Home / server / Questions / 914482
Accepted
Quandary
Asked: 2018-05-31 08:17:20 +0800 CST

How-to DNAT-forward all IP traffic on Windows 10 from IP1 to IP2?

  • 772

On my local machine, I want to setup a (web-)server that receives data that is sent (via http/https) to IP 65.55.44.109 (vortex.data.micorosoft.com).

In order to do that, I need to forward all IP traffic on 65.55.44.109 to 127.0.0.1 on MY machine, so that I can make the hosts-file-entry 

65.55.44.109  somedomain.com

and then open the browser on that machine and enter http://somedomain.com and get the webpage from the webserver at 127.0.0.1.
Now of course that will only work on the machine with the hosts-file entry (my machine).

On Linux, I can do this with 

iptables -t nat -A OUTPUT -d 65.55.44.109 -j DNAT --to-destination 127.0.0.1

(need to re-add on restart)

On Windows, I haven't been able to figure out how to do this. The closest thing I've come accross is 

netsh interface portproxy add v4tov4 listenaddress=65.55.44.109 listenport=80 connectaddress=127.0.0.1 connectport=80

but that doesn't work, and I have no idea why.

Is there anything I do wrong ? Or is there anything else I can do ?

I also read this:
http://www.itprotoday.com/virtualization/nat-forwarding-switch-windows-10-and-windows-server-2016
and so I thought the following might work

Add-NetNatStaticMapping -NatName NATnetwork -Protocol TCP -ExternalIPAddress 65.55.44.109 -InternalIPAddress 127.0.0.1 -InternalPort 80 -ExternalPort 80

but I only get an error (invalid classname), with no further information to be found via google.

Can this be done somehow on Windows (Windows 10) ?

Note: It's sufficient to forward only port 80, but all ports would be nicer.
NO loopback or non-loopback-interface with IP 65.55.44.109 may be created on the host-machine.
It must absolutely be done via DNAT-only.
The host-machine does not have a network-interface with IP 65.55.44.109, only 192.168.x.x.
Just setting the hosts-file to 

127.0.0.1  somedomain.com

is also insufficient, because then any call for dns-address-resolution of somedomain.com will yield the IP 127.0.0.1 instead of 65.55.44.109

windows

1 Answers

  1. Best Answer

    This may be an old one but there's no answers and 2k views.

    The reason why netsh interface portproxy add v4tov4 listenaddress=65.55.44.109 listenport=80 connectaddress=127.0.0.1 connectport=80 doesn't work is because you don't actually have an interface 65.55.44.109.

    But you can add it, as long as you're happy for all your traffic to go to it regardless of port.

    1. Press Win+R -> ncpa.cpl.

    2. Right click your LAN / WAN network adapter and select properties.

    3. I the list of items/protocols, select Internet Protocol Version 4 (TCP/IPv4) and click Properties.

    4. Make sure DHCP is switched off. If you need to determine what static settings to enter, then from a command prompt run ipconfig /all and note the IP address, subnet mask, gateway and DNS server(s) for the interface. Populate these settings in the dialogue.

    5. Click the Advanced button.

    6. Under the IP Addresses list, click the Add button.

    7. Enter the IP address required, eg 65.55.44.109.

    8. Enter the Subnet Mask 255.255.255.255.

    9. Click OK and Apply etc. Now you have bound the IP address to your interface, and your route tables will have been updated accordingly so traffic to this address does not get sent straight to the gateway.

    After these steps, you have 2 options. You can either have your App bind to all addresses (0.0.0.0:0), or you can bind it to 65.55.44.109. These options mean you don't need to use netsh portproxy. Otherwise, if your application binding is strictly on the loopback interface with address 127.0.0.1:80 then just run original netsh portproxy command you quoted above and it will work.

    Happy spoofing.

    • 2