Step‑by‑Step Guide to Server Port Proxy on Windows and Linux

Background

Servers often have multiple network interfaces and may need to forward traffic between isolated networks. Configuring port proxy allows a server to act as a bridge, forwarding packets from an external address to an internal service.

Windows Port Mapping

1. View existing mappings netsh interface portproxy show v4tov4 2. View mappings for a specific IP

netsh interface portproxy show v4tov4 | find "192.168.1.1"

3. Add a mapping

netsh interface portproxy add v4tov4 listenaddress=2.2.2.2 listenport=8080 connectaddress=192.168.1.50 connectport=80

4. Delete a mapping

netsh interface portproxy delete v4tov4 listenaddress=2.2.2.2 listenport=8080

Linux Port Mapping

1. Enable packet forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -j MASQUERADE

iptables -A FORWARD -i ens33 -j ACCEPT

iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o ens37 -j MASQUERADE

2. Add a DNAT rule

iptables -t nat -A PREROUTING -p tcp -m tcp --dport 6080 -j DNAT --to-destination 10.0.0.100:6090

Experiment: Mapping an Internal Service to the External Network

Environment

VMware Workstation Pro

Five minimal CentOS 7 VMs

Topology

Server4 is a dual‑NIC host connecting the internal network 192.168.50.0/24 and the external network 172.16.2.0/24. Server1 and Server2 reside in the internal network, while Server3 is in the external network.

Setup

On Server1, Server2, and Server3 a simple HTTP service is started with Python:

cd ~</code>
<code>echo "server1" > index.html</code>
<code>python -m SimpleHTTPServer 8080

Similar steps are performed on Server2 and Server3.

Baseline Test

From a client machine, attempts to access the internal servers directly fail:

curl http://192.168.50.11:8080/index.html

curl http://192.168.50.12:8080/index.htm

curl http://172.16.2.11:8080/index.html

The client cannot reach Server1 or Server2 because they are on the isolated internal network.

Configuring Port Mapping on Server4 (Linux)

Temporary configuration

# Enable forwarding</code>
<code>echo 1 > /proc/sys/net/ipv4/ip_forward</code>
<code>iptables -t nat -A POSTROUTING -j MASQUERADE</code>
<code>iptables -A FORWARD -i ens33 -j ACCEPT</code>
<code>iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o ens37 -j MASQUERADE</code>
<code># Port mapping</code>
<code>iptables -t nat -A PREROUTING -p tcp -m tcp --dport 8081 -j DNAT --to-destination 192.168.50.11:8080</code>
<code>iptables -t nat -A PREROUTING -p tcp -m tcp --dport 8082 -j DNAT --to-destination 192.168.50.12:8080

Permanent configuration – add the same commands to /etc/rc.local so they survive a reboot.

Verification

After applying the rules, the client can reach the internal services via the external IP of Server4:

curl http://172.16.2.100:8081/index.html

curl http://172.16.2.100:8082/index.html

Accessing Server3 directly still works:

curl http://172.16.2.11:8080/index.html

Windows Alternative

If Server4 runs Windows, the same effect can be achieved with the netsh interface portproxy commands shown earlier. The Windows IP configuration is:

Ethernet0 – 192.168.50.105 (internal)

Ethernet1 – 172.16.2.105 (external)

Port proxy rules are added with:

netsh interface portproxy add v4tov4 listenaddress=172.16.2.105 listenport=8081 connectaddress=192.168.50.11 connectport=8080</code>
<code>netsh interface portproxy add v4tov4 listenaddress=172.16.2.105 listenport=8082 connectaddress=192.168.50.12 connectport=8080</code>
<code>netsh interface portproxy show v4tov4

Verification is performed with the same curl commands as on Linux.