How to forward port traffic to public IP in Win2K8

Question

I need to forward traffic coming in to a server from a public IP over a specific port (port 7575) to another public IP address on (preferably) the same port. I am using Windows Server 2008 R2 on the "old" server.

Example:

[rem device] 1.2.3.4:7575 => [Old Svr] 6.7.8.9:7575 => [New Svr] 10.11.12.13:7575

I have a field device configured to communicate data to a specific IP where our server software has been receiving and processing the data. Unfortunately, I cannot change the device configuration remotely, and it will be some time before I can get to it directly to make the change.

The issue is that the processing server software is moving to a new server with different networks, in different geographic locations, and a different public IP. I need the "old" server to forward the incoming packets on port 7575 to the new IP:7575.

In researching to solve this issue, I have found many examples of forwarding traffic between different subnets where the server has a NIC on each network. This is not the case in this scenario.

I have installed the Routing and Remote Access role to the old Win2K8 server in hopes of gaining the capability to do what I need. I have also been through the Windows Firewall with Adv. Security looking for this option. It may be that one or the other of these programs will do what is needed, but I have been unable to figure out the right combination of rules/policies to accomplish my goal.

score 2 · Answer 1 · answered Nov 03 '14 at 10:41

Windows does have a built-in TCP port proxy. Just use it like this:

netsh interface portproxy add v4tov4 listenport=80 connectaddress=10.11.12.13 connectport=23 listenaddress=1.2.3.4 protocol=tcp

Needs Administrator privileges
Needs IPv6 on your NICs

More about the portproxy: http://technet.microsoft.com/de-de/library/cc731068%28v=ws.10%29.aspx

score 0 · Answer 2 · answered Nov 03 '14 at 05:08

0

Effectively what you are asking for is basic NAT/routing. Routing and restricting with ports. I'm pretty sure you cannot do this unless you have something like ISA/TMG installed on Windows.

You are probably better with something like a Juniper SSG5. NAT the old address to the new address and then restrict the port.

I hope this helps.

answered Nov 03 '14 at 05:08

leepryor

1
1

Thank you. I was able to find a good temporary solution. I posted it as the answer. – jwatts1980 Nov 03 '14 at 05:57

score 0 · Accepted Answer · answered Nov 03 '14 at 05:55

I went deeper into the Google search rabbit hole and found a command line program called RineTD. Using the following configuration:

0.0.0.0 7575 10.11.12.13 7575

I was able to successfully forward the packets to the new IP, and the data connection was successful. I will have to manually manage the program, but as this is intended to be a temporary fix, and the device calls in periodically, it will work until I can manually reconfigure device's IP.

How to forward port traffic to public IP in Win2K8

3 Answers3