JohnKlann / Posts tagged "port forwarding"

How to Forward Ports and Use Port Proxies

So I came across a need to Forward a port from one windows machine to another windows machine and found a nice solution using netsh and port proxies. In this example I will use port proxies to forward a Remote Desktop Port  3389 (RDP)  from one  server to another to allow access to this  server via RDP by connecting to a local port like localhost:5000.

  1. Create the Port Proxy
    1. Open Admin Command Prompt:
      netsh interface portproxy add v4tov4 listenport=freeport listenaddress=localip connectport=rdpport(default rdp is 3389) connectaddress=remoteip 
    2. Example:
      netsh interface portproxy add v4tov4 listenport=5000 listenaddress= connectport=3389 connectaddress=
  2. Create the Firewall Rule:
    1. You will need to choose a local port that is not in use. If  you need to know how to check if a port is in use check out my Quick Tip Post on how to do that here: How to check if a port is in Use and What Process is running on it
    2. Command:
      netsh advfirewall firewall add rule name="Custom Port Rule" dir={in |out} action={allow | block} localport={number| n-n} protocol={TCP | UDP} remoteip={any | ip | range} profile={any | domain | public | private }


      netsh advfirewall firewall add rule name="Custom Port Forward 5000" dir=in action=allow localport=5000 protocol=TCP remoteip=any profile="Domain"
  3. Output:


  • Use the Port Proxy:
    1. Syntax:
       {localhost | ip or hostname you created the rule on}:{port number you chose} 
    2. Example:
       mstsc locahost:5000 /admin 
  • Delete the Port Proxy:
    1. Syntax:
      netsh interface portproxy delete v4tov4 listenport=portyouchose listenaddress=localip
      netsh interface portproxy delete v4tov4 listenport=5000 listenaddress=
  • Delete the Firewall Rule:
    1.  Syntax:
      netsh advfirewall firewall delete rule name="firewall rule name"
    2. Example:
      netsh advfirewall firewall delete rule name="Custom Port Forward 5000"
    3. Output:


port forward config router

How to: Setup Port Forwarding For SSH

Port forwarding will allow you to connect to your SSH server from anywhere, and it is really easy to do.


Administrator access to your router
Putty client

Step 1: Login to router

Login to your router via a web browser using its IP address (default is

router browser login

Next you locate where you can setup port forwarding. In my case it is under  Applications & Gaming sub tab Single Port Forwarding.

Once located create a custom forward with the following settings:

Internal port: 22
IP address of your SSH server.

Save the settings.

port forward config router

Step 2: Get your external IP address

You can find your external IP address by visiting

 *Note: Unless you have a static IP provisioned by your ISP, your external IP address will most likely change often. There are several services that allow you to track the change, and assign a domain name to it (Never had much luck with them). I went with a much more simple approach. View the article here.

Step 3: Creating your first external connection

From computer outside your LAN open your putty client.
Enter your external IP address into the Hosts field and click open.

putty setup ext ssh session
If you receive a popup box like the following select yes to continue:

rsa key working ssh
Enter your username and password:

ssh login
Then you will receive a shell on the SSH server:

secure shell on remote ssh server

Related Articles: