Windows Port Forwarding

From KHicks
Jump to navigation Jump to search

Windows' netsh tool allows for connections to be accepted on a certain port, and then forwarded to another port on another IP address. To enter this configuration, do (as administrator):

netsh interface portproxy

List rules

To list all rules, do:

netsh interface portproxy> show all

Alternatively, you can dump the entire configuration with:

netsh interface portproxy> dump

Add forwarding rule

To add a forwarding rule at the netsh prompt, do:

netsh interface portproxy> add v4tov4 listenport=<port> connectaddress=<ipaddr> connectport=<port> [listenaddress=<ipaddr>] [protocol=tcp]

listenport is the port that will be used to accept incoming connections on the local machine.

connectaddress is the IP address to forward the request to.

connectport is the port to forward the request to.

listenaddress is the optional IP address to listen on the local machine. If not defined, defaults to *, which means 'any'.

This system currently supports only TCP, so using protocol=tcp is unnecessary.

Delete a rule

To delete a forwarding rule at the netch prompt, do:

netsh interface portproxy> delete v4tov4 [listenport=<port>] [connectaddress=<ipaddr>] [connectport=<port>] [listenaddress=<ipaddr>] [protocol=tcp]

All rules that match the arguments specified will be deleted.


  • The IP Helper service must be enabled.
  • Ensure that the firewall allows for incoming connections on all listenports.