Multi Port Forwarder


    • Version: 6.50
    • Supported OSes:
      Windows 7, 8, 8.1, 10, 11
      Server 2008 R2, Server 2012,
      Server 2012 R2, Server 2016,
      Server 2019, Server 2022

    • NOTE: The Basic (free) edition has to be activated with a free serial key. See the product edition chart for details.

    • Change Log
  • multi port forwarder

Features 30-day Trial Basic
Pro
Ultimate
Maximum number of rules 3 3 10 50
Works as a Windows service
without modification of
Windows networking settings
yes yes yes yes
Activity monitoring yes yes yes yes
Filtering/editing TCP/UDP ports yes yes yes yes
Rule description editing yes no yes yes
Filtering/editing IP address yes no yes yes
Filtering/editing MAC address yes no no yes
Filtering/editing Network Adapter yes no no yes
Traffic cloning yes no no yes
Traffic reflection yes no no yes
Import/Export of rules into a file yes no yes yes
Complimentary technical support for 1 year
*See end user license agreement for details.
no no yes yes
Background without a watermark no no yes yes
License to use for more than 30 days no yes yes yes
Price (in USD) - Free $16.95 $22.95
Purchase

Technical Specifications

Latest release 6.50 , 30 May 2023 , [Change Log, Previous Releases]
Supported networking Ethernet, IPv4, IPv6, TCP, UDP.
Traffic transformation engine Kernel-mode network driver.
Prerequisites .NET 4.5.2, up-to-date root certificates (or it will take 2 minutes to start).
Supported OSes Windows 7*, 8, 8.1, 10, 11, Server 2008 R2*, Server 2012, Server 2012 R2, Server 2016, Server 2019, Server 2022.

*For Windows 2008 R2 and 7, required Service Pack 1 + KB3033929 (SHA-2 digital signing).
*For Windows 8.1, Server 2012 R2, required KB2995730.
Recommended hardware CPU 1GHz and above, modern graphics card.
Additional hardware required none

Overview

This is a Swiss Army knife of port forwarding. It transforms network traffic whichever way imaginable. The traffic for forwarding is selected by a combination of: direction (incoming/outgoing), protocol (TCP/UDP), Port, IP (IPv4, IPv6, DNS name), MAC, and Network Adapter. Any of the above traffic addresses can be selected together or individually. The program goes beyond just forwarding and offers reflection of traffic back to the source on a local or a remote computer, with or without transposing the addresses. An activity indicator associated with each rule conveniently shows the traffic being processed. The program provides high performance and efficient use of resources on computers running even the old operating systems.

What is a port forwarding in general ?

Port forwarding functionality is similar to the network address translation (NAT) except that it performs translation of only the port numbers. To illustrate the concept, two computers on the Internet that communicate with each other via TCP/IP or UDP/IP protocols utilize ports to identify the opposite connection points of each other where the data packets supposed to go to. In order to communicate, each computer knows the port of another computer (in addition to IP address) and sends data to that port. Multi Port Forwarder forwards these ports in such a way that when one computer sends data to the specific port of another computer, the data actually goes to a different port. The port forwarding is performed transparently for all applications. So, the applications don’t even notice that such forwarding ever occurred.

An example scenario for the port forwarding of incoming traffic: when a remote computer sends some traffic to the local computer to the specific port (lets say, HTTP port 80), Multi Port Forwarder forwards the local port 80 to the port specified within the rules (for example, port 8080). Thus the local server can be listening on port 8080 and receiving the data which was sent by the remote computer to port 80.

Working with Multi Port Forwarder

IMPORTANT: When used on a Virtual Machine, accidental changes by a user to the rules may affect Remote Desktop (RDP) traffic and result in a user lock out. For instructions on how to restore RDP connectivity for a VM, see KB article Restoring Remote Desktop (RDP) connectivity to Azure VM after a user lock out.

Multi Port Forwarder actions are based on rules. Rules can be added or removed from the rules list using toolbar buttons or the menu. Rules can be enabled or disabled using the checkbox right next to them. They take effect with a delay configurable via Settings.

Multi Port Forwarder rules list
Rules are executed from the top to bottom. Whenever the first matching to network traffic rule is found, that rule is executed. No other rules are executed for the same traffic.

Rule editing has been significantly simplified comparing to previous versions. The interface now operates in terms of Local and Remote addresses. Check boxes allow to individually choose parameters for traffic selection and modification.

