UniFi Network supports port forwarding, which allows you to make specific devices and their services available to the wider internet. This includes VoIP systems, servers such as Plex and many other things.
NOTE: For Ubiquiti hardware, such as UniFi Dream Machines, UNVR, UNAS and the Cloud Key devices - these do not require any port forwarding in order to be made accessible remotely.
If you want fast and reliable UniFi hosting, check out HostiFi with fast support, regular backups, managed updates and prices from just $9 per month.
To learn more about our hosting plans, create an account and get started today.
How to make a new rule
Making a new port forwarding rule is pretty simple within UniFi.
First you need to make sure you have a UniFi Gateway on your network. This is either a UXG Lite, UXG Max, UXG Pro or a USG model. Without a managed UniFI Gateway, then the port forward rules set in UniFi won't work.
To make a new rule, go to Settings
Then to Security
Then Port Forwarding
In here you can name the rule, then choose the WAN interface it will operate on - or both.
You can choose the port it will be forwarding from. If you are forwarding a range, then type in 4000-4100 for example. With a dash in-between.
If you doing multiple ports, use commas in-between. Such as 4100, 4500, 6000 etc.
Next, type in the forward IP address. This is the local IP address of the device you are forwarding from. Best practice is to have that device on a local static IP address, as when the IP address changes, the port forwarding rule will break.
Next choose what port to forward too, then the protocol and click Add Entry.
Things that will prevent port forwarding
Double NAT
Port forwarding requires your internet connection to have a public IP address. Some ISPs, WISPs and some plans on Starlink offer a CGNAT IP address instead. This is also referred to as double NAT and will break any port forwarding rules.
If your WAN IP address within any of the following ranges, then your ISP is supplying a CGNAT IP address.
10.0.0.0/8 (10.0.0.0 - 10.255.255.255)
172.16.0.0/12 (172.16.0.0 - 172.31.255.255)
192.168.0.0/16 (192.168.0.0 - 192.168.255.255)
100.64.0.0/10 (100.64.0.0 - 100.127.255.255)
This can be for a few various reasons. Either your ISP is doing CGNAT, or the modem before your main router/gateway is not in bridge mode. See if you can change the configuration on your ISP modem/router to be in bridge mode, so that your UniFi Gateway can obtain a public IP address on the WAN interface.
If you cannot put the ISP router into bridge mode, then you could do to port forwards for whatever service you need. One on the ISP router and then another on the UniFi Gateway. However, we would recommend terminating the internet connection on the UXG or USG wherever possible.
The port may already be in use
If you make a new port forwarding rule and it doesn't work, then you might already have that port in use on the network. For example, if you make a new rule to port 888 and it doesn't work, try using 887 and see if that makes any difference.
HostiFi
HostiFi provides hosting for both Ubiquiti and TP-Link software-defined-networking (SDN) applications, with servers for UniFi, UISP and Omada. We also offer professional networking consulting, with HostiFi Pro.
If you run into any issues, send an email to support@hostifi.com or contact us via live chat.