In this example, we will create a NAT rule to allow DCC ports through the firewall. For the purpose of this exercise, we will assume that the target node is on the LAN subnet, that the LAN uses the 192.168.1.0/24 subnet, and that the target node's IP address is 192.168.1.2.

We begin by navigating to Firewall | NAT and clicking on one of the Add buttons. Keep Interface and WAN at their default settings. We also do not have to change the default Source. Keep Destination set to WAN address, since that is where the port-forwarding traffic will be entering the network. Set the Destination port range to 5000 to 5010.

Next, set Redirect target IP to 192.168.1.2 and set the Redirect target port to 5000 (the end port will be calculated automatically). You may also enter a brief description in the Description field. Keep the Filter rule association set to Add associated filter rule, because we will need a firewall rule to let the DCC traffic through the firewall. Finally, click on the Save button, and when the page reloads, click on Apply Changes.

You’ll want to navigate to Firewall | Rules. There, you should be able to see the newly-created firewall rule to allow DCC traffic to pass on the WAN tab.