How to Expose Any Local Port to Your Network on Windows (Using netsh)
Ever been in this situation? You've just spun up a local server on your Windows machineβmaybe a slick FastAPI app, a bleeding-edge ComfyUI instance for AI generation, or a robust ERPNext bench. It works flawlessly when you hit http://127.0.0.1:8900 in your browser.
But the moment you try to access it from your phone, your MacBook, or your buddy's PC on the same WiFi... π¦ crickets. Nothing loads.
Don't panic! This guide will show you exactly how to fix this networking headache using netshβa powerful, built-in Windows networking tool that requires absolutely zero installation.
β±οΈ Time to Complete: ~ 5 Minutes
π― What Youβll Achieve
- Understand why local servers are hidden from other devices.
- Learn how to map your localhost (
127.0.0.1) to your network IP. - Configure Windows Firewall to safely allow incoming traffic.
- Access your local web apps from any device on your local network!
π΅οΈββοΈ Why Can't Other Devices See Your Local Server?
When a server listens on 127.0.0.1, it is bound to the loopback interfaceβa virtual network card that only your own machine can use. By design, it is completely invisible to the outside world for security reasons.
| Address | Who can reach it? |
|---|---|
127.0.0.1 (localhost) | π Only your own machine |
192.168.x.x (local IP) | π’ Any device on the same network |
Think of it like a house: 127.0.0.1 is your internal home intercom system. Your local IP (192.168.x.x) is the front door that guests can actually knock on. By using netsh portproxy, we are essentially building a bridge between the front door and the intercom! π
π Before You Begin: Find Your Local IP Address
First things first, let's find your "front door" address. Open up PowerShell or CMD and run:
ipconfig
Look for the IPv4 Address under your active adapter (WiFi or Ethernet). It will look something like 192.168.1.105. Copy this downβyou'll need it shortly! π
β οΈ Important: All commands in this guide must be run with Administrator privileges.
Right-click your Start button β select "Terminal (Admin)" or "Windows PowerShell (Admin)".
π οΈ Step 1 β Create a Port Proxy Rule
This step tells Windows: "Hey, if any connection arrives on port 8900 from the network, forward it straight to 127.0.0.1:8900."
Run this command:
netsh interface portproxy add v4tov4 listenport=8900 listenaddress=0.0.0.0 connectport=8900 connectaddress=127.0.0.1
What is happening here? π€
v4tov4: Forwarding IPv4 traffic to an IPv4 address.listenport=8900: The port to listen on (change this to whatever port your app uses).listenaddress=0.0.0.0: Listen on all network interfaces.connectport=8900: The local port to forward traffic to.connectaddress=127.0.0.1: Your local server address.
π‘ Pro tip: Make sure to replace
8900with your actual port number throughout this guide.
π‘οΈ Step 2 β Allow the Port Through Windows Firewall
The portproxy rule is active, but the strict Windows Defender Firewall might still act as a bouncer and block incoming connections. Let's add an inbound firewall rule to let the traffic through:
netsh advfirewall firewall add rule name="Port 8900" dir=in action=allow protocol=TCP localport=8900
Note: Giving the rule a descriptive name like
"Port 8900"makes it incredibly easy to find and delete later when you're done testing.
β Step 3 β Verify the Rule Was Created
Let's double-check that our portproxy rule was successfully registered before we start testing:
netsh interface portproxy show all
You should see an output that looks like this:
Listen on ipv4: Connect to ipv4:
Address Port Address Port
--------------- ---------- --------------- ----------
0.0.0.0 8900 127.0.0.1 8900
If your rule is sitting happily in that table, you're ready for the magic! β¨
π± Step 4 β Test From Another Device
Grab your phone, tablet, or another laptop connected to the same WiFi network. Open your favorite browser and navigate to:
http://192.168.1.105:8900
(Remember to replace 192.168.1.105 with the IP you found in the ipconfig step!)
Boom! π Your local service should now be perfectly accessible across your entire network.
π§Ή Cleanup β Removing the Rules When You're Done
Port proxy rules persist across reboots. For security hygiene, it's best to clean them up once you no longer need external access.
1. Remove the portproxy rule:
netsh interface portproxy delete v4tov4 listenport=8900 listenaddress=0.0.0.0
2. Remove the firewall rule:
netsh advfirewall firewall delete rule name="Port 8900"
3. Verify everything is cleared:
netsh interface portproxy show all
π Troubleshooting
β Still can't connect from another device?
Check that your server itself isn't strictly bound to 127.0.0.1. Some frameworks bind to localhost by default and might reject the forwarded connection. Look for a --host or --bind flag when starting your server:
# FastAPI / uvicorn
uvicorn app:main --host 0.0.0.0 --port 8900
# Python built-in HTTP server
python -m http.server 8900 --bind 0.0.0.0
Wait, if you can bind directly to 0.0.0.0 inside your app, you can actually skip the netsh portproxy step entirely and just do the firewall rule! π
π« Getting "Access Denied" when running netsh?
You must run your terminal as Administrator! Right-click your terminal app and select "Run as administrator".
π§ Want to confirm something is listening on the port?
Run this on your Windows machine to check active ports:
netstat -ano | findstr :8900
If you see a line with LISTENING, your server is up. If not, your application might have crashed.
π€Ή Multiple portproxy rules causing conflicts?
To reset and completely delete all portproxy rules at once:
netsh interface portproxy reset
π Quick Command Reference
| Task | Command |
|---|---|
| Add proxy rule | netsh interface portproxy add v4tov4 listenport=PORT listenaddress=0.0.0.0 connectport=PORT connectaddress=127.0.0.1 |
| Add firewall rule | netsh advfirewall firewall add rule name="Port PORT" dir=in action=allow protocol=TCP localport=PORT |
| View all rules | netsh interface portproxy show all |
| Delete proxy rule | netsh interface portproxy delete v4tov4 listenport=PORT listenaddress=0.0.0.0 |
| Delete firewall rule | netsh advfirewall firewall delete rule name="Port PORT" |
| Reset all rules | netsh interface portproxy reset |
π Summary
In just two simple commands, you can make any locally running service accessible to every device on your network without installing third-party tools like ngrok. The netsh interface portproxy command seamlessly handles the traffic forwarding, and netsh advfirewall ensures Windows Defender doesn't block the connection.
Happy coding, and don't forget to clean up your rules! π»π
Related posts
Everything a Developer Should Know About Ollama - Part 1
Learn what Ollama is, how it differs from Llama, how local AI models are packaged, and where Ollama fits in a developer workflow.
Guide to Frappe PDF Generation & Fixing wkhtmltopdf Meta
Getting the "Invalid wkhtmltopdf version" error in Frappe or ERPNext? Learn how to fix broken PDFs, install the patched Qt version, and switch to headless Chrome for pixel-perfect modern CSS and custom font support.
How to Fix Claude Code Extension Not Working in VS Code
Getting the claude-vscode.editor.openLast not found error after updating Claude Code? This step-by-step guide shows you how to roll back to a stable version and get Claude working again in 5 minutes.