From time to time, you may want to be able to map or proxy a port for an application (example: Remote Desktop operates over port 3389). Or you may want to be able to keep using the old port internally and block externally (but you want to have an alternate port for external access).
In the case of RDP for instance, it can only listen on port 3389. However it is possible using Windows to proxy port traffic say, from port 10000 to port 3389. This way internally, users can still connect to the old port while you block the firewall and external users from reaching it through the non-standard port 10,000.
First you need to make sure that nothing is latched to port 10000 on the box you want to configure.
netsh interface portproxy show all
If nothing is being proxied, then below is how you would map port 10000 to the RDP port:
netsh interface portproxy add v4tov4 listenport=10000 listenaddress=X.X.X.X connectport=3389 connectaddress=X.X.X.X
… Where x.x.x.x is the IP address of the machine you want to map the extra port to.
If you do netsh interface portproxy show all, the below image is what it’s going to look like:
To remove a port proxy entry:
netsh interface portproxy delete v4tov4 listenport=XXXXX listenaddress=X.X.X.X
So at this point, you can RDP to the default port 3389 AND the proxied port 10000.
This type of proxy setup does survive a reboot.
So if you have an application that listens on a port that is hardcoded (can’t be changed), this method makes it possible to change the port.
Discussion
Let us know if you found this article (Network Security and Port Remapping) useful in the comments section below.
Leave a Comment