Windows Server port forwarding from the command line

Friday, August 23, 2013

This post saved my life today. I needed a port on our server forwarded, and in a few minutes of Googling I came across it. Basically, it uses NETSH to set up a port forwarding rule. Quick, easy, painless.

In a nutshell: run the following command from the prompt and you will have a persistent port forwarding (i.e. it will survive reboots!):

netsh interface portproxy add v4tov4 listenport=fromport listenaddress=fromip connectport=toport connectaddress=toip

where

• fromport: the port number to listen on, e.g. 80
• fromip: the ip address to listen on, e.g. 192.168.1.1
• toport: the port number to forward to
• toip: the ip address to forward to

You can shorten this to:

netsh interface portproxy add v4tov4 fromport toip [toport] [fromip]]

i.e. you have to specify which (local) port to redirect from, and what address to redirect to. The port number to redirect to is by default equal to the local port number. If you leave off the fromip argument, it defaults to "*", which is to say: all IP-addresses of the local machine.

You can list the active port mappings using:

netsh interface portproxy show v4tov4

The nitty gritty of it (including how to delete the mapping) is on TechNet. (Hint: use "delete v4tov4 port [fromip]")

In my case I needed to access a SQL Server that was only accessible on the Windows 2008 server that had a VPN to it. So I forwarded port 1111 on the server to port 1433 on the IP-address of the SQL Server over the VPN. This allowed me to connect to the SQL Server by setting up a connection string to the local Windows server on port 1111.