Port forwarding is a router configuration that directs incoming traffic on a specific WAN port to a specific device and port on the LAN. It is one way to provide remote access to a device behind a router: rather than the device being directly addressable from the internet, the router accepts traffic on its own public IP and forwards it inward.

In short: Port forwarding is configured in the router's firewall rules. A typical example is forwarding TCP port 443 on the router's WAN IP to port 443 on an internal camera, so a remote operator can reach the camera's web interface by visiting the router's public IP. Multiple devices behind the same router can be made remotely accessible by mapping different external ports to different internal addresses (port 8443 to camera 1, port 8444 to camera 2, and so on).

Port forwarding has fallen out of favour for IoT deployments because the security trade-off is poor. Any forwarded port is exposed to the entire internet. Automated scanners find it within minutes. Any weakness in the device firmware, default credentials, or unpatched vulnerabilities becomes immediately exploitable.

Better alternatives include VPN access (engineers connect to the router via VPN, then access internal devices over the VPN), reverse-tunnel solutions (the router initiates an outbound connection to a management platform, which engineers access through that platform; Teltonika RMS works on this principle), and zero-trust remote access platforms. CGNAT-restricted networks (most cellular IoT SIMs without a public IP) make port forwarding impossible anyway, which has accelerated the shift to outbound-tunnel architectures.