什么是 Windows 10 中的受管端口排除? [英] What is Administered port exclusions in windows 10?

问题描述

我在 Windows 10 中启用了 hyper-v.当我检查排除的端口时，我得到:

I have hyper-v enabled in windows 10. When I check the excluded ports, I get:

C:> netsh interface ipv4 show excludedportrange protocol=tcp

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
      5357        5357
      9800        9800
      9801        9801
     49671       49770
     49871       49970
     50000       50059     *
     61117       61216
     61220       61319
     61902       62001

* - Administered port exclusions.

为什么 Hyper-V 保留这些端口?

托管端口排除(即范围 50000-50059)与其他端口排除有何不同?

例如，当我尝试在 golang 中使用 net.Listen() ping 到所有这些端口时，除 50000-50059 之外的所有端口都返回错误:

For example, when i tried to ping to all these ports using a net.Listen() in golang, all ports except 50000-50059 returns error:

listen tcp 127.0.0.1:9801: bind: An attempt was made to access a socket in a way forbidden by its access permissions. 

推荐答案

在 Windows 10 中，有时我们会收到特定端口的错误:

In windows 10, sometimes we get an error for a particular port:

Ports are not available: listen tcp 0.0.0.0:55555: bind: An attempt was made to access a socket in a way forbidden by its access permissions. 

当看到这个错误时，我们的第一反应会是我们需要的端口不知何故被另一个应用程序使用了.因此，如果我们检查正在使用的端口:

When seeing this error, our first instinct will be that somehow the port we need is being used by another application. So if we check for ports in use:

netstat -aon | find "55555"

但结果可能显示该端口尚未被使用.

But the result may show that the port was not already being used.

那么问题可能是Windows保留了一些端口，它们是我们不能用于其他目的的排除端口.我们可以使用以下命令列出这些端口:

Then the problem may be that Windows reserves some ports, they are the excluded ports which we cannot use for our other purposes. We can list those ports with the command:

C:UsersXyz> netsh interface ipv4 show excludedportrange protocol=tcp

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
      1031        1130
      1131        1230
      1231        1330
      1331        1430
      1431        1530
      1561        1660
      2363        2462
      2463        2562
      2563        2662
      2663        2762
      2763        2862
      2863        2962
      5357        5357
     50000       50099     *
     55500       55599
 
* - Administered port exclusions.

为什么windows会保留这些端口?

Why windows reserves these ports?

• 这些端口可能因识别出病毒/恶意软件活动而被 Microsoft 阻止.
• 我们在 Windows 更新后遇到了这种情况.然后我们安装了下一个更新并重新启动了机器.这次范围发生了变化，我们的端口可用.
• 有时是启用的 Hyper-V 功能(我们为 docker-for-windows 安装启用它)执行此操作.

可能还有其他原因.

但是如果我们尝试使用以下命令(即使以管理员身份)删除端口范围排除，它会返回一个错误，说它没有权限.

But If we try to delete a port range exclusion with the following command (even as administrator), it will return an error saying that it doesn't have permission for this.

netsh int ipv4 delete excludedportrange protocol=tcp startport=55500 numberofports=100

如果端口排除是Hyper-V引入的，我们最终有两种可能的解决方案(可能还有其他):

If the port exclusion is introduced by Hyper-V, we have two possible solutions in the end (there may be others):

• 更改我们尝试使用的端口.新端口应该不在排除范围内.

• Change the port that we were trying to use. The new port should be something that doesn't comes under the exclusions.

禁用 Hyper-V，保留一个端口范围供我们使用，然后再次启用 Hyper-V.

Disable Hyper-V, reserve a port range for our use, then enable Hyper-V again.

1.禁用 Hyper-V

方法 1 - Windows 功能工具:

在控制面板中 ->选择程序和功能->选择打开或关闭 Windows 功能"->取消选中选项 Hyper-V ->申请

In Control Panel -> select Programs and Features -> Select 'Turn Windows features on or off' -> Uncheck the option Hyper-V -> Apply

方法 2 - 通过 Powershell:

打开 Powershell(以管理员身份)并运行命令:

Open Powershell (as admin) and run the command:

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All

方法 3 - 通过命令提示符:

打开命令提示符(以管理员身份)并运行命令:

Open Command prompt (as admin) and run the command:

dism.exe /Online /Disable-Feature:Microsoft-Hyper-V

之后需要重新启动系统.

A system reboot will be required after this.

<强>2.保留你想要的端口(范围)，这样 hyper-v 就不会保留它.

重启后，如果我们尝试列出端口排除项，我们可以看到一些范围现在不存在(尤其是那些我们想要的范围).现在保留我们需要的端口范围:

After that reboot, if we try listing the port exclusions, we can see that some of ranges are not there now (especially, those the one which we want). Now reserve the port range we need:

netsh int ipv4 add excludedportrange protocol=tcp startport=55500 numberofports=100

3.重新启用 Hyper-V

您也可以使用上述所有三种方法来启用该功能.例如，用 dism 显示一个:

You can use the all the three methods mentioned above to enable the feature too. For example, showing one with dism:

dism.exe /Online /Enable-Feature:Microsoft-Hyper-V /All

这也需要重新启动系统.

This will also require a system reboot.

当您的系统恢复后，再次尝试列出端口排除项.

When your system is back, try listing the port exclusions again.

这里发生的情况是指定的端口范围被添加到管理的端口排除.这意味着我们为我们的目的保留了它.

What happens here is that the specified port range was added to Administered port exclusions. That means we reserved it for our purposes.

完成此操作后，Hyper-V 足够聪明，可以在我们预先保留的范围周围启动它自己的保留范围(请注意，55500–55599 范围下方的结果是受保护的):

After doing this, Hyper-V is smart enough to start it’s own reserved ranges around our pre-reserved ranges (notice in the result below the range from 55500–55599 is protected ) :

C:UsersXyz> netsh interface ipv4 show excludedportrange protocol=tcp

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
      1031        1130
      1131        1230
      1231        1330
      1331        1430
      1431        1530
      1561        1660
      2363        2462
      2463        2562
      2563        2662
      2663        2762
      2763        2862
      2863        2962
      5357        5357
     50000       50099     *
     55500       55599     *

* - Administered port exclusions.

现在您将能够成功绑定到该范围内的端口.

Now you will be able to bind to a port in that range successfully.

所以基本上，托管端口排除是我们可以添加以保留一些端口供我们使用的那些排除.

So basically, Administered port exclusions are those exclusions that we can add to reserve some ports for our use.

这篇关于什么是 Windows 10 中的受管端口排除?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！