Port Forwarding in Windows

I always enjoy finding something new that meets a need. As you might guess from the title, I found myself recently needing to forward a port on a Windows server. The scenario is that I had a server I need to allow access to from an network that hadn’t been originally planned to do so. I could have just opened a firewall port, but I prefer to set up a more secured method.

For web connections this can be done using a reverse proxy pretty easily and Windows 2012 server even includes a wizard to make this easier to set up. In this case I needed to forward an arbitrary port to the same port on another server.

It turns out this functionality is built into Windows and has been since at least 2008 and the command to do so is pretty simple.

netsh interface portproxy add v4tov4 listenport=80 listenaddress 10.0.0.1 connectport=8088 connectaddress=192.168.1.75

This binds port 80 on address 10.0.0.1 on the local server and forwards any traffic received on this port to port 8088 at address 192.168.1.75. The response is also returned back through the proxy to the source server. It works quite nicely in early testing and fills a need I’ve always had trouble finding a good, reliable solution for on Windows. There are only a few limitations I’ve found so far. From my reading it seems to require IPv6 to be installed to work even if you’re not doing an IPv6 connection. It also cannot bind the localhost addresses which limits use in development scenarios. Documentation on the command is at http://technet.microsoft.com/en-us/library/cc731068%28v=ws.10%29.aspx.

As implied by the v4tov4 portion of the command, you can use this to set up proxies between IPv4 and IPv6 servers. That should come in handy when migration to the new IP version comes over the next few years.

Cisco ASDM gives “Missing required Permissions manifest attribute in main jar” Error

Java pushed out a new update recently that implemented a change that had been warned about for a while. by default it now no longer allows running apps that are unsigned, self-signed, or without permission attributes.

This includes Cisco ASDM manager. The quick fix (other than Cisco adding the missing permission attributes file) is to add the web address where ASDM is accessed as an exception. You can do do this in Java Settings control panel. This is reached under Window by the Java option under Control Panel.

There select the Security tab and click the Edit Site List… button next to the Exception Site List. Here add the URL to the firewalls that you access with ASDM. After doing this, ASDM will connect and work again normally.

Interestingly enough given Java’s sudden concern about my security, it still asks to install the Ask Toolbar every update….

More info on the change at http://www.java.com/en/download/help/java_blocked.xml