I agree with what others in this thread have stated, that port forwarding is not secure, not safe and simply a bad idea. A VPN run on a quality edge device is the most secure method of remote access.
An "edge device" is the division between your private LAN(s) and the open internet, this is most commonly some device that has firewall capabilities which may or may not be bundled into a router/modem. A true edge device is designed to be exposed to the open internet and is hardened accordingly. It is meant to withstand the unrelenting onslaught that is the open internet. An edge device will be probed and attacked continuously from around the world simply by being connected to the internet. If you would like to see what a legitimate probe has to say about your system the ShieldsUp from GRC as others have mentioned is an excellent probe. If you would like to see what the internet has previously recorded and logged about your public IP take a look at
Shodan which provides information about any public IP address. You can find your public ip address by searching google for "what is my ip" or sites such as "
" that others have mentioned.
The trouble with port forwarding is that you are taking that unrelenting pressure off the edge device which, ideally, has been designed to withstand it and allowing it to forward to the internal device which is virtually guaranteed to NOT be as capable of withstanding it. You are now relying on the internal LAN device to not be compromised by the strength of its design and coding. How many times have you heard of security cameras and baby monitors or the like being compromised ? Of some random person talking out of some unsuspecting persons devices in their homes. The number of cameras and other such devices that have well known hard-coded (meaning unchangeable) usernames and passwords is huge. The list of reasons NOT to port forwards goes on and on.
A quality firewall with no port forwarding or remote access of any kind is simply a solid wall, largely impervious and unyielding, it is for all intents and purposes a one way valve.
A properly configured VPN would be like a bank vault door. The vulnerabilities it exposes are limited and designed to mitigate as much risk as is possible by hardware engineers and software coders whose careers focus on this protection and strength.
Port forwarding can run the gamut from low risk if the device on the inside is a properly configured Linux server running WireGuard VPN all the way to utterly open and insecure such as an IoT device with known hard-coded username and password.
An IoT, or Internet of Things, device is any device that isn't a high level device (e.g. desktop, laptop, phone, tablet) that is designed to connect to a network of some kind. Common examples of IoT devices are cameras, NVRs, speakers, refrigerator, thermostats, smart light bulbs and smart home devices in general. Depending on the device the port forwarding points to an attacker could use it as a foothold into your home network and laterally move to infect printers or computers etc. There are countless articles written about the network security aspect of all IoT devices being non-existent, all IoT devices are built without a thought towards security or at best as passing consideration to it.
I personally like pfSense or OPNsense for my firewall/edge device. It is fully featured and capable. It can become quite technically complicated so it may only be suitable for the technically adept or those willing to research and learn. While I have never personally used the UnFi system from Ubiquiti I have heard it is a good platform.
Just my 2c on the topic.
So rather than tell the truth, the internet allows people to live in ignorant bliss. It's just one of a thousand ways that we (as a society) have decided that convenience is more important than security