Multi Port Forwarder rule properties

  • Description - description or title of the rule to be displayed in the rules list.
  • Activity monitoring - enables yellow LED-like activity indicator in the rules list to flash whenever the rule is triggered.
  • Traffic Selector section - parameters for selection of traffic for modification.
  • Forward Traffic As... section - parameters for traffic modification to be performed.

Traffic Selector

  • Direction - direction of the first packet of the traffic that will trigger the rule execution. When the first packet is processed, the program internally creates a bi-directional conversation channel between communicating parties. So, the subsequent packets for the same conversation can go in either direction. The duration of the conversation channel can be set in Options menu for TCP and UDP individually. The duration is really an inactivity timeout. Once it expires, the reverse channel closes (silently ceases to exist). And a new packet that matches the rule will be needed to create the bi-directional channel again.
  • Protocol - UDP or TCP
  • Port - a port number 1-65535
  • IP address - an IPv4 address, IPv6 address, or DNS name. The located below hint displays the identified type of entry. When DNS name is used, the program resolves it into IP address list then uses all of its associated IP addresses. The DNS name resolution is performed once when the rules are run (submitted to the driver). There is no continuous monitoring of DNS name address associations.
  • MAC address - MAC address. NOTE: all traffic arriving to a computer has local MAC address as MAC address of its network card or a broadcast/multicast.
  • Adapter - list of available network adapters.

Forward Traffic As...

  • Reflection - flag that forces traffic to be sent back in the direction of its source. If the traffic is going out, the traffic will be returned back. If the traffic is coming from the outside, it will be sent to the outside.
    • Mirroring reflection - flag that forces the traffic to be sent back to its source and preserves all of its Local and Remote addresses. That actually means that Source and Destination addresses within each packet will be transposed. This affects only addresses and does not affect TCP SeqNo/AckNo.
    • Routing reflection - flag that forces the traffic to be sent back to its source with all of its Local and Remote addresses transposed. That actually means that Source and Destination addresses of each packet will not change. The routing is perfromed after all other changes are made to the traffic.
  • Port - a port number 1-65535
  • IP address - an IPv4 address, IPv6 address, or DNS name. The located below hint displays the identified type of entry. When DNS name is used, the program resolves it into IP address list then uses only the first associated IP address. The DNS name resolution is performed once when the rules are run (submitted to the driver). There is no continuous monitoring of DNS name address associations.
  • MAC address - MAC address. NOTE: for traffic recipient to be able to communicate with the source, the Local MAC address has to be the MAC address of the network card the traffic is sent through.
  • Adapter - list of available network adapters.

Examples

Example #1

Forward all incoming traffic from TCP port 80 to port 8080.

Multi Port Forwarder example

Example #2

Forward outgoing traffic for verigio.com from TCP:25 to TCP:8025.

Multi Port Forwarder example

Example #3

Monitor activity of web traffic (without changes).

Multi Port Forwarder example The monitoring will start when the local computer connects to a remote web server. The monitoring will be performed in both directions (even though Direction is set as Outgoing), since bi-directional communication channel is created internally and is used for traffic monitoring/transformation.

Example #4

Route traffic for verigio.com via specific network adapter.

Multi Port Forwarder example The "Forward Traffic As..." section has the following items:
  • Local IP address - IP address that is associated with the network adapter. Use the command line "ipconfig /all" to obtain.
  • Remote IP address - IP address of the default gateway. Use the command line "ipconfig /all" to obtain.
  • Local MAC address - MAC address of the local network adapter. Use the command line "ipconfig /all" to obtain.
  • Remote MAC address - MAC address of the network adapter of the default gateway. Use the command line "ping 'Remote IP address'" then "arp -a" to obtain.

Example #5

Route all incoming web traffic (TCP:80) to another server (192.168.1.8 TCP:8080).

Multi Port Forwarder example The "Forward Traffic As..." section has the following items:
  • Reflection - mirroring reflection preserves Local and Remote addresses without changes (source and destination addresses for each packet would, of course, transpose).
  • Remote Port - listening port on the remote server.
  • Local IP address - IP address that is associated with the network adapter. Use the command line "ipconfig /all" to obtain.
  • Remote IP address - IP address of the another server. Use the command line "ipconfig /all" to obtain.
  • Local MAC address - MAC address of the local network adapter. Use the command line "ipconfig /all" to obtain.
  • Remote MAC address - MAC address of the network adapter of the another server. Use the command line "ping 'Remote IP address'" then "arp -a" to obtain.

Third party tools useful for network debugging

 

Notes:
* Windows® is a registered trademark of the Microsoft Corporation.