Packet Redirection on Windows
Command
netsh interface portproxy ...
do port proxying but not packet forwarding. The main difference is
- performace is much worse than iptables (f.e. see https://plus.google.com/+OlafMonien/posts/fsjUjropYeR)
- source IP address is changed to localhost (127.0.0.1 or ::1 depends on IP version), you loose original request source IP address.
We had been using this technique to port forwarding but after those findings we had to use extra rules on network firewall to avoid usage of netsh.
user1372896
Updated on July 21, 2022Comments
-
user1372896 almost 2 years
We currently run windows on all of our machines due to software limitation.
Within this however, we are needing to redirect certain packets that come into an IP and Port to a different Port (same IP). We have software listening on the "Proxy Port".
This is achievable with IPTables on linux by doing something similar to:
iptables -t nat -I PREROUTING -p udp -d <DSTIP> --dport <DSTPORT> -m u32 --u32 '0>>22&0x3C@8=0xFFFFFFFF && 0>>22&0x3C@12=0x54536F75 && 0>>22&0x3C@16=0x72636520 && 0>>22&0x3C@20=0x456E6769 && 0>>22&0x3C@24=0x6E652051 && 0>>22&0x3C@28=0x75657279' -j REDIRECT --to-port <REDIRECT PORT>
This works great on linux and will redirect certain packets to our proxy software, however is it at all possible to do something such on windows without having to get a dedicated machine in-front of our windows machines?
I was thinking of writing something up with pcap.net but I'm guessing this will have to direct read from the NIC rather than windows?