What Is A Source Target In Port Forwarding?

What Is A Source Target In Port Forwarding?


Port Forwarding is a method of opening ports on your router or firewall to allow incoming connections to services (software/apps) running on computers inside your local network.

Source refers to where the request originates from, which is typically the location of the client that wants to gain access to the service. With Network Port Forwarding, you can redirect individual client requests for access through your router so they are able to connect directly with the server on your network. Source Target simply means what destination IP address and TCP port combination you choose to open up for incoming connection requests. You need both Source and Destination in order to port forward successfully.

What is source and target in Port Forwarding?

When configuring a router or firewall to allow certain types of traffic through it, the same content can be sent from multiple different sources. To differentiate between these sources we use “Source” and “Target”.

The Source tells us where the traffic comes from: Is this PC unique requesting this specific type of traffic or does it come from all PCs on my LAN? The Target tells us where the traffic should go: Is that data destined for my PC, all PCs on my LAN or even beyond that such as another country?

For example

If you wanted to configure port forwarding so that incoming HTTP requests on port 80 are forwarded to your web server application running on your router itself then you would enter the IP address of your web server and the UDP port number 80 as the “Target”.


The source is set to “Any” because we want to forward incoming HTTP requests to all PCs on your network. You could also use a specific PC’s local IP address or Subnet, but that means that you would not be able to access it from another computer on the network because any traffic sent from that Computer A to your Router/Firewall will not match this rule since it does not come from “Any”.

You should make sure you handle incoming traffic on non-standard ports elsewhere in your firewall. If you only have one firewall/router and two computers connected directly (PCs A and B) then forwarding packets between the two might be sufficient. If you have multiple computers (PCs A, B and C) then you will need rules for forwarding packets between PC A and PC B; rules to forward packets between PC B and PC C; and potentially even rules to forward packets between PC A and PC C.


When configuring port forwarding in this way the “Target” is usually called the Local IP address or Local Destination. The remote (Internet) IP address (or destination) is set to your public WAN IP address because we are only interested in packets coming from outside your network sent to your router/firewall which has that specific public IP address assigned to it by your ISP.

An example

When the source would be different if someone was trying to hack into your server or exploit a known vulnerability in that service. So instead you could have it set to “Any” if you are not sure what the source will be and just leave it at that. Alternatively, if you wanted to allow SSH access from all PCs on your LAN then you would enter their individual IP addresses as the source (one per line) since this is unique traffic.

You should make sure that any other firewalls between your router/firewall and PCs which might need to talk through it allow UDP packets on port 80 (or whatever other service you want them to use). Make sure they do not block these packets by default otherwise they won’t be able to communicate with each other correctly.

If instead of using incoming HTTP packets you wanted outgoing HTTP requests to be forwarded to your web server then the target would be your web server’s local IP address or Subnet, with the source set to “Any”.

Forwarding UDP Traffic

If you want to forward all UDP traffic between two networks (LAN A and LAN B) on different sides of a router which uses NAT then you might try setting the Source / Destination network as follows:

Source is always “<Your Public WAN IP>/32”, Target is either both subnets of the router behind it, or just one subnet depending on what you are trying to achieve. Default gateway is the public IP address of that other side of the router.


The above article should help you to understand what port forwarding is, how it works and how to configure your router.

Please remember that the examples given are only basic guidelines. You will need to configure your router interface for your specific circumstances, or consult your ISP for guidance on this.

The source and target parameters can be any combination of PC’s local IP addresses or subnets that you want to use. The router/firewall should then forward packets between these, but not allow any other traffic to pass through it for the specified ports.

Please consult your ISP if you are unsure what external address to use for this or other aspects of port forwarding configuration on your network.

Recent Posts