How to Configure Server Port Proxy on Windows and Linux – Step‑by‑Step Guide
This guide explains how to set up port forwarding on Windows using netsh and on Linux using iptables, covering query, addition, deletion of rules, a multi‑machine test environment, and verification with curl commands.
Windows port proxy using netsh
Query existing mappings
netsh interface portproxy show v4tov4Query mappings for a specific IP address
netsh interface portproxy show v4tov4 | find "192.168.1.1"Add a new port‑proxy rule
netsh interface portproxy add v4tov4 listenaddress=2.2.2.2 listenport=8080 connectaddress=192.168.1.50 connectport=80Delete an existing rule
netsh interface portproxy delete v4tov4 listenaddress=2.2.2.2 listenport=8080Linux port mapping with iptables
Enable packet forwarding and NAT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -A FORWARD -i ens33 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o ens37 -j MASQUERADESet up a DNAT rule for a specific service
iptables -t nat -A PREROUTING -p tcp --dport 6080 -j DNAT --to-destination 10.0.0.100:6090Experiment: expose internal HTTP services to an external network
Topology
Server4 is a dual‑NIC host connecting an internal network 192.168.50.0/24 (interface ens33) and an external network 172.16.2.0/24 (interface ens37). Server1, Server2 and Server3 reside in the internal network.
Deploy simple HTTP servers on Server1‑3
cd ~
echo "server1" > index.html
python -m SimpleHTTPServer 8080 # Python 2
# repeat on Server2 and Server3, changing the echoed textVerification before port mapping
From a client machine, direct access to the internal addresses fails:
curl http://192.168.50.11:8080/index.html
curl http://192.168.50.12:8080/index.html
curl http://172.16.2.11:8080/index.htmlConfigure port mapping on Server4 (Linux)
Temporary configuration (run once)
# Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -A FORWARD -i ens33 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o ens37 -j MASQUERADE
# Map external ports 8081 and 8082 to internal services
iptables -t nat -A PREROUTING -p tcp --dport 8081 -j DNAT --to-destination 192.168.50.11:8080
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j DNAT --to-destination 192.168.50.12:8080Permanent configuration
Append the same commands to /etc/rc.local (or create a systemd unit) so they persist after reboot.
Validate the mapping
curl http://172.16.2.100:8081/index.html # reaches Server1
curl http://172.16.2.100:8082/index.html # reaches Server2Windows equivalent on Server4
If Server4 runs Windows, replace the iptables commands with the corresponding netsh interface portproxy commands, using the Windows NIC IP addresses.
Example Windows port‑proxy rules
netsh interface portproxy add v4tov4 listenaddress=172.16.2.105 listenport=8081 connectaddress=192.168.50.11 connectport=8080
netsh interface portproxy add v4tov4 listenaddress=172.16.2.105 listenport=8082 connectaddress=192.168.50.12 connectport=8080
netsh interface portproxy show v4tov4Test from the client:
curl http://172.16.2.105:8081/index.html
curl http://172.16.2.105:8082/index.htmlSigned-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Liangxu Linux
Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.