I have found a few questions similar to this but none of which could answer the question properly.
I have 5 Windows Server 2016 VM's, all with a public NIC as well as private NIC. I want to remove the public nic's from all but 1 server and have it act as a firewall for the internal servers and then only allow specific traffic through, e.g. Port 80/443 for Web, etc. which then gets forwarded to the correct server (e.g. Web Server, SIP Server, etc).
One main objective is that I require UDP traffic to also be routed due to SIP so I am unable to make use of netsh like in this post.
This post here is pretty much exactly what I'm also trying to do except he never received an answer. I have tried to set up RRAS with little to no luck and have been stuck on this for days without being able to find an answer so any help or advice would be greatly appreciated.
Best Answer
It actually turned out to be embarrassingly simple.
Installed Routing and Remote Access Service (RRAS) with Network Address Translation (NAT). Once installed, it's simply a case of opening the correct port on the firewall and adding the port redirection rule which works for both TCP and UDP.
It comes with most common ports already configured, you just need to pop in the remote server details and for more complex routing (like RDS), you simply add your own config.
Here's a link to configuring RRAS on server 2016. In step 6, simply select NAT instead of VPN and you'll easily find your way from there. The configuration for the ports opens when you go to IPv4, select NAT and then right click your public interface and select options.
Hope this helps someone somewhere in the future.