Port Forwarding / Port Mapping on Windows Server 2008 R2

WILT
Rick Wargo
January 8th, 2011 - 08:32pm

As a long time friend of linux’s itables command, I mistakenly assumed that trying to port forward on Windows Server 2008 R2 would be just as easy. After quite a long while of searching I was able to determine the correct command; through use of netsh on the command line, it is easy to map incoming TCP traffic from one port to another port.

In my scenario, I needed to have an SSL connection initiated on a port other than 443 on the same machine, but handled by a service listening on port 443. To do this, the following command is entered on the command line; in this example, port 12345 is used as the initiating port.

C:\Users\Administrator> netsh interface portproxy add v4tov4 listenport=12345 listenaddress=192.168.1.1 connectport=443 connectaddress=192.168.1.1

Port 12345 is mapped to port 443 on the same machine. To have the traffic transferred to another machine, change the ip address for the connect address to the desired ip address.

Share and Enjoy:
  • Facebook
  • Twitter
  • LinkedIn
  • StumbleUpon
  • del.icio.us
  • Google Buzz
  • Yahoo! Buzz
  • Digg
  • email

This entry was posted on Saturday, January 8th, 2011 at 8:32 pm and is filed under WILT. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

43 Responses to “Port Forwarding / Port Mapping on Windows Server 2008 R2”

  1. Chris T Says:
    June 20th, 2011 at 4:34 pm

    THANK YOU, you saved my life with this!!!!

  2. Port Forwarding On Windows Server 2008 R2 » Help Desk Screeds Says:
    July 6th, 2011 at 5:27 pm

    [...] Fortunately, this post saved the day! [...]

  3. Anthony A Says:
    July 21st, 2011 at 1:52 am

    Hi, How can we remove or delete what have done above. Thanks for the post.

  4. Tech Know how Says:
    July 27th, 2011 at 5:36 am

    netsh interface portproxy reset

    verify it

    netsh interface portproxy show all

    Thank you /?

  5. Edgar Ramos Says:
    August 3rd, 2011 at 11:18 am

    Do you have to run the command every time you turn on your machine ?

  6. Rick Wargo Says:
    August 3rd, 2011 at 9:06 pm

    It appears to maintain the port mapping after reboot, Edgar.

    Thanks to Tech Know How for answering Anthony’s question!

  7. Reroute IP Traffic to another IP? - Admins Goodies Says:
    August 11th, 2011 at 2:08 am

    [...] blogpost with an example can be found here, further information on the netsh interface portproxy command is part of the Windows Server [...]

  8. Daniel Says:
    September 13th, 2011 at 8:42 am

    Thanks, you just saved another life, this was driving me crazy as well. It’s like the most basic routing function yet it’s not available via GUI…

  9. Stephen Says:
    October 19th, 2011 at 5:19 pm

    You rock! This site indeed saved the day!

  10. jorge Says:
    November 13th, 2011 at 1:26 am

    one question. where can i manage the ports that i have already been forward, for example, i want to delete one…
    thanks

  11. Richard Says:
    December 2nd, 2011 at 1:55 am

    It’s simple, why delete it when you can remap it. listen on: 127.0.0.1:3306 -> connect to: 127.0.0.3308, replace with 127.0.0.1:3306 -> connect to: 127.0.0.3306 – It updates the correct record and you can clearly see when you relist it, that you want the proxy removing, or make a batch file to clear the list and add them. EG:

    proxy.bat –
    netsh interface portproxy reset
    netsh interface portproxy add v4tov4 listenport=3306 listenaddress=127.0.0.1 connectport=3308 connectaddress=127.0.0.1
    netsh interface portproxy add v4tov4 listenport=80 listenaddress=127.0.0.1 connectport=8080 connectaddress=127.0.0.1
    – end of file

    Obviously, when you run the file, it will remove the list and reinsert your records, but you can also add this to startup if your machine isn’t remembering the list.

  12. Abhijit Says:
    January 19th, 2012 at 10:02 am

    It really released me for some time, till today.
    Now it is not working for me :(

    On Windows server 2008 R2 Enterprise I have Jboss running on 8080 port.

    I have configured 80 port forward to 8080 , even I can see proxy is being configured

    >netsh interface portproxy show all
    Listen on ipv4: Connect to ipv4:
    Address Port Address Port
    ————— ———- ————— ———-
    10.190.20.94 80 10.190.20.94 8080

    Command used to configure this forward is

    >netsh interface portproxy add v4tov4 listenport=80 listenaddress=10.190.20.94 connectport=8080 connectaddress=10.190.20.94

    but when I want to access
    http://10.190.20.94/
    It is not forward to port 8080

    firewall is off .
    Jboss is accesible directly using 8080 port.
    http://10.190.20.94:8080 Works fine

    Please help me to check where I need to check the problem.

    Thank you.

  13. Markus Says:
    January 25th, 2012 at 12:13 pm

    Awesome. Thank you.

  14. Ann naccarato Says:
    February 29th, 2012 at 2:55 pm

    Thank you so much. We struggled all morning till we found your command. AWESOME.

  15. Brett Says:
    March 5th, 2012 at 2:53 am

    THANK YOU so so so much!

  16. Phil Says:
    March 8th, 2012 at 12:21 pm

    Very nice, thanks again!

  17. curist Says:
    April 2nd, 2012 at 4:45 am

    Finally the actual “port forwarding” I’m looking for, thx so much :)

  18. Toby Says:
    April 20th, 2012 at 1:43 am

    Another one saying thanks.

