Netsh Routing IP NAT Context Commands

Applies To: Windows Server 2008, Windows Server 2008 R2

The following commands are specific to the routing IP NAT context within the Netsh environment.

To view the command syntax, click a command:

• dump

• install

• uninstall

Add commands

• add addressmapping

• add addressrange

• add ftp

• add interface

• add portmapping

Delete commands

• delete addressmapping

• delete addressrange

• delete ftp

• delete interface

• delete portmapping

Set commands

• set global

• set interface

Show commands

• show global

• show interface

Netsh commands for routing IP NAT

The following entries provide details for each command.

dump

Displays the Network Address Translation (NAT) configuration of a remote access server in script form.

Syntax

dump

Remarks

• You can dump the contents of the current configuration to a file that can be used to restore altered configuration settings.

Example

The following commands save the current configuration as a script in the c:\test\natcfg.dmp file.

• From the command prompt:

  netsh routing ip nat dump > c:\test\natcfg.dmp

• From the netsh routing ip nat context prompt:

  set file open c:\test\natcfg.dmp

  dump

  set file close

You can use the netsh exec command to run the script created by the netsh dump command.

add addressmapping

Adds an IPv4 address mapping to the NAT address pool for the specified interface.

Syntax

add addressmapping

[ name = ] InterfaceName

[ public = ] IPAddress

[ private = ] IPAddress

[ inboundsessions = ] { enable | disable }

Parameters

• [ name = ] InterfaceName
  Required. Specifies, by name, the interface on which you want to use network address translation. The InterfaceName parameter must match the name of the interface as specified in Network Connections. If InterfaceName contains spaces, use quotation marks around the text (for example, "Interface Name").

• [ public = ] IPAddress
  Required. Specifies the IPv4 address used on a public network.

• [ private = ] IPAddress
  Required. Specifies the IPv4 address in the pooled range of addresses available for use on the private network.

• [ inboundsessions = ] { enable | disable }
  Required. Specifies whether inbound sessions are enabled or disabled.

Example

To map the public IP address 11.11.11.1 to the private IP address 10.10.10.1 and to disable inbound sessions for this NAT table mapping, type:

add addressmapping name="Local Area Connection" 11.11.11.1 10.10.10.1 disable

add addressrange

Adds an address range to the NAT address pool for the specified interface.

Syntax

add addressrange

[ name = ] InterfaceName

[ start = ] IPAddress

[ end = ] IPAddress

[ mask = ] SubnetMask

Parameters

• [ name = ] InterfaceName
  Required. Specifies, by name, the interface to whose address pool you want to add an address range. The InterfaceName parameter must match the name of the interface as specified in Network Connections. If InterfaceName contains spaces, use quotation marks around the text (for example, "Interface Name").

• [ start = ] IPAddress
  Required. Specifies the starting IPv4 address for the address range.

• [ end = ] IPAddress
  Required. Specifies the ending IPv4 address for the address range.

• [ mask = ] SubnetMask
  Required. Specifies the IPv4 subnet mask associated with the network range bounded by the start and end IPv4 addresses.

Example

To add an address range to the NAT address pool with addresses 10.10.10.1 to 10.10.10.100 and a subnet mask of 255.255.255.0, type:

add addressrange name="Local Area Connection" 10.10.10.1 10.10.10.100 255.255.255.0

add ftp

Enables the FTP proxy on the NAT server.

Syntax

add ftp

add interface

Enables NAT on the specified interface.

Syntax

add interface

[ name = ] InterfaceName

[ [ mode = ] { full | addressonly | private } ]

Parameters

• [ name = ] InterfaceName
  Required. Specifies, by name, the interface on which you want to enable NAT. The InterfaceName parameter must match the name of the interface as specified in Network Connections. If InterfaceName contains spaces, use quotation marks around the text (for example, "Interface Name").

• [ [ mode = ] { full | addressonly | private } ]
  Specifies whether the interface uses full, addressonly, or private mode.

  • full specifies that full (address and port) translation mode is enabled.

  • addressonly specifies that address-only translation mode is enabled.

  • private specifies that private mode is enabled.

Example

To add NAT with both address and port translation enabled on the Local Area Connection interface, type:

add interface "Local Area Connection" full

add portmapping

Adds a protocol port mapping on the specified NAT-enabled interface.

Syntax

add portmapping

[ name = ] InterfaceName

[ proto = ] { tcp | udp }

[ publicip = ] { IPAddress | 0.0.0.0 }

[ publicport = ] Integer

[ privateip = ] IPAddress

[ privateport = ] Integer

Parameters

• [ name = ] InterfaceName
  Required. Specifies, by name, the interface for which you want to add a port mapping. The InterfaceName parameter must match the name of the interface as specified in Network Connections. If InterfaceName contains spaces, use quotation marks around the text (for example, "Interface Name").

• [ proto = ] { tcp | udp }
  Required. Specifies whether the port mapping is for TCP or UDP.

• [ publicip = ] { IPAddress | 0.0.0.0 }
  Required. Specifies an external IPv4 address on the public network or 0.0.0.0 to indicate any IPv4 address not specified within the private network address range.

• [ publicport = ] Integer
  Required. Specifies the public protocol port by using a number from zero to 9999.

• [ privateip = ] IPAddress
  Required. Specifies an IPv4 address within the private network range.

• [ privateport = ] Integer
  Required. Specifies the private protocol port by using a number from zero to 9999.

Example

To add a port mapping of from any public IPv4 address, protocol type tcp, public port 80, to the private IPv4 address 10.0.0.1, port 80, type:

add portmapping name="Local Area Connection" tcp 0.0.0.0 80 10.0.0.1 80

delete addressmapping

Deletes an address mapping from the NAT address pool for the specified interface.

