Windows 10中的管理端口排除是什么? [英] What is Administered port exclusions in windows 10?

问题描述

我在Windows 10中启用了hyper-v.当我检查排除的端口时，我得到:

I have hyper-v enabled in windows 10. When I check the excluded ports, I get:

C:\> netsh interface ipv4 show excludedportrange protocol=tcp

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
      5357        5357
      9800        9800
      9801        9801
     49671       49770
     49871       49970
     50000       50059     *
     61117       61216
     61220       61319
     61902       62001

* - Administered port exclusions.

为什么Hyper-V保留这些端口?

受管理的端口排除项(即50000-50059范围)与其他端口排除项有何不同?

例如，当我尝试在golang中使用net.Listen()对所有这些端口执行ping操作时，除50000-50059外的所有端口均返回错误:

For example, when i tried to ping to all these ports using a net.Listen() in golang, all ports except 50000-50059 returns error:

listen tcp 127.0.0.1:9801: bind: An attempt was made to access a socket in a way forbidden by its access permissions. 

推荐答案

在Windows 10中，有时会因特定端口而出错:

In windows 10, sometimes we get an error for a particular port:

Ports are not available: listen tcp 0.0.0.0:55555: bind: An attempt was made to access a socket in a way forbidden by its access permissions. 

当看到此错误时，我们的第一个直觉是某种方式我们需要的端口正在被另一个应用程序使用.因此，如果我们检查正在使用的端口:

When seeing this error, our first instinct will be that somehow the port we need is being used by another application. So if we check for ports in use:

netstat -aon | find "55555"

但是结果可能表明该端口尚未被使用.

But the result may show that the port was not already being used.

那么问题可能是Windows保留了一些端口，它们是我们不能用于其他目的的排除端口.我们可以使用以下命令列出这些端口:

Then the problem may be that Windows reserves some ports, they are the excluded ports which we cannot use for our other purposes. We can list those ports with the command:

C:\Users\Xyz> netsh interface ipv4 show excludedportrange protocol=tcp

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
      1031        1130
      1131        1230
      1231        1330
      1331        1430
      1431        1530
      1561        1660
      2363        2462
      2463        2562
      2563        2662
      2663        2762
      2763        2862
      2863        2962
      5357        5357
     50000       50099     *
     55500       55599
 
* - Administered port exclusions.

为什么Windows保留了这些端口?

Why windows reserves these ports?

• 这些端口可能由于已确定的病毒/恶意软件活动而被Microsoft阻止.
• 我们在Windows更新后遇到了这种情况.然后，我们安装了下一个更新并重新启动了计算机.这次范围更改了，我们的端口可用了.
• 有时是启用的Hyper-V功能(我们将其用于Windows的docker安装).

还有其他原因.

但是，如果我们尝试使用以下命令(甚至以管理员身份)删除端口范围排除项，则会返回错误消息，表明它对此没有权限.

But If we try to delete a port range exclusion with the following command (even as administrator), it will return an error saying that it doesn't have permission for this.

netsh int ipv4 delete excludedportrange protocol=tcp startport=55500 numberofports=100

如果Hyper-V引入了端口排除功能，那么最终我们有两种可能的解决方案(可能还有其他解决方案):

If the port exclusion is introduced by Hyper-V, we have two possible solutions in the end (there may be others):

• 更改我们尝试使用的端口.新端口应该是不包含在排除范围之内的.

• Change the port that we were trying to use. The new port should be something that doesn't comes under the exclusions.

禁用Hyper-V，保留供我们使用的端口范围，然后再次启用Hyper-V.

Disable Hyper-V, reserve a port range for our use, then enable Hyper-V again.

1.禁用Hyper-V

方法1-Windows功能工具:

在控制面板"中->选择程序和功能->选择打开或关闭Windows功能"->取消选中选项Hyper-V->申请

In Control Panel -> select Programs and Features -> Select 'Turn Windows features on or off' -> Uncheck the option Hyper-V -> Apply

方法2-通过Powershell:

以管理员身份打开Powershell并运行命令:

Open Powershell (as admin) and run the command:

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All

方法3-通过命令提示符:

打开命令提示符(以管理员身份)并运行命令:

Open Command prompt (as admin) and run the command:

dism.exe /Online /Disable-Feature:Microsoft-Hyper-V

此后将需要重新启动系统.

A system reboot will be required after this.

2.保留您想要的端口(范围)，以便hyper-v不会保留它.

重新启动后，如果我们尝试列出端口排除项，则可以看到某些范围现在不存在(特别是我们想要的范围).现在保留我们需要的端口范围:

After that reboot, if we try listing the port exclusions, we can see that some of ranges are not there now (especially, those the one which we want). Now reserve the port range we need:

netsh int ipv4 add excludedportrange protocol=tcp startport=55500 numberofports=100

3.重新启用Hyper-V

您也可以使用上述所有三种方法来启用该功能.例如，用dism显示一个:

You can use the all the three methods mentioned above to enable the feature too. For example, showing one with dism:

dism.exe /Online /Enable-Feature:Microsoft-Hyper-V /All

这还需要重新启动系统.

This will also require a system reboot.

当系统恢复正常时，请尝试再次列出端口排除项.

When your system is back, try listing the port exclusions again.

这里发生的是，指定的端口范围已添加到管理的端口排除中.这意味着我们出于我们的目的保留了它.

What happens here is that the specified port range was added to Administered port exclusions. That means we reserved it for our purposes.

完成此操作后，Hyper-V足够智能，可以在我们预先保留的范围内启动其自己的保留范围(注意，结果低于55500–55599的范围受保护):

After doing this, Hyper-V is smart enough to start it’s own reserved ranges around our pre-reserved ranges (notice in the result below the range from 55500–55599 is protected ) :

C:\Users\Xyz> netsh interface ipv4 show excludedportrange protocol=tcp

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
      1031        1130
      1131        1230
      1231        1330
      1331        1430
      1431        1530
      1561        1660
      2363        2462
      2463        2562
      2563        2662
      2663        2762
      2763        2862
      2863        2962
      5357        5357
     50000       50099     *
     55500       55599     *

* - Administered port exclusions.

现在，您将能够成功绑定到该范围内的端口.

Now you will be able to bind to a port in that range successfully.

因此，基本上，管理端口排除项是我们可以添加以保留一些端口供我们使用的那些排除项.

So basically, Administered port exclusions are those exclusions that we can add to reserve some ports for our use.

这篇关于Windows 10中的管理端口排除是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！