AWS and Azure Multi-Port Forward Setup and Configuration

Estimated Deployment Time: 10 Minutes

The Basics

Port forwarding (or port address translation/PAT) is essentially a way to change a network traffic's destination port using a forward proxy.

Network address translation (NAT) works by redirecting inbound traffic—which comes to a public IP—toward internal, private IP addresses. This process reverses seamlessly when your internal IPs need to talk back to the outside world.

Why Do You Need It?

Our Multi-Port Forward Server handles both NAT and PAT when you need to redirect multiple traffic streams simultaneously. You'll find this especially helpful when:

1. You have several internal servers listening on the same port, but they all need to be exposed to the internet through a single IP.
2. You can only whitelist one IP address, but you need to access multiple external hosts.
3. You need external access to internal systems, but the traffic has to pass through port 443 or 80 to get past restrictive network firewalls.

How It Works

In this guide, we'll set up a single Multi-Port Forward Server that proxies inbound traffic to various hosts, both inside and outside your network.

Let's look at an example setup:

• A VPC or subscription running on a 172.31.0.0/16 CIDR.
• Two subnets:
  • A private one without internet access (172.31.1.0/24).
  • A public one with an internet gateway (172.31.0.0/24).
• A Redshift cluster in your private subnet, listening on its default port 5439.
• An Ubuntu server in the private subnet, waiting for SSH connections on port 22.
• The Multi-Port Forward Server running in the public subnet, listening on ports 443, 80, 53, and 22.

Here's how traffic will flow:

• Incoming traffic on port 443 goes to the Redshift server on port 5439.
• Incoming traffic on port 80 goes to the Ubuntu server on port 22.
• Incoming traffic on port 53 heads out to an external host (like portquiz.net) on port 3389.

You just need to configure your VPC security group or NSG to allow inbound traffic on ports 443, 80, 53, and 22 from trusted IPs, and allow ports 5439 and 22 from the public subnet into the private one.

Deployment Steps

1. Launch the Multi-Port Forward Server (for AWS or Azure) from the marketplace into your public subnet.
2. For AWS users: Make sure to disable source/destination checks on the instance.
3. SSH into the server.
4. Edit the configuration file located at /etc/multiportforward/multiportforward.config. You'll need to set the SPORT (source port), DHOST (destination host), DPORT (destination port), and PROTOCOL. Use descriptive key names without spaces.
5. Save the file and reboot your server.

That's it! Your server is now correctly forwarding traffic to Redshift, Ubuntu, and external services.

Verifying the Setup

Test your Redshift connection using psql:

psql -h ec2-12-34-56-78.compute-1.amazonaws.com -U awsuser -d dev -p 443

Check your Ubuntu SSH access:

ssh -i ~/.ssh/Ubuntu.pem [email protected] -p 80

Troubleshooting

Traffic isn't flowing?

• Double-check your security groups to ensure inbound traffic is allowed on the required ports.
• Review your ACLs to verify outbound traffic isn't blocked.
• In AWS, ensure you've disabled source/destination checks.

Frequently Asked Questions

Does the server support all regions?
Yes, we support every region.

Should I deploy this using my root account?
No, it's always safer to use a non-root user account for deployments.

Does the appliance decrypt my traffic?
Never. The Multi-Port Forward Server routes traffic but does not decrypt anything in transit or at rest.

What size EC2 instance do I need?
A t3.medium works great for most production workloads.

How do I apply software updates?
The server automatically applies necessary updates whenever it reboots.