Using netsh to create a transparent proxy

There are some good windows web proxies about. The only problem with them is they sometimes dont natively act as a transparent proxy. i.e. typically you’ll need to set your client machines to a specific IP and port.

I’ve used squid historically when setting up transparent proxies (mainly since it actually has a transparent mode) and this has worked well. Recently i thought i’d have a go at some of the windows solutions to see how they pan out.

netsh is going to be the tool to assist in this case. Here is a typical use for netsh;


>add v4tov4 listenport=80 connectaddress=  connectport=8080

This should grab all traffic that hits your machine bound for port 80 and redirect to port 8080.

You’ll also need to make sure that routing is enabled, so your machine can act as a gateway between the requests and the real outbound gateway (typically your dsl modem)

Windows – Port forwarding

Just wanted to note here that there is a tool for windows to ‘port forward’ Its a command MS ships that enables IPv6 to work on IPv4, but can be used as a port redirector…. so as long as you have IPv6 support on your box, you can do this.

syntax as follows;

netsh interface portproxy add v4tov4 listenport=443 connectaddress=targetmachine connectport=3389

so the machine above listens on 443 and redirects traffic to 3389 on targetmachine.

Be warned though, NETSH is insanely powerful. And if you make a mistake good luck at cleaning up the mess…. Feeling confident now?