translating the address or port number of a packet to a new destination
2.possibly accepting such packet(s) in a packet filter (firewall)
3.forwarding the packet according to the routing table.
The destination may be a predetermined network port (assuming protocols like TCP and UDP, though the process is not limited to these) on a host within a NAT-masqueraded, typically private network, based on the port number on which it was received at the gateway from the originating host.
The technique is used to permit communications by external hosts with services provided within a private local area network
Port forwarding allows remote computers (for example, computers on the Internet) to connect to a specific computer or service within a private local-area network (LAN).
In a typical residential network, nodes obtain Internet access through a DSL or cable modem connected to a router or network address translator (NAT/NAPT). Hosts on the private network are connected to an Ethernet switch or communicate via a wireless LAN. The NAT device’s external interface is configured with a public IP address. The computers behind the router, on the other hand, are invisible to hosts on the Internet as they each communicate only with a private IP address.
When configuring port forwarding, the network administrator sets aside one port number on the gateway for the exclusive use of communicating with a service in the private network, located on a specific host. External hosts must know this port number and the address of the gateway to communicate with the network-internal service. Often, the port numbers of well-known Internet services, such as port number 80 for web services (HTTP), are used in port forwarding, so that common Internet services may be implemented on hosts within private networks.
Typical applications include the following:
Running a public HTTP server within a private LAN
Permitting Secure Shell access to a host on the private LAN from the Internet
Permitting FTP access to a host on a private LAN from the Internet
Administrators configure port forwarding in the gateway’s operating system. In Linux kernels, this is achieved by packet filter rules in the iptables or netfilter kernel components. BSD and Mac OS X operating systems implement it in the Ipfirewall (ipfw) module.
When a port forward is implemented by a proxy process , then no packets are actually translated, only data is proxied. This usually results in the source address (and port number) being changed to that of the proxy machine.
Port forwarding opens certain ports on your home or small business network, usually blocked from access by your router, to the Internet. Opening specific ports can allow games, servers, BitTorrent clients, and other applications to work through the usual security of your router that otherwise does not permit connections to these ports.
If you are running servers inside your network, which are going to be accessed from the outside world, you have to use port forwarding on your router.
Within the router it forwards certain ports to specific servers.
If you have a webserver and you want to access it from outside the local network, you will have to port forward port 80.
e.g: email server, web server, ftp server etc.
you can only port forward a single port for a single public IP to the single IP to that port inside the network.
e.g: 220.127.116.11:80 port forwarded to 192.168.1.10:80, but if you are using another web server then you will have to you another port
webserver(192.168.1.10:80)<->switch<->(192.168.1.1)router(18.104.22.168:80)<->internet(someone accessing 22.214.171.124:80)
e.g. SMB router
sometimes the common services are already mentioned and you simply have to mention the destination IP (e.g. FTP 21->21 to IP 10.1.10.20)