Built in Windows Port Re-director

The other day I was in the situation pictured below. Basically I had a command shell with admin privileges on Server1. What I really wanted was RDP (Remote Desktop) access to Server2, but I didn’t have direct access to it due to firewall restrictions. In this particular situation, trying to install any 3rd party tool would have been problematic. So what I needed was a built-in port re-director.

Network Layout  

Luckily for me, the web server was installed on a Windows 2008 server. Windows 2008 installs with IPv6 by default, so it supports the netsh portproxy command, which does just the port redirection I was looking for. (Note: The portproxy command is actually serviced by the IPV6MON.DLL, so IPv6 needs to be installed for the redirection to work.)

In this situation, the initial firewall had port 8080 opened but unused to the web server. It’s important that the port be unused so no valid/noticeable traffic is interrupted. The problem was that the firewall between the web server and the back-end server I was trying to get access to was configured to only the web server’s IP through. The port restrictions coming from the two IPs’ to the inside host weren’t as restrictive as they should have been, but that’s another story.

By typing the command:

netsh interface portproxy add v4tov4 listenport=8080 connectaddress=192.168.1.59 connectport=3389 netsh command

I went from:

Failed RDP connection box and dialog

To:

RDP Connection Box with IP and Port Specified Server desktop from the RDP menu

Perfect.