Port Forwarding

Port forwarding is a crucial feature used in M2M and IoT deployments where remote access to LAN-connected devices (such as CCTV NVRs, PLCs, or industrial control panels) is required through a cellular router using a SIM card for connectivity.

In simple terms, port forwarding allows traffic from the internet to reach specific devices on the internal LAN, even though they’re hidden behind the router’s firewall.

How Port Forwarding Works in IoT/M2M Setups

When using a Fixed Public IP SIM card, your cellular router is assigned a publicly accessible IP address. This enables you to:

1. Connect remotely to the router’s WAN interface via its public IP.
2. Use port forwarding rules within the router to redirect incoming traffic (e.g., port 8000) to a specific internal LAN IP and port (e.g., 192.168.1.200:8000).
3. Access the device remotely — such as logging into a CCTV NVR, web server, or SCADA system.

For example:

• Public IP: 80.80.80.100
• Port forwarding rule: Forward port 8000 to 192.168.1.200:8000
• Result: Accessing http://80.80.80.100:8000 takes you directly to the internal device.
• Shows a user connecting via internet to the router’s public IP, and traffic being forwarded to an NVR on the LAN.

Port Forwarding with Private IP SIM Cards

When a Private IP SIM is used, the router does not have a public-facing IP. It is part of a private mobile network, and cannot be accessed directly from the internet.

To enable remote access in this setup:

1. The user first connects to a VPN (hosted by the SIM provider or customer), which places them inside the same private network as the router.
2. Once inside the VPN, they can access the router’s private IP (e.g., 10.100.10.10).
3. From the router, port forwarding rules then allow access to devices on the LAN.

This method is especially common in secure deployments, where exposure to the public internet is undesirable.

For example:

• VPN connection to SIM provider network
• Router private IP: 10.100.10.10
• Port forwarding rule: Forward port 502 to 192.168.1.50:502 (Modbus device)
• Result: Secure access to the Modbus device via VPN → router → forwarded port.
• Shows a secure VPN connection path to a private IP router, with port forwarding to local devices.

Practical Use Cases

• CCTV Systems: Forward HTTP or RTSP ports from the router to a Network Video Recorder (NVR) to view live feeds remotely.
• Remote SCADA Access: Use Modbus or other industrial protocols to query devices behind a router.
• IoT Dashboards: Expose HTTP or MQTT ports from a device like a Raspberry Pi to the cloud or a control centre.

Important Configuration Notes

For port forwarding to function correctly:

• Devices on the LAN must be assigned a static IP (e.g., 192.168.1.100)
• Each device must have the correct subnet mask (e.g., 255.255.255.0)
• Most importantly, they must have the default gateway set to the router’s LAN IP (e.g., 192.168.1.1)

If the gateway is not set, the device won’t know how to send responses to external traffic coming through the router.

Security Considerations

When using Fixed Public IP SIMs, port forwarding opens your devices to the wider internet, which comes with risks:

• Firewall Rules: Restrict access only to necessary ports and known source IPs.
• Use Strong Passwords: All exposed devices should use non-default, complex credentials.
• TLS/HTTPS Encryption: Secure web interfaces where possible.
• Disable Unused Services: Only expose the minimum services required for remote access.

📌 For enhanced security, consider using a VPN tunnel, even when using public IP SIMs, to encrypt traffic end-to-end.

Summary

Port forwarding is a powerful tool in M2M and IoT router deployments, enabling remote access to devices behind the router. Whether using Fixed Public IP SIMs or Private IP SIMs with VPN access, careful configuration and attention to security are essential for reliable and safe operation.