При работе с серверными операционными системами часто возникает необходимость предоставить программе или модулю доступ к сети, чтобы ПО могло получать необходимые данные извне. Для этого требуется открыть порт. Задача непростая, особенно для новичка, поскольку существует множество подводных камней (но если вы решили купить Windows Server, то вам придется в них разобраться). Сделать это можно несколькими способами. Рассмотрим один из них, чтобы более подробно осветить вопрос того, что такое открытие портов на Windows Server 2012 R2.
_04.jpg)
Открытие порта через брандмауэр
Открыть порт в серверной Windows можно через встроенную систему безопасности брандмауэр. Для этого вам необходимо зайти в Панель управления, выбрать пункт «Системы и безопасность» и открыть соответствующее меню. Затем переходите в дополнительные настройки и выполните следующие шаги:
- выберите пункт «Правила для входящих подключений»;
- нажмите на кнопку «Создать правило»;
- укажите тип правила и перейдите в следующее меню;
- укажите требуемый для открытия тип порта (например, тут можно как открыть порт TCP, так и после изменить его);
- перейдите в «Локальные порты» и введите его значение (цифры);
- на следующей странице «Действие» подтвердите соединение соответствующей кнопкой;
- на следующей вкладке «Профиль» укажите параметры рабочей среды;
- затем введите «Имя» и нажимаем «Готово»;
- перезагрузите ПК.
Все готово, вы открыли порт через брандмауэр.
Как изменить порт по умолчанию?
В ряде случаев у пользователей возникает необходимость не открыть, а поменять порт по умолчанию для протокола RDP (используется для удаленного соединения с сервером). Стандартный порт 3389 решает большинство задач, но все же иногда необходимо его поменять. Например, чтобы отвечать требованиям политики безопасности. Как это сделать в Windows Server 2012? Это осуществляется через редактирование реестра в ОС. Для этого выполните такие шаги:
- запустите командную строку (введите в поиске cmd и выберите соответствующий пункт);
- в новом окне введите команду regedit;
- в новом меню отыщите раздел RDP-Tcp;
- отыщите пункт PortNumber в правом окне и откройте его;
- введите в строку «Значение» новый порт для подключения по RDP (в правой части меню выберите десятичную систему);
- сохраните изменения.
При выборе номера порта учтите, что есть специальные категории занятых или служебных. Например, порты от 0 по 10213 заняты системными приложениями системы. А вот порты от 1024 по 49151 предназначены для частных задач пользователя. Также для приватных решений и работы с любыми приложениями на машине есть номера от 49162 по 65535. Если вы введете неправильный номер, то столкнетесь с проблемой, что в Windows Server не открывается порт.
Затем вам нужно создать правила для измененного порта. Это можно сделать через специальное меню брандмауэра в режиме повышенной безопасности. Для этого откройте Диспетчер Серверов и перейдите в меню «Средства». Затем перейдите в раздел «Правила для входящих подключений» и нажмите кнопку для создания правила (для порта). После укажите тип протокола (UDP или TCP), номер порта, указанный в реестре, и тип действия (в нашем случае нужно разрешить подключение). Затем укажите область действия. На финальном шаге введите название для правила и завершите процесс создания.
If you are running Windows Server 2012 R2, one of the tasks you may need to perform is to open ports so that network traffic can flow to and from your server. This can be necessary for things like running certain applications or hosting websites. In this blog post, we will explore how to open ports on Windows Server 2012 R2.
Video Tutorial:
What’s Needed
To open ports on Windows Server 2012 R2, you will need administrative access to the server and knowledge of which ports you want to open. You may also need to know the protocols associated with those ports.
What Requires Your Focus?
When opening ports on Windows Server 2012 R2, you will need to focus on security. Opening ports can expose your server to potential security threats, so it is important to only open the necessary ports and protocols, and to use best practices to secure your server.
Different Methods to Open Ports on Windows Server 2012 R2
Method 1: Windows Firewall with Advanced Security
To open ports using Windows Firewall with Advanced Security:
- Log in to the server as an administrator.
- Open Windows Firewall with Advanced Security by clicking on Start, then Control Panel, then System and Security, then Administrative Tools, then Windows Firewall with Advanced Security.
- In Windows Firewall with Advanced Security, click on Inbound Rules.
- Click on New Rule.
- In the New Inbound Rule Wizard, select Port and click Next.
- Select the protocol you want to use, enter the port number(s), and click Next.
- Select Allow the connection and click Next.
