TCP port forwarding with Windows operating system self

Because the work of a project, headquarters and each branch only Citrix server to communicate, the headquarters client wants to access the branch network resources through the branch Citrix. Basic ideas, through the program to obtain the ICA file IP address and port, the modified ICA file returned to the client, to achieve the client through the connection of local Citrix, automatically jump to another network of Citrix. Previously used is haproxy, but Haproxy and program interaction is not very good, if each branch only a Citrix server, in advance static writing is OK, but the general Division will have more than one Citrix server, can not determine the use of each of the Citrix server, This is more difficult to achieve by dynamically adding mapping entries to your program.

-----Haproxy is mainly used for load, if only load one, that becomes the port mapping, but after all, Linux is the following program.

-----Windows also has a gadget: Portforward.exe, the graphical interface is easy to operate, personal use can, but there is no way to achieve with the program interaction.

After searching on the Internet, discover Windows system, including XP 2003,2008 etc., all have the portproxy function. Only port forwarding for TCP protocols is currently supported, as long as portproxy hosts need to install IPV6 and the installation can not enable IPV6.

A. Configuration method
Assuming that you need to connect 192.168.1.118 1494 ports through the 192.168.1.8 14941 port, you need to enter the following statement at the command line on the 192.168.1.8 host
netsh interface ipv6 install
netsh interface portproxy add v4tov4 listenaddress=192.168.1.8 listenport=14941 connectaddress=192.168.1.118 connectport=1494

---If you have installed IPV6, the first one can not be
---If the operating system has a host firewall open, you need to release TCP 14941 inbound connections
---2008 firewall has a larger change than previous versions, you can refer to the following links:

Http://pcedu.pconline.com.cn/soft/virus/safe/0710/1130476.html

If you want to cancel the port forwarding configured above, you can use the following statement:

netsh interface portproxy delete v4tov4 listenaddress=192.168.1.8 listenport=33891

If you want to see which port forwarding has been configured, you can use the following statement:

netsh interface portproxy show v4tov4

B. Advantages
You can add or remove port forwarding entries as needed at any time, and restarting the operating system can still automatically save the previous configuration and automatically enable it, unlike Haproxy modifying the configuration file to reboot the Haproxy.

Some say on the Internet XP configuration port forwarding does not work, it is estimated that there is no installation of IPV6, with XP test, installed IPV6 can be implemented port forwarding, and do not need to open the Routing and Remote Access service.

In addition to the redundancy of port forwarding, you can configure port forwarding for multiple hosts without specifying a local listener address, which allows you to provide a floating address through the operating system to achieve redundancy:
netsh interface portproxy add v4tov4 listenport=14941 connectaddress=192.168.1.118 connectport=1494

When the program is dynamically added, you can telnet to each add entry, or you can only contact the virtual address, each time check whether there is a corresponding mapping entries (according to the ICA file need to connect to the Citrix server's IP address to check), if not the command line to add, When adding, make sure that the local port is not occupied, and that you need to consider the firewall and add the inbound port access rules with Netsh.

----requires the Citrix host to turn on the Telnet service and set access control to allow only specific hosts to connect.

This article comes from "Httpyuntianjxxll.spac" blog, please be sure to keep this source http://333234.blog.51cto.com/323234/1135361