Port Forwarding Guide
Port Forwarding in DC CORE lets you securely map a local listening port on one device to a target host and port on a remote device. This makes it possible to reach services through the DC CORE relay network without exposing the service directly to the public internet.
Use Port Forwarding when you need to connect one device to another through a controlled tunnel for administration, testing, or service access.
What Port Forwarding Does
Port Forwarding creates a link between:
- A Listening Device and Listening Port.
- A Remote Device (Advertiser) and its Target Host and Target Port.
The routing is handled through the selected Relay Ingress, along with the address and tunnel key that identify and secure the connection.
This is useful when you want to reach a service on a remote device without opening inbound ports publicly.
Opening Port Forwarding
- Open the Central portal.
- Go to the Port Forwarding section.
- Click New Port Forwarding.
The Create Port Forwarding dialog will appear with all the fields needed to define the connection.
Create Port Forwarding Fields
The creation form includes the following fields:
Description
A human-readable label for the port forwarding rule. Use this to describe what the tunnel is for.
Listening Device
The device that will accept the incoming local connection.
Listening Port
The port on the listening device that will receive the traffic.
Remote Device (Advertiser)
The remote device that is advertising the service to be reached.
Target Host From Remote Device
The host address on the remote device where the service is actually running.
Target Port From Remote Device
The port on the remote device where the target service listens.
Relay Ingress
The relay ingress zone used to route the connection.
Address
The address assigned to the forwarding rule.
Tunnel Key
The key used to secure the tunnel and bind the forwarding path.
Enabled
Turn this on when you want the forwarding rule to be active.
How to Create a Rule
- Click New Port Forwarding.
- Enter a clear Description.
- Select the Listening Device.
- Enter the Listening Port.
- Select the Remote Device (Advertiser).
- Enter the Target Host From Remote Device.
- Enter the Target Port From Remote Device.
- Select the Relay Ingress.
- Confirm the Address and Tunnel Key.
- Check Enabled.
- Click Save.
Once saved, the forwarding rule is created and can be used immediately if enabled.
What the Form Means
The screenshot shows a form-based workflow rather than a simple public port open/close model. That means the forwarding path is created intentionally and tied to the correct device, target host, and tunnel identity.
This helps keep access controlled, traceable, and managed inside DC CORE.
When to Use Port Forwarding
Use Port Forwarding when you need to:
- Reach a service on a remote machine.
- Test a service through a secure path.
- Expose a local service to a controlled remote listener.
- Connect two managed devices without exposing either one directly to the internet.
Best Practices
- Use a clear description so the rule is easy to identify later.
- Double-check the listening port and target port before saving.
- Confirm the correct remote device is selected.
- Leave the rule disabled until you are ready to use it.
- Review the relay ingress and tunnel key if the route does not work as expected.
Troubleshooting
Rule Does Not Work
If the forwarding rule does not connect:
- Confirm the listening device is correct.
- Confirm the target host and target port are correct.
- Make sure the rule is enabled.
- Check that the remote device is advertising correctly.
- Review the relay ingress selection.
Service Is Not Reachable
If the tunnel is up but the service is not reachable:
- Verify the target service is running on the remote device.
- Confirm the service is listening on the expected port.
- Check the host value entered in the form.
- Ensure the tunnel key and address are valid.
Summary
Port Forwarding in DC CORE creates a secure, controlled mapping between a local listening port and a remote device service. It is designed for private access, service routing, and controlled connectivity without exposing infrastructure directly to the public internet.