- Select which profile(s) to apply the rule to and click Next.
- Enter a name and description for the rule and click Finish.
Pros:
- Uses built-in Windows functionality
- Allows for granular control of which ports and protocols are open
Cons:
- Configuration can be complex for beginners
- May not be practical for large numbers of ports
Method 2: Command Line
To open ports using the command line:
- Log in to the server as an administrator.
- Open a Command Prompt with administrative privileges.
- Type the following command and press Enter to open a port for TCP traffic:
netsh advfirewall firewall add rule name="Open Port TCP [PORT NUMBER]" dir=in action=allow protocol=TCP localport=[PORT NUMBER]
- Type the following command and press Enter to open a port for UDP traffic:
netsh advfirewall firewall add rule name="Open Port UDP [PORT NUMBER]" dir=in action=allow protocol=UDP localport=[PORT NUMBER]
Pros:
- Can be scripted for easy configuration of large numbers of ports
- Fast and efficient
Cons:
- Requires knowledge of command line syntax
- No graphical user interface
Method 3: Third-Party Firewall
To open ports using a third-party firewall:
- Log in to the server as an administrator.
- Install and configure a third-party firewall solution that supports opening ports.
- Follow the instructions provided by the firewall solution to open ports.
Pros:
- May provide additional functionality beyond the built-in Windows firewall
- May be easier to use for beginners
Cons:
- Can be expensive
- May have a steeper learning curve for configuration than the built-in Windows firewall
There are several reasons why you may not be able to open ports on Windows Server 2012 R2:
1. Another Firewall Is Blocking Traffic
If you have another firewall installed on your server or network, it may be blocking traffic. Check to ensure that the firewall is configured to allow traffic on the port you want to open.
2. The Port Is Already in Use
If the port you want to open is already in use by another application or service, you will not be able to open it. Try using a different port.
3. You Don’t Have Administrative Access
You must have administrative access to open ports on Windows Server 2012 R2. If you do not have administrative access, you will need to contact your system administrator to open the ports for you.
Fixes:
If you cannot open ports on Windows Server 2012 R2 for one of the reasons listed above, try the following:
- Check to ensure that other firewalls are configured to allow traffic on the port you want to open.
- Try using a different port that is not already in use.
- Ensure that you have administrative access to the server.
Implications and Recommendations
Opening ports on Windows Server 2012 R2 can expose your server to potential security threats. It is important to only open the necessary ports and protocols, and to use best practices to secure your server. Some recommendations include:
- Use the built-in Windows Firewall with Advanced Security or another reputable firewall solution.
- Only open the ports and protocols that are necessary for your server to function.
- Configure your firewall to only allow traffic from trusted sources.
5 FAQs about Opening Ports on Windows Server 2012 R2
Q1: What Are Ports?
A1: Ports are virtual communication channels used by networked applications to exchange data over the internet or other networks. Different applications use different ports to communicate.
Q2: Do I Need to Open Ports on My Server?
A2: If you are running networked applications or hosting websites, you may need to open ports on your server to allow traffic to flow to and from your server.
Q3: How Do I Find Out Which Ports to Open?
A3: The application or service that requires the port to be opened should provide documentation or instructions on which ports need to be opened.
Q4: Can Opening Ports Expose My Server to Security Threats?
A4: Yes, opening ports can expose your server to potential security threats. It is important to only open the necessary ports and protocols, and to use best practices to secure your server.
Q5: Can I Open Ports for Both TCP and UDP Traffic?
A5: Yes, you can open ports for both TCP and UDP traffic using the methods outlined in this blog post.
Final Words
Opening ports on Windows Server 2012 R2 can be a necessary task, but it is important to do so responsibly and with security in mind. By following best practices and using the methods outlined in this blog post, you can safely and effectively open ports on your server.
All recent versions of Windows include the Windows Firewall utility. A firewall includes options for opening and closing ports, as well as allowing and disabling specific programs and services.
Computer resources can be protected from unauthorized access by firewalls on networks and servers. Incoming or even outgoing traffic is checked for by the firewall systems and in accordance with the rules configured, decisions are made about them.
Windows Firewall cannot access the port if it isn’t explicitly allowed. TCP/IP ports are reserved for applications whenever they want to access the network, which means anyone else cannot use them.
Also Read: How to Change RDP Port in Windows Server?
In Windows Server 2008/2012 R2/2016 and Windows Server 2019, there are three ways to open ports.