    Found on google using: server 2008 redirect port

  19. rd Says:
    May 23rd, 2012 at 5:44 pm

    epic, thanks!

  20. Thomas Says:
    June 15th, 2012 at 3:52 am

    Thanks, saved my day!

  21. Mike Says:
    July 11th, 2012 at 2:41 pm

    +1 Epic! Works on Windows 7 Home edition as well. I am using it to do port forwarding from incoming connections over neorouter to a non-neorouter capable IP device. (IP Thermostat). My cabin property is behind a double nat on Verizon Broadband. So I have a dyndns account on my computer at home with a routable IP. That forwards to the neorouter private address and the neorouter client on the cabin side forwards to the IP thermostat.

  22. Mahyar Says:
    July 27th, 2012 at 11:00 pm

    Thank you so much
    I never thought that it would be possible,
    so I always said, well, I will install routeros one day! and do it that way.
    I googled “windows 2008 r2 port forwarding” maybe there is a way to do that on Windows Server 2008 R2,
    and luckily I arrived here by your answer. :-)

  23. ???? » Port Forwarding / Port Mapping on Windows Server 2008 R2 « epicblog Says:
    August 1st, 2012 at 4:35 am

    [...] Port Forwarding / Port Mapping on Windows Server 2008 R2 « epicblog. Categories: ????????????????? Tags: ??????????? (0) ??????????? (0) ???????? ??????????? ??????????? [...]

  24. Machupichu Says:
    August 20th, 2012 at 11:19 am

    YOU SAVE MY DAYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  25. canin Says:
    August 28th, 2012 at 3:34 pm

    does this work with UDP ports

  26. Syed Says:
    September 10th, 2012 at 2:41 am

    Thanks ……..

  27. love u man Says:
    September 19th, 2012 at 11:06 am

    god bless you, dude…

  28. love u man Says:
    September 19th, 2012 at 11:27 am

    so here’s the question though… is this a NAT or a proxy? depending on how the underlying component is delivering this facility, it can be a substantial difference in terms of load. I.e., we’re separating a MSSQL instance from a server that hosts IIS web server to it’s own box…

    before:
    server1: IIS/web and MSSQL

    after
    server1: IIS/web =======> server2: mssql

    The plan is to use the port proxy on server1 to proxy server1′s 127.0.0.1:1433 ===> server2′s x.x.x.x:1433 so that no changes are needed to connection strings on server1 websites.

    My concern… load associated with this proxying, as server1 is heavily loaded. Again, NAT would be very low load, proxy would be more substantial.

    Appreciate any thoughts from anyone…

  29. Ravi Says:
    September 23rd, 2012 at 9:35 am

    I am just wondering i forwarded port as 80 described on Server 2008 Enterprise (2 NIC) but do i need to disble forwrding port on modem (Billion)? Modem (DHCP disabled )
    but modem is still forwarding ports NIC 1 connected to server

  30. Zorrs Says:
    September 27th, 2012 at 6:08 am

    i have a Win 2008 server with 2 NIC. one is the 192.168.0.0 and 10.180.0.0…i have have NAT the 192.168.0.0 to 10.180.0.0…i am using CC proxy, and listen on port 808
    how can i redirect incoming request (from 192.168.0.1 NIC)to first to this port 808…

  31. ThomasP1975 Says:
    October 18th, 2012 at 11:19 am

    Hi and thanks for the solution!
    I have verified the portproxy functionality as described in this thread on a VMWare virtual machine running Windows 2008 r2 standard edition and it works great!
    However when I try to run the same command on a Windows 2008 R2 Hyper-V machine it does not work!
    I have also verified the the firewall settings and it all looks ok.

    Any help would be appreciated!

    Thanks in advance!
    /Thomas

  32. Mike Says:
    November 7th, 2012 at 1:47 pm

    Super. Awesome. Thank-you!

  33. ed es Says:
    November 13th, 2012 at 2:06 pm

    Chido banda, excelente aporte, nos ayudo bastante.

    Saludos y muchas gracias.

  34. Darren Says:
    November 14th, 2012 at 10:42 am

    Your awesome, thanks. D.

  35. James Says:
    November 19th, 2012 at 11:38 am

    I am having the same exact problem as Abhijit above….I’m at my wits end, does anyone have an ideas what this may be?

    Thanks

  36. Kashif Haroon Says:
    November 26th, 2012 at 7:15 am

    Works….

    Thanks.

  37. Jaesang Yang Says:
    December 12th, 2012 at 12:43 am

    Thanks!!!!!

  38. Benoit Says:
    January 24th, 2013 at 4:40 am

    I’m having the same issues as James and Abhijit … I’m not sure, but aside I run iis on the same machine, I tried it by shutting down iis, but problem persists. Pls help.

  39. Bukvoglot Says:
    February 5th, 2013 at 3:03 pm

    For those who having the problems on win2008 –
    check the IP Helper service.

    It MUST be started.

    MS indeed should give a warning message while configuring port forward in that case… %)

  40. Sasha Says:
    March 3rd, 2013 at 11:29 am

    Thanks !!!

  41. Equallogic PortForwarding and Server 2008 R2 | Michael Ellerbeck Says:
    March 8th, 2013 at 2:23 pm

    [...] http://www.rickwargo.com/2011/01/08/port-forwarding-port-mapping-on-windows-server-2008-r2/ [...]

  42. jax7480 Says:
    April 9th, 2013 at 5:35 am

    Great!!! This worked like a charm for me.

    Great work!!!

  43. aduranv Says:
    April 16th, 2013 at 6:02 pm

    Worked for me, thank you very much!!!

stop spam with honeypot!