How to Create a TCP Port Forwarding Proxy on Windows for Redirecting Port 80 to 23


2 views

When working with legacy systems or specialized services, you often need to redirect traffic from standard ports (like HTTP port 80) to non-standard ports (like Telnet port 23). This is particularly common when dealing with:

  • Legacy industrial control systems
  • Old-school telnet services
  • Network protocol conversion
  • Security through obscurity approaches

Windows provides several built-in ways to handle port forwarding:

# Using netsh (requires admin privileges)
netsh interface portproxy add v4tov4 listenport=80 connectaddress=remote.server.com connectport=23

This creates a persistent port forwarding rule. To verify it worked:

netsh interface portproxy show all

For more control, here's a PowerShell script that acts as a simple TCP proxy:


# Simple TCP proxy in PowerShell
$localPort = 80
$remoteHost = "your.remote.server"
$remotePort = 23

$listener = [System.Net.Sockets.TcpListener]::new($localPort)
$listener.Start()

try {
    while ($true) {
        $client = $listener.AcceptTcpClient()
        $remote = [System.Net.Sockets.TcpClient]::new($remoteHost, $remotePort)
        
        $clientStream = $client.GetStream()
        $remoteStream = $remote.GetStream()
        
        # Start async copy in both directions
        $clientStream.CopyToAsync($remoteStream)
        $remoteStream.CopyToAsync($clientStream)
    }
}
finally {
    $listener.Stop()
}

If you have SSH access to the remote server, PuTTY's plink can create a secure tunnel:


plink -L 80:localhost:23 user@remote.server.com -N
Tool Pros Cons
netsh Built-in, no installation Requires admin, IPv4 only
PowerShell Flexible, no install Resource intensive
plink Encrypted tunnel Requires SSH access
nginx High performance Complex configuration

Remember to configure Windows Firewall to allow incoming connections on port 80:


New-NetFirewallRule -DisplayName "TCP Proxy 80-23" -Direction Inbound -LocalPort 80 -Protocol TCP -Action Allow
  • Verify port availability with netstat -ano | findstr :80
  • Test connectivity with telnet localhost 80 (from another machine)
  • Check Windows Firewall logs for blocked connections
  • For production use, consider implementing connection timeouts and logging

When you need to redirect traffic from your local network (port 80) to a remote server's telnet service (port 23), a TCP proxy becomes essential. This is particularly useful for:

  • Accessing legacy systems that only accept telnet connections
  • Creating secure tunnels through firewalls
  • Debugging network applications
  • Maintaining compatibility with older protocols

Windows includes several built-in tools that can handle port forwarding:

# Using netsh (requires admin privileges)
netsh interface portproxy add v4tov4 listenport=80 connectaddress=remote.server.com connectport=23 protocol=tcp

However, netsh has limitations:

  • Only works on Windows Pro/Enterprise
  • Requires persistent configuration
  • Lacks logging capabilities

For more control, try this PowerShell solution:

# Simple TCP Proxy in PowerShell
$listener = [System.Net.Sockets.TcpListener]::new(80)
$listener.Start()

while ($true) {
    $client = $listener.AcceptTcpClient()
    
    $remote = [System.Net.Sockets.TcpClient]::new()
    $remote.Connect("remote.server.com", 23)
    
    $clientStream = $client.GetStream()
    $remoteStream = $remote.GetStream()
    
    # Start bidirectional forwarding
    $job1 = Start-Job -ScriptBlock {
        param($from, $to)
        $buffer = New-Object byte[] 4096
        while ($true) {
            $read = $from.Read($buffer, 0, $buffer.Length)
            if ($read -eq 0) { break }
            $to.Write($buffer, 0, $read)
        }
    } -ArgumentList $clientStream, $remoteStream
    
    $job2 = Start-Job -ScriptBlock {
        param($from, $to)
        $buffer = New-Object byte[] 4096
        while ($true) {
            $read = $from.Read($buffer, 0, $buffer.Length)
            if ($read -eq 0) { break }
            $to.Write($buffer, 0, $read)
        }
    } -ArgumentList $remoteStream, $clientStream
    
    $job1, $job2 | Wait-Job | Remove-Job
    $client.Close()
    $remote.Close()
}

The Linux utility socat has Windows ports available:

  1. Download socat from official site
  2. Run this command:
socat TCP4-LISTEN:80,fork TCP4:remote.server.com:23

Advantages:

  • Handles multiple concurrent connections
  • Supports various protocols
  • Lightweight and efficient

For enterprise environments, consider Nginx on Windows:

# nginx.conf snippet
stream {
    server {
        listen 80;
        proxy_pass remote.server.com:23;
        proxy_timeout 1h;
    }
}

Benefits include:

  • Load balancing capabilities
  • SSL termination
  • Connection pooling
  • Detailed logging

When forwarding cleartext protocols like telnet:

  • Always use VPN tunnels for the connection
  • Implement firewall rules to restrict source IPs
  • Monitor connection attempts
  • Consider using SSH tunneling instead (ssh -L 80:remote.server.com:23 user@jumpserver)