API: Port Forwarding

Last updated 11 May 2026 33 views 🔒 Dedicated WireGuard VPN

Overview

Port forwarding lets you route external traffic from the server's public IP to a specific WireGuard user's internal IP. This is useful for hosting services (web servers, game servers, etc.) behind your VPN.

For example: forward the server's port 8080 to your device's port 80, so anyone visiting server-ip:8080 reaches your local web server through the VPN tunnel.

List Port Forwards

GET /api/wg/users/{user_id}/port-forwards

Returns all port forwards configured for a specific user.

curl -s -H "Authorization: Bearer wg_YOUR_KEY" \
  https://portal.premiervpn.net/api/wg/users/12/port-forwards

Response:

{
  "user": "my-phone",
  "port_forwards": [
    {
      "id": 5,
      "external_port": 8080,
      "internal_port": 80,
      "protocol": "tcp",
      "status": "active",
      "comment": "Web server",
      "created_at": "2026-05-03T10:00:00+00:00"
    }
  ]
}

Create a Port Forward

POST /api/wg/users/{user_id}/port-forwards

Create a new port forwarding rule. The rule is applied immediately on the server via iptables.

curl -s -X POST -H "Authorization: Bearer wg_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "external_port": 8080,
    "internal_port": 80,
    "protocol": "tcp",
    "comment": "Web server"
  }' \
  https://portal.premiervpn.net/api/wg/users/12/port-forwards

Parameters

  • external_port (required) — the port on the server's public IP (1-65535)
  • internal_port (required) — the port on your device behind the VPN (1-65535)
  • protocol (required) — tcp, udp, or both
  • comment (optional) — a label for your reference (max 100 chars)

Reserved Ports

The following ports cannot be forwarded as they are used by the server itself:

  • 22 — SSH
  • 51820 — WireGuard
  • 56561 — Management

Error Responses

  • 422 port_reserved — the external port is reserved
  • 409 port_in_use — that port/protocol combination is already forwarded on this server

Delete a Port Forward

DELETE /api/wg/port-forwards/{port_forward_id}

Removes the port forward and revokes the iptables rule on the server immediately.

curl -s -X DELETE -H "Authorization: Bearer wg_YOUR_KEY" \
  https://portal.premiervpn.net/api/wg/port-forwards/5

Common Use Cases

  • Web server: Forward port 80 or 443 to host a website from behind the VPN
  • Game server: Forward the game's port (e.g. 25565 for Minecraft) so players connect via the VPN server's IP
  • Remote desktop: Forward port 3389 (RDP) or 5900 (VNC) for secure remote access
  • API server: Forward a custom port for your application's API
Dedicated WireGuard VPN All Categories

Didn't find what you were looking for?

Our support team is happy to help.

Open a Ticket