- MMC
- The command line (netsh)
- PowerShell commands (For 2012R2 and 2016 only)
So, you can open ports on Windows Server by following the instructions in the following article.
Open Ports via MMC
- Here first of all you have to log in using an admin account.
- Then you have to click on:
Start > Administrative Tools > Windows Firewall with Advanced Security
- Now you have to click on the Inbound Rules on the left of the MMC.
- Then click on the New Rule on the Right of the MMC.
- Now here you will get five steps to open a port and accept incoming connections:-
- Rule Type
- Protocol and Ports
- Action
- Profile
- Name
- Suppose for example the servers with Parallels RAS Publishing Agents will need to open TCP port 20002.
- Now under the Rule Type section, you have to select “Port” and then click on the “Next” button.
- Then under the Protocol and Ports section, you have to select the “TCP” as the type of protocol.
- After that, you have to type “20002” in the “Specific local ports” input field.
- Next, you have to head to the Action section in which you have to select “Allow the Connection“ and then you have to click on the “Next” button.
- Now under the Profile section, you have to select all three options and click on the “Next” button.
(NOTE: Here at this point if you wish to limit the connection to a particular profile then you can simply select the profiles that are appropriate to your setup.)
- After that, now you have to enter a “Name” for this rule under the Name section, and then click on the “Finish” button when you are done.
- That’s it, now you are done.
Open Ports through command line (netsh)
- First of all, using an administrator account you have to login to the server.
- Then you have to open and run the Command Prompt as Administrator.
- For the Publishing Agents role on the servers, open the TCP port 20002 with the following command.
- That’s it, now you are done.
Open Ports through PowerShell commands
- First of all, using an admin account you have to Log in.
- Then you have to run the Windows PowerShell as Administrator.
- You need to open the TCP port 20002 on the publishing agents server using the following command.
- That’s it, now you are done.
Once all is done, now immediately after creating this rule, the firewall rule will allow traffic to (or from) your server. While if you want to open a port for both sending and receiving, you need to repeat the process as an Outbound rule.
Ports play a very important role in any computer system. In computer networks, ports are used to connect computers and other devices to one another. When you open a port, you are allowing specific types of information to go in and out of your computer.
For example, if you want to host a website, you need to open port 80 to allow web traffic to go in and out. This blog is all about how to open ports on a Windows server and we hope that you liked it.
FAQs
What is a firewall and how does it work?
A firewall is a security system that is used to protect computer resources from unauthorized access. It checks incoming and outgoing traffic on a network or server, and according to the configured rules, decides whether to allow or block traffic.
How do I open ports on Windows Server?
There are three ways to open ports on Windows Server 2008/2012 R2/2016 and Windows Server 2019: using MMC, command line (netsh), or PowerShell commands. To open a port using MMC, you need to log in as an admin, click on Start > Administrative Tools > Windows Firewall with Advanced Security, click on Inbound Rules, then click on New Rule, and follow the five steps to open a port and accept incoming connections.
What is a TCP/IP port and why do applications need them?
TCP/IP ports are reserved for applications when they want to access the network, which means that no one else can use them. Ports are used to connect computers and other devices to one another. When you open a port, you are allowing specific types of information to go in and out of your computer.
What is the difference between Inbound and Outbound rules when opening a port?
Inbound rules control traffic coming into the server, while outbound rules control traffic going out of the server. If you want to open a port for both sending and receiving, you need to repeat the process as an outbound rule.
Why is it important to open ports on a Windows server?
Opening ports on a Windows server is important because it allows specific types of information to go in and out of your computer. For example, if you want to host a website, you need to open port 80 to allow web traffic to go in and out. By opening ports, you can ensure that the applications and services you want to use can communicate properly.
1 min read
How to check open/listening ports in Windows Server-based operating systems.
Right-click on the start menu and click ‘Windows PowerShell (admin), in the new PowerShell window that has just opened up type: netstat -an this will show you all open ports and which IP they are listening on:
PS C:\Users\Administrator> netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2179 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING
TCP 22.156.188.131:139 0.0.0.0:0 LISTENING
TCP 22.156.188.131:3389 174.143.175.2:42252 ESTABLISHED
TCP 22.156.188.131:3389 182.169.114.207:64454 ESTABLISHED
TCP 22.156.188.131:3389 191.220.163.122:57588 ESTABLISHED
TCP 22.156.188.131:3389 191.220.163.131:31525 ESTABLISHED
TCP 22.156.188.131:3389 191.220.163.151:23613 ESTABLISHEDAs we can see above for example port 123 is listening on IP 22.156.188.131 we can also see that a connection to port 3389 (WIndowd RDP) is currently established from IPS 174.143.175.2, 182.169.114.204, and, 191.220.163.131.
