Skip to main content

Port Forwarding

warning

Expert Function

Swisscom recommends that this function only be configured by experienced IT specialists. Misconfigurations can lead to significant security risks, which can negatively affect both the customer installation and Swisscom's reputation.

Details are available in the FAQ


Port forwarding allows external requests for specific services to be directed to your internal network devices. This is particularly useful for applications such as web servers, games, or remote desktop.

Set up Port Forwarding to a Host

  • In the router portal, under the Network tab --> Port Forwarding

  • Add a rule using the "Add New Rule" button

  • In the Public IP Address field, determine the IP address on which the port forwarding should be set up.

  • Under Port, select a predefined appliance or a port. A custom rule can be created via "Custom Appliance" according to the needs.

  • Determine the local IP address and, if necessary, the local port for the target host. A deviating port for the target host can also be determined using "Custom Appliance".


Add new Custom Appliance

  • A new Custom Appliance can easily be created during port forwarding configuration in step 2 "Ports".

  • Open the dropdown menu and select "Add Custom Appliance" in the selection list.

  • Name the appliance, select the required protocol, and enter the desired port or port range under Ports. The list of required ports can be entered using the "Add Ports" button.


Restrictions

  • When port forwarding is active on a fixed public IP address, the settings 1:1 NAT, Public IP addresses from all LAN ports (DHCP), and Public IP addresses from LAN port 1 (DMZ) can no longer be activated. If port forwarding is set up on the router IP address, a local security gateway can no longer be used.

  • BNS/EC-S contract

FAQ - Port Forwarding

Which risks should be considered?
  • Increased Attack Surface: Opening specific ports to external requests makes the network more vulnerable to outside attacks.
  • Security Vulnerabilities: If the forwarded services or devices have security vulnerabilities, these can be exploited by attackers.
  • Unauthorized Access: Insufficiently secured or poorly configured port forwarding can allow attackers to access your internal network.
  • DDoS Attacks: Open ports can be used as attack vectors for Denial-of-Service (DDoS) attacks, which can overload and shut down the service.

To minimize these risks, ensure that devices and services are always up-to-date and have strong security measures. An additional use of the firewall on the Centro Business increases security.

Can I forward multiple devices on the same port?

No! A port can only be forwarded to one IP address in the network.

Can a port forwarding be created if multiple public fixed IPs are subscribed to?

Yes. Port forwardings can be configured on every available public fixed IP, provided that DMZ, 1:1 NAT, IP Passthrough, and PPP Passthrough are not used.

info

Is something missing here? Provide feedback! pilot@swisscom.com Describe in which area what is expected or what could be improved.

Last updated on