Local, Remote, and Reverse Forwarding


Depending on the logical location, network connectivity, and desired availability of the client and server software (or hardware) in use, different types of port forwarding may be needed.

Local Port Forwarding Diagram

When a public server is running on a machine in a LAN connected to the Internet through a gateway machine, the appropriate option is usually Local Port Forwarding, which involves letting connections from the Internet to the gateway machine be forwarded directly to the local servers. This enables the local servers to act as if they were directly connected to the Internet, even though technically the gateway machine is the one with the direct connection.

Remote Port Forwarding Diagram

Sometimes the goal is not to allow the whole Internet, but rather just a particular authenticated administrator, to have access to back-end servers. In this case, standard Remote Port Forwarding is appropriate. Perhaps the most common solution for standard remote port forwarding is Secure Shell (SSH). This type of forwarding is essentially like local port forwarding but where the forwarding apparatus has been stretched into two pieces.

Reverse Port Tunnelling Diagram

On the other hand, when a back-end server is situated in a LAN protected from incoming connections, and particularly when the server should be accessible only from specific individuals across the Internet, the most appropriate option is Reverse Port Tunnelling. With the forwards working in the opposite (reverse) direction from the tunnel session, a connection is established outbound from the back-end machine to a remote administration console. From the remote administration console, port forwards can be configured to allow local proxied access to the ports hosted by the back-end machine -- or by other servers in the back-end LAN. Essentially the administration console acts as a virtual gateway to the back-end LAN.

Advantages of Local Port Forwarding

Advantages of Reverse Port Tunnelling


Choosing a port forwarding scheme is one of the foremost steps in bringing network service deployment to fulfilment. Local port forwarding, such as that provided by AUTAPF, enables local LAN servers to be made available globally. Reverse port tunnelling, such as that provided by PortImport, delivers remote network services to your computer's doorstep while you maintain exclusive access. Choose your forwarding wisely.