xiazhou


不吃碳水不行

关于win10双网卡设置IP转发

2025年3月24日 0条评论 136次阅读 0人点赞 zfb 
# 多端口转发配置方案(6360/6361/6362/6364/6368/6369)

---

## 网络拓扑与基础配置
```mermaid
graph LR
    Internet[互联网用户] -->|访问 公网IP:端口| A_WAN[电脑A-网卡1<br>10.10.20.28/24]
    A_WAN -->|端口转发| A_LAN[电脑A-网卡2<br>192.168.10.100]
    A_LAN -->|直连网线| B[电脑B<br>192.168.10.101]

一键配置脚本(管理员权限运行)

# 启用IP路由转发
reg add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v IPEnableRouter /t REG_DWORD /d 1 /f

# 创建端口转发规则
$ports = 6360,6361,6362,6364,6368,6369
foreach ($port in $ports) {
    netsh interface portproxy add v4tov4 listenaddress=0.0.0.0 listenport=$port connectaddress=192.168.10.101 connectport=$port
}

# 配置防火墙规则
foreach ($port in $ports) {
    netsh advfirewall firewall add rule name="ERP_Port_$port" dir=in action=allow protocol=TCP localport=$port
}

# 重启生效
shutdown /r /t 0

手动分步配置指南

1. 启用IP路由转发

reg add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v IPEnableRouter /t REG_DWORD /d 1 /f
shutdown /r /t 0

2. 创建端口转发规则(逐个执行)

netsh interface portproxy add v4tov4 listenport=6360 connectaddress=192.168.10.101 connectport=6360
netsh interface portproxy add v4tov4 listenport=6361 connectaddress=192.168.10.101 connectport=6361
netsh interface portproxy add v4tov4 listenport=6362 connectaddress=192.168.10.101 connectport=6362
netsh interface portproxy add v4tov4 listenport=6364 connectaddress=192.168.10.101 connectport=6364
netsh interface portproxy add v4tov4 listenport=6368 connectaddress=192.168.10.101 connectport=6368
netsh interface portproxy add v4tov4 listenport=6369 connectaddress=192.168.10.101 connectport=6369

3. 防火墙配置

netsh advfirewall firewall add rule name="ERP_6360" dir=in action=allow protocol=TCP localport=6360
netsh advfirewall firewall add rule name="ERP_6361" dir=in action=allow protocol=TCP localport=6361
netsh advfirewall firewall add rule name="ERP_6362" dir=in action=allow protocol=TCP localport=6362
netsh advfirewall firewall add rule name="ERP_6364" dir=in action=allow protocol=TCP localport=6364
netsh advfirewall firewall add rule name="ERP_6368" dir=in action=allow protocol=TCP localport=6368
netsh advfirewall firewall add rule name="ERP_6369" dir=in action=allow protocol=TCP localport=6369

验证命令

# 查看所有端口转发规则
netsh interface portproxy show all

# 测试端口连通性(从其他设备执行)
Test-NetConnection -ComputerName 10.10.20.28 -Port 6360

端口映射对照表

外部访问端口 内部目标端口 协议 对应服务
6360 6360 TCP 通常用于LDAP SSL
6361 6361 TCP 自定义服务端口1
6362 6362 TCP 自定义服务端口2
6364 6364 TCP 自定义服务端口3
6368 6368 TCP 自定义服务端口4
6369 6369 TCP 自定义服务端口5

路由器配置(如果存在NAT)

1. 登录企业路由器管理界面
2. 找到"NAT转发"或"端口映射"功能
3. 添加以下规则(示例TP-LINK界面):
   - 外部端口:`6360-6369`
   - 内部IP:`10.10.20.28`
   - 内部端口:`6360-6369`
   - 协议:`TCP`

⚠️ 重要安全提示
1. 建议修改防火墙规则为白名单模式:
netsh advfirewall firewall set rule name="ERP_6360" new remoteip=202.96.128.100/32
2. 定期检查未授权访问日志:
Get-WinEvent -FilterHashtable @{LogName='Security'; ID=5157} | Where-Object {$_.Message -match '6360'}

```

点赞
No Tag
最后编辑:2025年3月24日

发表回复

电子邮件地址不会被公开。必填项已用 * 标注