# ip port-forward

## Syntax

```
ip port-forward tcp|udp [<public-ip>:]<public-port> <mac>|island [<dest-port>]
```

## Syntax Description

<table><thead><tr><th width="203">Keyword</th><th>Description</th></tr></thead><tbody><tr><td><code>tcp</code></td><td>Creates a TCP DNAT entry.</td></tr><tr><td><code>udp</code></td><td>Creates a UDP DNAT entry.</td></tr><tr><td>public-ip</td><td>(Optional) Specifies the IP address on which to accept incoming connections to be port-forwarded. If omitted, connections will be accepted on any of the Island's interface addresses.</td></tr><tr><td>public-port</td><td>The TCP or UDP port number on which to accept incoming connections.</td></tr><tr><td>mac</td><td>The MAC address of the device to which incoming connections are to be forwarded.</td></tr><tr><td><code>island</code></td><td>Specifies that incoming connections are to be forwarded to the Island itself.</td></tr><tr><td>dest-port</td><td>(Optional) The TCP or UDP port number on the target system. If omittied, the original destination port number is unmodified.</td></tr></tbody></table>

## Defaults

By default, port-forwarded connections will be accepted on any of the Island's interface IP addreses, and the destination port number will not be modified.

## Usage Guidelines

Island normally blocks all inbound connection attempts from the Internet (i.e., on WAN ports) or on other internal networks (LANs) to internal devices. This command provides a method to allow inbound connections to specific internal devices (or to the Island itself) on specific TCP and UCP ports. In essence, it opens a "hole" in the internal stateful firewall for specific internal services.

If the public IP address is not specified, connections will be accepted an any of Island's interface addresses on the specified TCP or UDP port. Use care when doing this on ports used for internal management (e.g., TCP ports 22, 443, and 4443) or incoming VPN connections (UDP port 51820 or as defined by the [vpn port](/island-router-cli-2.3.2/commands/vpn-port.md) command, and UDP port 3006) as the port-forward will make those services unavailable on those ports.&#x20;

If the public IP address is specified, connections will be accepted only on that address.

The maximum number of port-forward commands is 1024.

## Examples

```
ip port-forward tcp 3074 00:00:5e:00:53:7a
```

## Related Commands


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.islandrouter.com/island-router-cli-2.3.2/commands/ip-global-context/ip-port-forward.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.