LogoLogo
Island Router CLI Reference Guide 2.3.2
Island Documentation IntroductionIsland Router CLI Reference Guide 2.3.2
Island Router CLI Reference Guide 2.3.2
Island Documentation IntroductionIsland Router CLI Reference Guide 2.3.2
  • Overview
  • Context Sensitive Help
  • URL Format
  • Password Encryption and Public Key Authentication
  • Command Scheduler
  • Commands
    • auto-update
      • auto-update days
      • auto-update time
    • backup
      • backup interval
      • backup url
    • clear connections
    • clear dhcp-client
    • clear dump
    • clear everything
    • clear log
    • clear network
    • clear package
    • clear pin
    • clear ssh client-keys
    • clear ssh host-keys
    • clear ssh known-hosts
    • clear syslog
    • clear update
    • clear vpn-keys
    • compact
    • configure authorized-keys
    • configure known-hosts
    • configure network
    • configure terminal
    • description
    • duplex
    • end
    • ethernet polling
    • exit
    • help
    • history
      • history empty
      • history filter
      • history interval
      • history output-format
      • history rename
      • history url
      • history utc
    • hostname
    • interface
    • ip (interface context)
      • ip address
      • ip autoconfig
      • ip autovlan
      • ip arp-scan
      • ip arp-spoof
      • ip priority
      • ip dhcp6-client
      • ip dhcp6-server
      • ip dhcp-client
      • ip dhcp-lease
      • ip dhcp-monitor
      • ip dhcp-scope
      • ip dhcp-server
      • ip ident4
      • ip ident6
      • ip mtu
      • ip nat4
      • ip nat6
      • ip router-advertise
      • ip router-solicit
    • ip (global context)
      • ip ddns name
      • ip ddns ipv6
      • ip dhcp-reserve
      • ip dns local-only
      • ip dns mode
      • ip firewall
      • ip ipv6
      • ip load-sharing
      • ip max-clients
      • ip port-forward
      • ip route
    • led level
    • login confirm
    • login console
    • login remote
    • login support
    • mac output-format
    • ntp
    • package
    • packet level
    • parent
    • password
    • ping
    • reload
    • rollback
    • show clock
    • show config authorized-keys
    • show config known-hosts
    • show dumps
    • show free-space
    • show hardware
    • show history
    • show interface
    • show interface summary
    • show interface transceivers
    • show ip dhcp-reservations
    • show ip interface
    • show ip neighbors
    • show ip recommendations
    • show ip routes
    • show ip sockets
    • show log
    • show ntp
    • show packages
    • show public-key
    • show running-config
    • show ssh-client-keys
    • show startup-config
    • show stats
    • show syslog
    • show users
    • show vpns
    • show version
    • speed
    • ssh
    • stats
    • syslog
      • syslog level
      • syslog protocol
      • syslog server
    • telnet
    • terminal
      • terminal length
      • terminal terminal-type
      • terminal width
    • timezone
    • update
    • vpn key-exchange
    • vpn peer
      • vpn peer generate client
      • vpn peer host
      • vpn peer local-ip
      • vpn peer mac
      • vpn peer name
      • vpn peer public-key
      • vpn peer remote-ip
      • vpn peer route
      • vpn peer shutdown
      • vpn peer unapproved
      • vpn peer visible
    • vpn port
    • vpn renumber
    • vpn route
    • vpn server
      • vpn server auto-trust
      • vpn server auto-visible
      • vpn server no-local
      • vpn server pool
      • vpn server secret
    • vpn sort
    • write
      • write dump
      • write memory
      • write network
      • write syslog
      • write terminal
Powered by GitBook
On this page
  • Syntax
  • Syntax Description
  • Defaults
  • Usage Guidelines
  • Examples
  • Related Commands
Export as PDF
  1. Commands
  2. ip (global context)

ip port-forward

Create a permanent Destination Network Address Translation (DNAT) entry.

Syntax

ip port-forward tcp|udp [<public-ip>:]<public-port> <mac>|island [<dest-port>]

Syntax Description

Keyword
Description

tcp

Creates a TCP DNAT entry.

udp

Creates a UDP DNAT entry.

public-ip

(Optional) Specifies the IP address on which to accept incoming connections to be port-forwarded. If omitted, connections will be accepted on any of the Island's interface addresses.

public-port

The TCP or UDP port number on which to accept incoming connections.

mac

The MAC address of the device to which incoming connections are to be forwarded.

island

Specifies that incoming connections are to be forwarded to the Island itself.

dest-port

(Optional) The TCP or UDP port number on the target system. If omittied, the original destination port number is unmodified.

Defaults

By default, port-forwarded connections will be accepted on any of the Island's interface IP addreses, and the destination port number will not be modified.

Usage Guidelines

Island normally blocks all inbound connection attempts from the Internet (i.e., on WAN ports) or on other internal networks (LANs) to internal devices. This command provides a method to allow inbound connections to specific internal devices (or to the Island itself) on specific TCP and UCP ports. In essence, it opens a "hole" in the internal stateful firewall for specific internal services.

If the public IP address is not specified, connections will be accepted an any of Island's interface addresses on the specified TCP or UDP port. Use care when doing this on ports used for internal management (e.g., TCP ports 22, 443, and 4443) or incoming VPN connections (UDP port 51820 or as defined by the vpn port command, and UDP port 3006) as the port-forward will make those services unavailable on those ports.

If the public IP address is specified, connections will be accepted only on that address.

The maximum number of port-forward commands is 1024.

Examples

ip port-forward tcp 3074 00:00:5e:00:53:7a

Related Commands

Previousip max-clientsNextip route

Last updated 2 months ago