Not connected, Your IP: 3.133.147.87
Online: 23578 users - 279428 Mbit/s total BWYou provide Remote Port Forwarding, what is it?
"Remote port forwarding" forwards traffic coming from the Internet to our VPN server ports to a specified local port.
By default, your account has no forwarded ports, and this is good as long as you don't wish to have a service reachable from the Internet. For example, suppose that you want to run a web server behind our VPN, or that you wish to receive incoming connections to your BitTorrent client in order to improve p2p performance, or to seed a file. Without at least one remotely forwarded port, your service could not be reached from the outside, because our VPN server would reject the proper packets to your service.
Usually this is a good security measure against attacks, but it prevents your services to be reached from the Internet. When you remotely forward an inbound port, our servers will open that port (TCP, UDP or both, according to your selection) and will properly forward incoming packets to you on that port.
The service will be reachable from the exit-IP address of the VPN server your system is connected to. You can forward up to 5 ports simultaneously. You can do that on our website, in your account "Client Area". A port will remain reserved to your account as long as it has a valid subscription plan, so you will not have to perform any over-annoying port changing in your listening program(s) settings.
You can't forward ports lower than 2048.
You can map a remotely forwarded port to a different local port: this is useful for a variety of cases, for example when your service listens to a hard-coded port lower than 2048 or when the port is already reserved. More details about it here below.
Once you reserve an inbound remote port for your account, you have two options:
- Leave the "Local" field empty. In this case, packets arriving to the VPN server exit-IP address port n will be forwarded to your machine IP address inbound local port with the very same number n
- Fill in the "Local" field with a different port number x. In this case packets arriving to port n will be forwarded to your system inbound local port x.
In both cases you need to reach the service on the VPN server exit-IP address port n.
You can also link a port to a specific device if you use multiple devices. In order to do so, select the proper device label on the "Device" combo box. If you select "All Devices", the port will be forwarded for all of your devices. Please check the following guide to manage your "devices" (client certificates and keys): https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/
IMPORTANT: do NOT forward on your router the same ports you use on your listening services while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes unencrypted packets to be sent outside the tunnel from your client. However, if you connect a router directly (for example DD-WRT, Tomato based firmware router) an additional step is required, please see how to forward ports in dd-wrt tomato with iptables: https://airvpn.org/forums/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/
NOTE: you can't reach your listening service(s) through the VPN server exit-IP address from the very same machine that's running it/them and is connected to a VPN server, or from any other machine connected to that same VPN server.