Windows system server enables port forwarding

preface

Port forwarding is often used in daily development. Record how Windows uses its own software to realize port forwarding.

Command introduction

Windows has provided the most basic port forwarding function since Windows 2000. It is based on the IP Helper service of windows. It can not only provide port forwarding function, but also forward the data of different addresses of IPv4 and IPv6. However, it can only forward the TCP protocol and does not support the UDP protocol. It can be started by using the netsh interface portproxy command.

First look at the command help:

 PS C:\Windows\system32> netsh interface portproxy
 ​
 The following instructions are valid:
 ​
 Commands in this context:
 ?              - Displays a list of commands.
 add            - Add a configuration item to a table.
 delete         - Delete a configuration item from a table.
 dump           - Displays a configuration script.
 help           - Displays a list of commands.
 reset          - Reset port agent configuration status.
 set            - Set configuration information.
 show           - Display information.

One by one, let's start with the show command:

show command

The show command can view the existing port forwarding rules. The usage is as follows:

 show all       - Displays all port agent parameters.
 show v4tov4    - display IPv4 Agent connects to another IPv4 Parameters of the port.
 show v4tov6    - display IPv4 Proxy connect to IPv6 Parameters for.
 show v6tov4    - display IPv6 Proxy connect to IPv4 Parameters for.
 show v6tov6    - display IPv6 Agent connects to another IPv6 Parameters of the port.

For example, if I want to view all port forwarding rules, I can use netsh interface portproxy show all.

 PS C:\Windows\system32> netsh interface portproxy show all
 ​
 Listen ipv4:                 connection to ipv4:
 ​
 address            port        address            port
 --------------- ----------  --------------- ----------
 127.0.0.1       3389        25.63.54.89     3389

help command

I won't say that. Print help information

add command

The add command can add a port forwarding rule. The specific usage is as follows:

 add v4tov4     - Add through IPv4 of IPv4 And listening items to which the agent is connected.
 add v4tov6     - Add through IPv6 of IPv4 And listening items to which the agent is connected.
 add v6tov4     - Add through IPv4 of IPv6 And listening items to which the agent is connected.
 add v6tov6     - Add through IPv6 of IPv6 And listening items to which the agent is connected.
 ​
 usage: add v4tov4 [listenport=]<integer>|<servicename>
             [connectaddress=]<IPv4 address>|<hostname>
             [[connectport=]<integer>|<servicename>]
             [[listenaddress=]<IPv4 address>|<hostname>]
             [[protocol=]tcp]
 ​
 parameter:
 ​
         sign            value
         listenport      - IPv4 Listening port.
         connectaddress  - IPv4 Connection address.
         connectport     - IPv4 Connect the port.
         listenaddress   - IPv4 Listening address.
         protocol        - Protocol used. Only supported now TCP. 

For example, if I want to forward the local 3389 port to the remote 3389 port, I can use the following command:

 netsh interface portproxy add v4tov4 listenaddress=127.0.0.1 listenport=3389 connectaddress=25.63.54.89 connectport=3389

v4tov4 is used to forward port 3389 of IPv4 address to port 3389 of IPv4 address. listenaddress specifies the local listening address, listenport specifies the local listening port, connectaddress specifies which address to forward data to, that is, the destination address, and connectport specifies the port to forward to, that is, the destination port.

delete command

The delete command is used to delete a port forwarding rule. When deleting, you only need to specify the listening address and port of port forwarding. The specific usage is as follows:

 delete v4tov4  - Delete pass IPv4 of IPv4 And listening items to which the agent is connected.
 delete v4tov6  - Delete pass IPv6 of IPv4 And listening items to which the agent is connected.
 delete v6tov4  - Delete pass IPv4 of IPv6 And listening items to which the agent is connected.
 delete v6tov6  - Delete pass IPv6 of IPv6 And listening items to which the agent is connected.
 ​
 usage: delete v4tov4 [listenport=]<integer>|<servicename>
             [[listenaddress=]<IPv4 address>|<hostname>]
             [[protocol=]tcp]
 ​
 parameter:
 ​
        sign             value
        listenport     - To listen on IPv4 Port.
        listenport     - To listen on IPv4 Address.
        protocol       - The protocol to use. Currently only supported TCP. 

For example, if I want to delete the port forwarding rule just added, first view the existing port forwarding rules:

 PS C:\Windows\system32> netsh interface portproxy show all
 ​
 Listen ipv4:                 connection to ipv4:
 ​
 address            port        address            port
 --------------- ----------  --------------- ----------
 127.0.0.1       3389        25.63.54.89     3389

Execute delete command

PS C:\Windows\system32> netsh interface portproxy delete v4tov4 listenaddress=127.0.0.1 listenport=3389 

Just.

 PS C:\Windows\system32> netsh interface portproxy delete v4tov4 listenaddress=127.0.0.1 listenport=3389
 ​
 PS C:\Windows\system32> netsh interface portproxy show all
 ​
 Listen ipv4:                 connection to ipv4:
 ​
 address            port        address            port
 --------------- ----------  --------------- ----------
 ​

dump command

The dump command can output the existing port forwarding rules, save them in a file or output them to the standard output of the console, so that they can be sent to others or backed up for the next restore.

Execute netsh interface portproxy dump to output the configuration information to the standard output of the console, or execute netsh interface portproxy dump > 1.txt to redirect the configuration information to a file.

PS D:\360download> netsh interface portproxy dump

#========================
# Port agent configuration
#========================
pushd interface portproxy

reset
add v4tov4 listenport=3389 connectaddress=25.63.54.89 connectport=3389


popd

# End of port agent configuration

PS D:\360download> netsh interface portproxy dump >1.txt

set command

The set command can modify the existing port forwarding configuration or add a new port forwarding configuration.

For example, change the remote address and port to 123.124.125.126:3390 and use the following command to modify it.

PS C:\Windows\system32> netsh interface portproxy show all

Listen ipv4:                 connection to ipv4:

address            port        address            port
--------------- ----------  --------------- ----------
127.0.0.1       3389        25.63.54.89     3389

D:\360download>netsh interface portproxy set v4tov4 listenaddress=127.0.0.1 listenport=3389 connectaddress=123.124.125.126 connectport=3390


D:\360download>netsh interface portproxy show all

Listen ipv4:                 connection to ipv4:

address            port        address            port
--------------- ----------  --------------- ----------
127.0.0.1       3389        123.124.125.126 3390

I thought I could re import the configuration exported by the dump command just now, but I didn't succeed... Maybe people didn't design this function, which is a little embarrassing... If you know, you can tell me.

reset command

The reset command can reset all port forwarding rules. If there is no backup partner, use it with caution.

D:\360download>netsh interface portproxy show all

Listen ipv4:                 connection to ipv4:

address            port        address            port
--------------- ----------  --------------- ----------
127.0.0.1       3389        123.124.125.126 3390


D:\360download>netsh interface portproxy reset


D:\360download>netsh interface portproxy show all


D:\360download>

matters needing attention

If there are small partners who have added rules but the rules do not take effect, you can check whether the IP Helper service of Windows is enabled. Because the port forwarding function is supported by this service, you must ensure that it runs normally. In addition, when listening to the port on the local address, it is best to make sure that the local port is not occupied to prevent port conflict from affecting the normal operation of other programs.

Posted on Mon, 22 Nov 2021 18:04:30 -0500 by theredking