Syntax

delete addressmapping

[ name = ] InterfaceName

[ [ public = ] IPAddress ]

Parameters

• [ name = ] InterfaceName
  Required. Specifies, by name, the interface for which you want to delete an address mapping. The InterfaceName parameter must match the name of the interface as specified in Network Connections. If InterfaceName contains spaces, use quotation marks around the text (for example, "Interface Name").

• [ public = ] IPAddress
  Specifies the IPv4 address to be deleted. If you do not specify an address, all address mappings from the NAT address pool are deleted from the interface.

Example

To delete the mapping to 11.11.11.1 from the NAT interface address pool for the specified interface, type:

delete addressmapping "Local Area Connection" 11.11.11.1

delete addressrange

Deletes an address range from the Network Address Translation (NAT) address pool for the specified interface.

Syntax

delete addressrange

[ InterfaceName = ] InterfaceName

[ start = ] IPAddress

Parameters

• [ name = ] InterfaceName
  Required. Specifies, by name, the interface from which you want to delete an address range. The InterfaceName parameter must match the name of the interface as specified in Network Connections. If InterfaceName contains spaces, use quotation marks around the text (for example, "Interface Name").

• [ start = ] IPAddress
  Required. Specifies the starting IPv4 address of the range you want to delete.

Example

To delete an address range from the NAT address pool that begins with address 10.10.10.1, type:

delete addressrange name="Local Area Connection" 10.10.10.1

delete ftp

Disables the FTP proxy on the NAT server.

Syntax

delete ftp

delete interface

Removes NAT from the specified interface.

Syntax

delete interface

[ name = ] InterfaceName

Parameters

• [ name = ] InterfaceName
  Required. Specifies, by name, the interface for which you want to remove the use of NAT. The InterfaceName parameter must match the name of the interface as specified in Network Connections. If InterfaceName contains spaces, use quotation marks around the text (for example, "Interface Name").

Example

To remove NAT from the Local Area Connection interface, type:

delete interface "Local Area Connection"

delete portmapping

Deletes a protocol port mapping from the specified NAT-enabled interface.

Syntax

delete portmapping

[ name = ] InterfaceName

[ proto = ] { tcp | udp }

[ publicip = ] { IPAddress | 0.0.0.0 }

[ publicport = ] Integer

Parameters

• [ name = ] InterfaceName
  Required. Specifies, by name, the interface for which you want to delete a port mapping. The InterfaceName parameter must match the name of the interface as specified in Network Connections. If InterfaceName contains spaces, use quotation marks around the text (for example, "Interface Name").

• **[ proto ** ] { tcp | udp }
  Required. Specifies the protocol type. The tcp parameter specifies that the protocol type is Transmission Control Protocol. The udp parameter specifies that the protocol type is User Datagram Protocol.

• [ publicip = ] { IPAddress | 0.0.0.0 }
  Required. Specifies an external IPv4 address on the public network or 0.0.0.0 to indicate any IP address not specified within the private network address range.

• [ publicport = ] Integer
  Required. Specifies the public protocol port by using a number from zero to 9999.

Example

To remove a port mapping from a NAT-enabled interface, type:

delete portmapping name="Local Area Connection" tcp 0.0.0.0 80

set global

Sets global parameters for NAT.

Syntax

set global

[ [ tcptimeoutmins = ] Integer ]

[ [ udptimeoutmins = ] Integer ]

[ [ loglevel = ] { none | error | warn | info } ]

Parameters

• [ tcptimeoutmins = ] Integer
  Specifies, in minutes, the timeout value for TCP mappings. Note: If this option is specified with no value then the value is set to 0.

• [ udptimeoutmins = ] Integer
  Specifies, in minutes, the timeout value for UDP mappings.

• [ loglevel = ] { none | error | warn | info }
  Specifies which events should be logged.

  • none specifies that no events related to NAT should be logged.

  • error specifies that only errors related to NAT should be logged.

  • warn specifies that both errors and warnings related to NAT should be logged.

  • info specifies that all events related to NAT should be logged.

Example

To set global NAT parameters to be 1 day (1440 minutes) for TCP mappings timeout, 1 minute for UDP mappings timeout, and NAT error logging only, type:

set global tcptimeoutmins=1440 udptimeoutmins=1 loglevel=error

set interface

Configure NAT parameters for the specified interface.

Syntax

set interface

[ name = ] InterfaceName

[ mode = ] { full | addressonly | private }

Parameters

• [ name = ] InterfaceName
  Required. Specifies, by name, the interface for which you want to configure parameters. The InterfaceName parameter must match the name of the interface as specified in Network Connections. If InterfaceName contains spaces, use quotation marks around the text (for example, "Interface Name").

• [ mode = ] { full | addressonly | private }
  Required. Specifies whether the interface should be enabled for full, addressonly, or private mode.

  • full specifies that full (address and port) translation mode is enabled.

  • addressonly specifies that address-only translation mode is enabled.

  • private specifies that private mode is enabled.

Example

To configure NAT with address and port translation enabled on the Local Area Connection interface, type:

set interface "Local Area Connection" full

show global

Displays the NAT global configuration.

Syntax

show global

show interface

Displays the NAT configuration for the specified interface. Used without parameters, show interface displays NAT configuration information for all interfaces.

Syntax

show interface

[ name = ] InterfaceName

Parameters

• [ name = ] InterfaceName
  Required. Specifies, by name, the interface for which you want to display information. The InterfaceName parameter must match the name of the interface as specified in Network Connections. If InterfaceName contains spaces, use quotation marks around the text (for example, "Interface Name").

install

Installs the NAT routing component for IPv4.

Syntax

install

uninstall

Removes the NAT routing component from IPv4.

Syntax

uninstall