Thursday, July 24, 2014

Port Forwarding using your Windows Server or Laptop

Sometimes we just need to forward a port from one host, to another host. A few years back I built a java NIO-based port forwarder to learn about java NIO socket communication. The java source codes since has been lost and there is a different need for port forwarding, the first is that a server having failure connecting to services in another server, and I think that the server's IP  might be translated to another IP while it were connecting to another network. So the port forwarding need to be able to log the IPs of the incoming  connection. The second, is to temporarily circumvent strange network problems that prevent the first server connecting to another server.

Step 1 - Decide which incoming port to use

First we need to decide what port we are going to use to accept connections in the first host. Check first that the port is not already occupied in the host (try opening http://127.0.0.1:xx in your favorite browser where xx is the chosen port)

Step 2 - Open windows firewall for the port

For this step we need to go to windows firewall settings and allow connections to the chosen port.
In my Windows 8.1 laptop, the steps are :

  • Windows-S, type 'firewall'
  • click on the shown Windows Firewall icon
  • click on Advanced Settings (left menu)
  • click Inbound Rules (left tree)
  • click New Rule (right Actions menu)
  • choose Port, click Next
  • choose TCP, insert port number in specific local ports, click Next
  • choose Allow connection (don't change the default), click Next
  • check all Domain, Private, and Public boxes, click Next
  • type name and description, Finish

Step 3 - Enable IPv6 protocol in the network adapter

We need to enable IPv6 in the adapter, because Windows's proxy service needs IPv6 library even though we only forward IPv4 ports.
The steps:
  • Click triangle 'show hidden icons' in Windows Taskbar near the clock
  • Right click on connected the network icon
  • Click open Network and sharing center
  • Click on the active Connection where we want to enable the port forwarding
  • Click Properties
  • Ensure TCP/IP v6 checkbox were checked. If there is no TCP/IP v6 entry, click on Install, choose protocols, TCP/IP v6.

Step 4 - Enable port forwarding using command line

  • Windows-S, type 'cmd'
  • Right click on Command Prompt, click Run as Administrator
  • In the command console, type :


netsh interface portproxy add v4tov4 listenport=80 connectport=81 connectaddress=10.2.16.107 

This example forwards local port 80 to port 81 in host 10.2.16.107. Please change the IP and port numbers as needed.

Step 5 - Enable incoming connection logging 

This step is optional, I need it because I need to record IP addresses that connects to this server/laptop that is using the port forwarding service.

  • Windows-S, type 'firewall'
  • click on the shown Windows Firewall icon
  • click on Advanced Settings (left menu)
  • Ensure Windows Firewall in left menu is selected
  • Click Windows Firewall properties in the middle window
  • Click on Public Profile (or other profile, depending your active profile)
  • Click on Customize.. on the Logging fieldset
  • Change Log successful connections from No to Yes, click OK
  • click Apply
The log will be written to the specified path in the Log successful connections screen. To read the log, use Administrator command console, because the location is not accessible by normal user or Admin without privilege escalation.


That's all.

Reference


No comments: