Windows端口映射转发netsh实现跨网段访问

# Windows端口转发netsh实现跨网段访问 - 必要条件：需要有连接这两个网段的主机（双网卡） - 命令运行：管理员  ## 方法一：bat脚本批量处理 获取`无线局域网适配器 WLAN`的IP地址 ```bat @echo off & setlocal enabledelayedexpansion rem 获取管理员权限 %1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit cd /d "%~dp0" for /f "tokens=1,2 delims=:" %%a in ('ipconfig') do ( rem echo %%a if "%%a"=="无线局域网适配器 WLAN" set "flag=1" if "!flag!"=="1" (if "%%a"==" IPv4 地址 . . . . . . . . . . . . " set "ip=%%b") if "%%a"==" 默认网关. . . . . . . . . . . . . " set flag=0 ) set IP=%ip% echo %IP% rem 但是结果中字符串前面有空格，去掉前后空格 set "str=%IP%" :intercept_left if "%str:~0,1%"==" " set "str=%str:~1%"&goto intercept_left :intercept_right if "%str:~-1%"==" " set "str=%str:~0,-1%"&goto intercept_right set IP=%str% echo %IP% echo 1. 删除已有转发······ netsh interface portproxy delete v4tov4 listenaddress=%IP% listenport=80 netsh interface portproxy show all echo 2. 启动端口转发······ netsh interface portproxy add v4tov4 listenaddress=%IP% listenport=80 connectaddress=192.168.96.20 connectport=80 netsh interface portproxy show all echo 3. 操作完成！ pause>nul ``` ### 监听端口转发 ```bat rem 添加 netsh interface portproxy add v4tov4 listenport=[对外端口] connectaddress=[目标地址] connectport=[目标端口] rem 删除 netsh interface portproxy delete v4tov4 listenport=[对外端口] ``` 将本地从`对外端口`进来的数据转发到`目标地址:目标端口`处理。 ### 监听指定IP端口转发 添加一个IPV4到IPV4的端口映射，也就是指定一个ip ```bat rem 添加 netsh interface portproxy add v4tov4 listenaddress=[对外地址] listenport=[对外端口] connectaddress=[目标地址] connectport=[目标端口] rem 删除 netsh interface portproxy delete v4tov4 listenaddress=[对外地址] listenport=[对外端口] ``` ### 查看端口转发列表 ```bat rem 查看所有端口转发 netsh interface portproxy show all rem 仅查看IPv4端口转发 netsh interface portproxy show v4tov4 rem 搜索 netsh interface portproxy show v4tov4 | find "xxx.ip.ip.xxx" ``` ## 方法二：使用软件实现转发   ## 防火墙相关（特重要） 我的系统为Win10 ```bat rem 关闭防火墙 netsh Advfirewall set allprofiles state off rem 查看防火墙关闭状态 netsh Advfirewall show allprofiles rem 打开防火墙 netsh advfirewall set allprofiles state on ``` 也可以在控制面板中 `控制面板\系统和安全\Windows Defender 防火墙\自定义设置` 进行手动关闭：  ### 不关防火墙需允许启动端口 可以将对外端口添加到防火墙入站规则中，允许该端口数据。  允许这条规则命令 ```bat @echo off rem 获取管理员权限 %1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit cd /d "%~dp0" echo 允许端口转发······ netsh advfirewall firewall set rule name=@WiFi端口转发到96.20 new enable=yes pause>nul ``` 禁止这条规则命令 ```bat @echo off rem 获取管理员权限 %1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit cd /d "%~dp0" echo 禁止端口转发······ netsh advfirewall firewall set rule name="@WiFi端口转发到96.20" new enable=no pause>nul ``` # Linux转发方法 使用`iptables`防火墙软件进行 ## 允许数据包转发 ```bash echo 1 >/proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -j MASQUERADE iptables -A FORWARD -i [内网网卡名称] -j ACCEPT iptables -t nat -A POSTROUTING -s [内网网段] -o [外网网卡名称] -j MASQUERADE ``` 例： ```bash echo 1 >/proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -j MASQUERADE iptables -A FORWARD -i eth1 -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.96.20/23 -o eth1 -j MASQUERADE ``` ## 设置端口映射 ```bash iptables -t nat -A PREROUTING -p tcp -m tcp --dport [外网端口] -j DNAT --to-destination [内网地址]:[内网端口] ``` 例： ```bash iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.96.20:80 ```

明人不说暗话 领红包就是支持！！！ 来都来了，再到页面底部看下呗~ ↓ ↓ ↓

本文地址： http://blog.starmeow.cn/detail/539fd53b59e3bb12d203f45a912eeaf2/

很赞哦！ (1)