I always enjoy finding something new that meets a need. As you might guess from the title, I found myself recently needing to forward a port on a Windows server. The scenario is that I had a server I need to allow access to from an network that hadn’t been originally planned to do so. I could have just opened a firewall port, but I prefer to set up a more secured method.
For web connections this can be done using a reverse proxy pretty easily and Windows 2012 server even includes a wizard to make this easier to set up. In this case I needed to forward an arbitrary port to the same port on another server.
It turns out this functionality is built into Windows and has been since at least 2008 and the command to do so is pretty simple.
netsh interface portproxy add v4tov4 listenport=80 listenaddress 10.0.0.1 connectport=8088 connectaddress=192.168.1.75
This binds port 80 on address 10.0.0.1 on the local server and forwards any traffic received on this port to port 8088 at address 192.168.1.75. The response is also returned back through the proxy to the source server. It works quite nicely in early testing and fills a need I’ve always had trouble finding a good, reliable solution for on Windows. There are only a few limitations I’ve found so far. From my reading it seems to require IPv6 to be installed to work even if you’re not doing an IPv6 connection. It also cannot bind the localhost addresses which limits use in development scenarios. Documentation on the command is at http://technet.microsoft.com/en-us/library/cc731068%28v=ws.10%29.aspx.
As implied by the v4tov4 portion of the command, you can use this to set up proxies between IPv4 and IPv6 servers. That should come in handy when migration to the new IP version comes over the next few years.
Im trying to use port proxy in conjunction with SSH Tunnels to secure connect to serveride share the initial test server with out any issues i.e. after configuring portproxy using:
c:\>netsh interface portproxy show v4tov4
Listen on ipv4: Connect to ipv4:
Address Port Address Port
————— ———- ————— ———-
172.16.16.1 445 172.16.16.1 44445
c:\>netstat -an | find “:445”
TCP 172.16.16.1:445 0.0.0.0:0 LISTENING
then connect to remote SSH connected server \\172.16.16.1\C$
VS the development server trying to connect get the following’:
C:\>netsh interface portproxy show v4tov4
Listen on ipv4: Connect to ipv4:
Address Port Address Port
————— ———- ————— ———-
172.16.16.1 445 172.16.16.1 44445
C:\>netstat -an | find “:445”
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP [::]:445 [::]:0 LISTENING
as you can the portproxy rule is configured correctly but not bonding to the ip address 172.16.16.1
any help would be appreciated.
Also note on the helper Windows XP sp2 latter require TCP/IP v6 and IPV6MON.DLL helper
To list helper type the following:
netsh
netsh> interface
netsh interface> portproxy
netsh interface portproxy> show helper
As of Windows Vista/7/8/2008 uses NETIOHLP.DLL
Comment by james — May 8, 2014 @ 5:13 pm