How to Set Up Port Forwarding on Windows and Linux: Step‑by‑Step Guide

Servers often have multiple network interfaces and may need to forward traffic between isolated networks; configuring packet forwarding enables the server to act as a gateway.

1. Port Mapping on Windows

1.1 Query existing port mappings

netsh interface portproxy show v4tov4

1.2 Query mappings for a specific IP

netsh interface portproxy show v4tov4 | find "[IP]"

1.3 Add a port mapping

netsh interface portproxy add v4tov4 listenaddress=[external IP] listenport=[external port] connectaddress=[internal IP] connectport=[internal port]

1.4 Delete a port mapping

netsh interface portproxy delete v4tov4 listenaddress=[external IP] listenport=[external port]

2. Port Mapping on Linux

2.1 Enable packet forwarding

echo 1 >/proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -j MASQUERADE

iptables -A FORWARD -i [internal NIC] -j ACCEPT

iptables -t nat -A POSTROUTING -s [internal subnet] -o [external NIC] -j MASQUERADE

2.2 Set up DNAT rule

iptables -t nat -A PREROUTING -p tcp --dport [external port] -j DNAT --to-destination [internal IP]:[internal port]

Experiment: Mapping Internal Services to the External Network

Experiment Environment

VMWare Workstation Pro

Five minimal CentOS 7 virtual machines

Experiment Topology

Server4 is a dual‑NIC host connecting the internal network (192.168.50.0/24) and the external network (172.16.2.0/24). Server1 and Server2 reside in the internal network, while Server3 is in the external network.

Configure Experiment Environment

1. Deploy simple HTTP services on Server1, Server2, and Server3

cd ~
 echo "server1" > index.html
 python -m SimpleHTTPServer 8080

Repeat the same steps on Server2 and Server3.

2. Verify access from a client

curl http://192.168.50.11:8080/index.html

curl http://192.168.50.12:8080/index.html

curl http://172.16.2.11:8080/index.html

Before port mapping, the external client cannot reach the internal servers.

Configure Port Mapping on Server4

Temporary configuration

# Enable packet forwarding
 echo 1 >/proc/sys/net/ipv4/ip_forward
 iptables -t nat -A POSTROUTING -j MASQUERADE
 iptables -A FORWARD -i ens33 -j ACCEPT
 iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o ens37 -j MASQUERADE
# Set up DNAT rules
 iptables -t nat -A PREROUTING -p tcp --dport 8081 -j DNAT --to-destination 192.168.50.11:8080
 iptables -t nat -A PREROUTING -p tcp --dport 8082 -j DNAT --to-destination 192.168.50.12:8080

Permanent configuration

Append the above commands to /etc/rc.local to make them persistent across reboots.

Verify Effect

curl http://172.16.2.105:8081/index.html

curl http://172.16.2.105:8082/index.html

Both commands should return the content served by Server1 and Server2 respectively.

Windows IP Information

NIC

IP Address

Subnet Mask

Default Gateway

Comment

Ethernet0

192.168.50.105

255.255.255.0

-

Internal NIC

Ethernet1

172.16.2.105

255.255.255.0

-

External NIC

Configure and View Port Mappings on Windows

netsh interface portproxy add v4tov4 listenaddress=172.16.2.105 listenport=8081 connectaddress=192.168.50.11 connectport=8080
netsh interface portproxy add v4tov4 listenaddress=172.16.2.105 listenport=8082 connectaddress=192.168.50.12 connectport=8080
netsh interface portproxy show v4tov4

These commands add the same mappings on a Windows Server4 and display the current configuration.