how-to block ads
New connections from the outside to a certain port or port range go to a designated LAN machine. The ports are determined by the kind of server you want to run, (e.g. 80 for a web server) and the IP is the private LAN IP of your web server.
Port triggering: new connections from the outside to a certain port go to whatever LAN machine made a certain outgoing connection (as defined by destination port).
Example: You define port 25 as trigger and 113 as port. If any of your LAN machines creates a outgoing connection (=trigger) to port 25 (e.g. to send mail), all incoming connections to port 113 will temporarily go to that machine. After a timeout, new 113 connections will again be dropped.
No port forwarding defined:
Only return traffic of connections established from the LAN side can make it to the LAN. They go to the machine that requested the packet according to the dynamic NAT table in the router. This mode is sufficient for typical internet use (browsing, e-mail, downloading, etc.). All new connection attempts from the outside are dropped, because they were not requested by anyone. (There are more complicated cases, e.g. with ftp, but a good router will be able to take care of the secondary connections by special algorithms (ftp-alg).
Thanks to SYNACK for supplying this information.