Maybe this will help: You will want to concentrate on port forwarding and if needed port triggering.
As a test, you may want to enable DMZ (DeMilitarized Zone) and see if this enables your needs then start drilling down your settings. Do not leave DMZ activated!
By default, the firewall of a NETGEAR router blocks all connection attempts by devices on the Internet to devices in your local network. This is called inbound traffic. If you want devices on the Internet to connect to devices on your local network (for example, you have an IP Camera or an FTP server that you want to be accessible via the Internet), you will have to reconfigure the router. Here are three ways to do that:
- Universal Plug and Play (UPnP). If the router and the device on your local network both support UPnP, the required router configuration will happen automatically.
- Port Forwarding, also called inbound firewall rules. You create port forwarding rules that look into the header of each inbound packet, and either block it or forward it to specified devices on you local network, based on the source IP address, destination TCP port number, and other characteristics of the packet. Packets with different characteristics can be forwarded to different devices on your local network.
Note: If you create more than one port forwarding rule, the order that they appear on the screen matters. Each inbound packet will be checked against the top rule first, followed by the second-from-top etc. until a rule that matches the packet characteristics is found. This means that if, for example, the top rule forwards all packets to server A, and a later rule forwards some packets to server B, all packets will get forwarded to server A and none to server B. - DMZ on NETGEAR routers. If you simply want to forward all inbound traffic to a single device on you local network, you could achieve this by creating a Port Forwarding rule to do that. However, that rule would still look into the header of each inbound packet, which would be wasteful of the routers processing power. A better approach is to use the DMZ feature that most NETGEAR routers have. This will simply forward all inbound traffic to a single specified IP address on you local network, without bothering to look at each packet header.