NETSH port forwarding from local port to local port not working

Question

I'm trying to use NETSH PORTPROXY command to forward packets sent to my XP PC (IP 192.168.0.10) on port 8001 to port 80 (I've a XAMPP Apache server listening to port 80).

I issued the following:

netsh interface portproxy add v4tov4 listenport=8001 listenaddress=192.168.0.10 connectport=80 connectaddress=192.168.0.10

Show all confirms that everything is configured correctly:

netsh interface portproxy show all

Listen on IPv4:             Connect to IPv4:

Address         Port        Address         Port
--------------- ----------  --------------- ----------
192.168.0.10    8001        192.168.0.10    80

However, I'm not able to access apache website from http://localhost:8001. I'm able to access through the direct port at http://localhost as shown below.

Additionally, I've also tried the following: 1. Access the Apache website from a remote PC using the link: http://192.168.0.10:8001. Firewall turned off. 2. Changing listenaddress and connectaddress to 127.0.0.1.

Without further information, I can't find a way to resolve the problem. Is there a way to debug NETSH PORTPROXY?

Note: By the way, if you're wondering why I am doing this, I actually want to map remote MySQL client connections from a custom port to the default MySQL Server port 3306.

Answer 1

By using listenaddress=192.168.0.10 you are binding the listener to that specific interface. localhost will typically resolve to ::1 or 127.0.0.1, neither of which will match 192.168.0.10. You can use listenaddress=0.0.0.0 to listen on all interfaces, this may also solve the issue.

Answer 2

"netsh int ipv4 install" works for me After execute this command, you need to restart your computer, and reconfig netsh

Answer 3

One more reason not mentioned here, is that listening port may be in the excluded port range. I stumbled at this issue and spent some time to find out the reason.

The netsh interface portproxy add works fine, the netsh interface portproxy show all lists the added rule, but the proxy is not actually working, e.g. netstat -an | findstr <LPORT> outputs nothing.

To find out the list of the excluded ports, run netsh int ip show excludedportrange protocol=tcp. If your listening port is in the excluded port range, you then may try to un-exclude the range, or just choose another port.

Answer 4

If netsh's port proxying is not working as expected, then you should verify the followings, preferably in that order:

1. Make sure the port proxy is properly configured
2. Start or restart the related Windows service
3. Ensure support for IPv6 is installed
4. Make sure the port is not blocked by a firewall

Make sure the port proxy is properly configured

This might seems to be trivial, but just in case, take the time to review your configuration before you go any further.

From either a command prompt or PowerShell prompt, run the following command:

netsh interface portproxy show all

The result should look something like this:

Listen on ipv4:             Connect to ipv4:

Address         Port        Address         Port
--------------- ----------  --------------- ----------
24.12.12.24     3306        192.168.0.100   3306
24.12.12.24     8080        192.168.0.100   80

Carefully review those settings. Make sure that you can indeed connect to the addresses on the right side of that list, from the local computer. For example, can you locally open a web browser and reach 192.168.0.100:80? If the protocol is not HTTP, then use telnet: telnet 192.168.0.100 3306 (see here for how to install the Telnet client on Windows).

Then, are the values on the left side correct? Is the IP address valid for your machine? Is that the port number you are trying to connect to, from the external machine?

Start or restart the related Windows service

On latest versions of Windows, netsh's port proxying is handled by a Windows service named "IP Helper" or "iphlpsvc". Proxying will obviously not work if that service is stopped. I have also faced situations that turned out to be resolved by restarting that service.

To do that in latest versions of Windows:

1. Open the Task manager, then go to the Services tab.
2. In the "Name" column, find the service named either "iphlpsvc" or "IP Helper".
3. Right click on that service, then select Restart. If restart is not available, then the service is probably stopped, and actually has to be started, so select Start.

On previous versions of Windows, look for Services in Administrative Tools, inside the Control Panel.

Ensure support for IPv6 is installed (older releases of Windows only)

On earlier versions of Windows (that is Windows XP, for sure, upto some early releases of Windows 10, apparently, though this is not clear), netsh's port proxying feature (including for IPv4-to-IPv4 proxys) was actually handled by a DLL (IPV6MON.DLL) that was only loaded if IPV6 protocol support was enabled. Therefore, on these versions, support for the IPv6 protocol is required in order to enable netsh's port proxying (see Microsoft's support article here).

From either a command prompt or PowerShell prompt, run the following command:

netsh interface ipv6 install

If you get an error indicating that command interface ipv6 install was not found, then it means that you are using a recent release of Windows, in which netsh's IPv6 support is implicit and cannot be disabled.

Make sure the port is not blocked by a firewall

A local firewall may potentially block the port even before they reach the IP Helper service. To make validate this hypothesis, temporarily disable any local firewall (including Windows' native firewall), then retest. If that works, then simply add a port exclusion to your firewall configuration.

Answer 5

I managed to get it to work by issuing:

netsh interface ipv6 install

Also, for my purpose, it is not required to set listenaddress and better to set connectaddress=127.0.0.1, e.g.

netsh interface portproxy add v4tov4 listenport=8001 connectport=80 connectaddress=127.0.0.1

Answer 6

1. You must Run Command.exe as Administrator first, by right-clicking the Command Prompt icon and choosing Run as Administrator. You will asked to confirm.

2. Paste your netsh Command in the command.exe window and press Enter.

3. If no error message is shown, the command worked.

4. In your web browser go to http://your-up:8001 to see it works.

The Windows Event Log might have information to help find the cause of a failure.

Answer 7

I have the problem with you. I have solve it just now. There is a Windows Service named "IP Helper" that supplies the funcions tunnel connections. You should ensure it has been started.