BestHub
Sign in
Operations 7 min read

How to Set Up Port Mapping on Windows and Linux with Netsh and iptables

This guide walks through configuring port mapping on Windows using netsh and on Linux using iptables, covering query, addition, deletion, enabling packet forwarding, NAT rules, a multi‑VM test environment, and verification with curl commands.

MaGe Linux Operations
MaGe Linux Operations
MaGe Linux Operations
How to Set Up Port Mapping on Windows and Linux with Netsh and iptables

1. Port Mapping on Windows

Query existing port mappings netsh interface portproxy show v4tov4 Query mappings for a specific IP

netsh interface portproxy show v4tov4 | find "[IP]"

Add a port mapping

netsh interface portproxy add v4tov4 listenaddress=[external IP] listenport=[external port] connectaddress=[internal IP] connectport=[internal port]

Delete a port mapping

netsh interface portproxy delete v4tov4 listenaddress=[external IP] listenport=[external port]

2. Port Mapping on Linux

Enable packet forwarding and configure NAT

echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -A FORWARD -i [internal iface] -j ACCEPT
iptables -t nat -A POSTROUTING -s [internal subnet] -o [external iface] -j MASQUERADE

Set up DNAT rule for port forwarding

iptables -t nat -A PREROUTING -p tcp --dport [external port] -j DNAT --to-destination [internal IP]:[internal port]

3. Experimental Environment

VMware Workstation Pro with five minimal CentOS 7 VMs:

Server1, Server2, Server3 – internal network servers

Server4 – dual‑NIC host connecting 192.168.50.0/24 and 172.16.2.0/24

Client – used to test access

Topology:

4. Configure Test Services

On each server, start a simple HTTP service with Python:

cd ~
echo "server1" > index.html
python -m SimpleHTTPServer 8080

Repeat for Server2 and Server3.

5. Baseline Tests (No Port Mapping)

From the client, attempts to reach internal servers fail:

curl http://192.168.50.11:8080/index.html
curl http://192.168.50.12:8080/index.html
curl http://172.16.2.11:8080/index.html

6. Configure Port Mapping on Server4 (Linux)

Temporary configuration:

# Enable forwarding
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -A FORWARD -i ens33 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o ens37 -j MASQUERADE
# DNAT rules
iptables -t nat -A PREROUTING -p tcp --dport 8081 -j DNAT --to-destination 192.168.50.11:8080
iptables -t nat -A PREROUTING -p tcp --dport 8082 -j DNAT --to-destination 192.168.50.12:8080

Permanent configuration: append the same commands to /etc/rc.local.

7. Verify Linux Port Mapping

curl http://172.16.2.100:8081/index.html
curl http://172.16.2.100:8082/index.html

Both commands return the index pages from Server1 and Server2 respectively.

8. Port Mapping on Server4 (Windows)

Equivalent commands using netsh:

netsh interface portproxy add v4tov4 listenaddress=172.16.2.105 listenport=8081 connectaddress=192.168.50.11 connectport=8080
netsh interface portproxy add v4tov4 listenaddress=172.16.2.105 listenport=8082 connectaddress=192.168.50.12 connectport=8080
netsh interface portproxy show v4tov4

After adding the rules, the client can access the internal services via the external IP and ports.

9. Final Checks

curl http://172.16.2.105:8081/index.html
curl http://172.16.2.105:8082/index.html
curl http://172.16.2.11:8080/index.html

All requests return the expected content, confirming successful port proxy configuration on both Windows and Linux hosts.

If a permanent configuration is required on Windows, add the commands to a startup script or the registry.
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxNetworkingWindowscURLiptablesport mappingnetsh
MaGe Linux Operations
Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment