netsh requires IP Helper service to be active and IPv6 support enabled.

netsh interface portproxy add v4tov4 listenport=4455 listenaddress=10.11.0.22 connectport=445 connectaddress=192.168.1.110
  • listenaddress / listenport: The IP address & port open to the attacker machine
  • connectaddress / connectport: The IP address & port normally inaccessible to the attacker machine

Unlike SSH local port forwarding, this setup doesn’t require special setup on the local (attacker) machine’s part.

If Windows Firewall is in the way (and you have SYSTEM privileges), use this to overcome it (use listener’s address for localip/port):

netsh advfirewall firewall add rule name="forward_port_rule" protocol=TCP dir=in localip=10.11.0.22 localport=4455 action=allow