Trouble with NAT in Windows 2008 R2 RRAS

IP address and port forwarding in the Network Address Translation (NAT) feature of Windows 2008 R2 Server's Remote and Routing Access Service (RRAS) is surprisingly difficult to setup. Unlike previous versions of Windows Servers that I used before, the graphical user interface for NAT is simply broken in this version.

With previous versions of Windows Servers, I could right click on the public interface under NAT, select "Properties" from the popup menu, go to the "Services and Ports" tab, and then specify how I wanted certain ports to be forwarded to another machine on the LAN. With Windows 2008 R2, however, the settings in on this tab do not seem to work. In fact, other than forwarding to local loop back address of 127.0.0.1, turning on anything here will only break things. Outgoing internet connection sharing works, but incoming port forwarding settings through this GUI are completely useless.

Do not select anything here

It turns out that you now need to use a command line tool to do this. The mappings cannot seem to be named, but at least you can get port/address forwarding to work ( http://www.rickwargo.com /2011/01/08/ port-forwarding-port-mapping-on-windows-server-2008-r2/). The command is

netsh interface portproxy add v4tov4 listenport=<public port>  listenaddress=<public address> connectport=<private port> connectaddress=<private address>

This "netsh" command actually does many other things. There is just no GUI for it. For example, you can run the following command to see what port forwarding settings are in place:

netsh interface portproxy show v4tov4 

When deleting a particular port from the forwarding list, you need to specify both the port number and the address on the command line:

netsh interface portproxy delete v4tov4 listenport=<public port>  listenaddress=<public address>

We came to Windows from DOS, now apparently we are moving backwards.