How can I do DNAT and SNAT on Windows 7?
The SNAT is similar to ICS. Both of them change the source address in IP packet. But the ICS can not specify the source address. It will only use the address configured on the external adapter. As far as I know, Windows client can't perform SNAT by its built-in components.
The DNAT is same with port forwarding. Both of them change the destination address in IP packet. You may use the following command to configure the port forwarding on the Windows 7:
Netsh commands for Interface Portproxy
Ronan Paixão
Updated on September 18, 2022Comments
-
Ronan Paixão over 1 year
I have a very old program which uses a fixed IP address as destination. I'm trying to revamp my network into something more modern but this legacy system is holding me back.
As a simple solution, I thought about doing NAT (real NAT, not masquerading, ICS or "internet sharing"). That way, I could apply a DNAT in the outgoing packet and an SNAT in the returning one. That way, I could place the destination machine anywhere in the network and the routers would do what they're supposed to do.
This should be easy to do in a Linux system with
iptables
, but I can't find a good way to do that in Windows 7, which I'm currently using.On Linux, I'd do something like:
iptables -t nat -I PREROUTING -d 192.168.50.1 -j DNAT --to-destination 10.0.50.1 iptables -t nat -I POSTROUTING -s 192.168.50.1 -j SNAT --to-source 10.0.50.1
Is there any way to do that on Windows with it's own tools or with free utilities? Preferably, I'd like to do that without having to resort to a Linux VM.
-
Ronan Paixão almost 8 yearsThe problem with ICS-like SNAT is that it usually changes the source in the outgoing packet and the destination in the incoming one. In my question I have the problem reversed, since I want to change the destination in the outgoing packet and the source in the incoming one. It is more "like" port forwarding but for the IP address itself, but unfortunately the
portproxy
command is only available in Windows Server 2008 according to that page. -
Steven Lee - MSFT almost 8 yearsHave you tried the netsh interface portproxy command on your client? It should exist. It's not a server only feature.