Windows 10 - NAT - Port forwarding & IP masquerade

windows iptables nat port-forwarding windows-10

53,796

Solution 1

Windows netsh can setup a proxy to allow administrators to proxy ipv6 traffic over ipv4. Netsh also has an option to configure a proxy for ipv4 to ipv4.

For your setup use netsh interface portproxy add v4tov4 listenport=80 connectaddress=127.0.0.1 connectport=8080 replacing the 127.0.0.1 with the address you wish to proxy to.

here's a little breakdown on the command.

netsh interface portproxy selects interface that handles the tunnels. add v4tov4 to create a ipv4 to ipv4 tunnel. listenport=80 for the port you want the clients to connect. connectaddress=127.0.0.1 is the remote address that the clients will be proxied to. connectport=8080 is the remote port.

you can also use listenaddress= if you only want the proxy to be available on one interface.

For more info https://technet.microsoft.com/en-us/library/cc731068(v=ws.10).aspx

Solution 2

At least for test purposes I was able to use the following utility to forward both TCP and UDP

https://sourceforge.net/projects/pjs-passport/

It's for XP, but it works on Win10 also.

53,796

Orestis P.

Updated on September 18, 2022

Comments

Orestis P. over 1 year
I'm looking for a way to get iptables functionality in windows 10. I enabled IP routing and I need to forward tcp data to another host (port 8080) and then forward his response while masquerading IP. In linux I was able to do this using the following (Where $1 = < internal IP >, $2 = 80, $3 = 8080, $4 = tcp)
```
iptables -t nat -A PREROUTING -p $4 --match multiport --dports $2 -j DNAT --to-destination $1:$3 
iptables -A FORWARD -p $4 --match multiport --dports $2 -d $1 -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
```
Is there a way to achieve similar functionality in Windows 10?
- rda almost 8 years
  
  Probably too short for an answer and I don't know if this is still valid for windows 10. For port forwarding check out this answer. Masquerading in windows is called Internet Connection Sharing (ICS), check out this answer.
- Orestis P. almost 8 years
  
  Hello, thanks for your input. I tried using netsh but it doesn't seem to work (maybe because I need listenaddress to be wildcard *). For ICS I'm not exactly sure how it will works (Will I need a second adapter? If I bridge them I can't use ICS)
- TJJ almost 8 years
  
  Maybe you could use netcat on your PC. It will listen on one port and send to another port. IP will be the IP of your machine in the middle.
- Zalmy almost 8 years
  
  @OrestisP. check out netsh interface portproxy add v4tov4 listenport=80 connectaddress=127.0.0.1 connectport=8080 I'll try to translate your iptables to netsh if I have time. replace the 127.0.0.1 with the address of your choice
user276648 over 7 years

NOTE that this unfortunately only works for TCP so if you wanted to forward some UDP traffic, you're out of luck.
Frank M over 6 years

Works for me using Windows 10 to port-forward ssh (server port 22) on a machine running a VPN. A machine (without VPN connection) on my home network is able to connect to another machine inside the VPN using the listenport.
Peter Turner over 6 years

Windows 10 tells me: Cannot start service from the command line or a debugger. A Windows Service must first be installed (using installutil.exe) and then started with the ServerExplorer, Windows Services Administrative tool or the NET START command.
user276648 over 6 years

@PeterTurner: check the readme file. I see PassPort.exe -Install to install the service.