If you are expecting to be able to connect to a specific service that you know runs on a specific port and you can see it when listing the open/established ports as above yet it fails to connect there is a very good chance that you have not opened that port up in the Windows Firewall if however, you do not see that the port is listening for connections then there is a good chance that the service itself is not correctly configured so you need to look at that before the firewall.
If the output is just to much on a busy server for example you can narrow this down to specific ports, Linux users will have probably noticed by now that grep is not available in Windows PowerShell, never fear though as ‘Select-String’ does the same job, for the most part, the example below will show you how to check specific ports in the following example port 3389.
PS C:\Users\Administrator> netstat -an | Select-String 3389
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 22.156.188.131:3389 182.169.114.207:64454 ESTABLISHEDAs an extra tip, if you are concerned that the client software you are using might be the thing preventing connection and the server side listening connection is on TCP you can also use telnet to test the connection
telnet 20.30.40.50 3389If the connection to the port is ok you will see:
Trying 20.30.40.50...
Connected to 20.30.40.50.
Escape character is '^]'.That means the connection has been established to the remote server so you can start troubleshooting the client software if it is not connecting, if however, nothing happens and eventually it just times out then a connection to the port on the server cannot be established at all so you need to investigate the server-side software and network
Click on Windows Firewall With Advanced Security. At Windows Firewall With Advanced Security, click on Inbound Rules >> New Rule. At New Inbound Rule Wizard, Select Port Radio button and click Next. Select TCP/UDP & specify the port you wish to open in Specific Local Ports box OR check All local ports & click Next.
- How do I open port 587 on Windows Server 2012?
- How do I check if port 1443 is open?
- How do I check if a port 1433 is open?
- How do I check if a port is open on a server?
- How do I check if a port is open on a Windows server?
- How do I open port 21 on Windows Server 2012?
- Is port 587 blocked?
- What is the port 587?
- What is the port 3389?
- What is port 135 commonly used for?
How do I open port 587 on Windows Server 2012?
Open MailEnable and expand Servers→localhost→Services and Connectors. Right click on SMTP service and click on Properties. Go to Inbound and click on Settings under Port Settings area. Select the checkbox for “Listen on alternate port” and type 587 in the field next to it.
How do I check if port 1443 is open?
Simplest way to do that is probably (on the server, in a cmd window) netstat -an | find «1443» and see what you get back. Second, if it’s a TCP connection you’re looking for, you may be able to telnet <hostname> 1443 and see if you get a connection.
How do I check if a port 1433 is open?
You can check TCP/IP connectivity to SQL Server by using telnet. For example, at the command prompt, type telnet 192.168. 0.0 1433 where 192.168. 0.0 is the address of the computer that is running SQL Server and 1433 is the port it is listening on.
How do I check if a port is open on a server?
Type «Network Utility» in the search field and select Network Utility. Select Port Scan, enter an IP address or hostname in the text field, and specify a port range. Click Scan to begin the test. If a TCP port is open, it will be displayed here.
How do I check if a port is open on a Windows server?
Using ‘netstat -ab’ to Identify Open Ports
Now, type “ netstat -ab ” without quotes, then press “Enter.” Wait for the results to load. Port names get listed next to each local IP address. Look for the port number you need, and if it says LISTENING in the State column, it means your port is open.
How do I open port 21 on Windows Server 2012?
Click on Windows Firewall With Advanced Security. At Windows Firewall With Advanced Security, click on Inbound Rules >> New Rule. At New Inbound Rule Wizard, Select Port Radio button and click Next. Select TCP/UDP & specify the port you wish to open in Specific Local Ports box OR check All local ports & click Next.
Is port 587 blocked?
If the SMTP port 587 is not blocked, the 220 response will appear. Note: This message may vary from system to system. If Unable to connect or Connection refused message appears, that means the port is blocked. In this case, we recommend you to disable the firewall or contact your ISP.
What is the port 587?
Port 587: The standard secure SMTP port
Modern email servers use port 587 for the secure submission of email for delivery. For example, if you use an email client software like Outlook or Apple Mail, it most likely is configured to use this port to send your messages.
What is the port 3389?
Port 3389 Details
Port is IANA registered for Microsoft WBT Server, used for Windows Remote Desktop and Remote Assistance connections (RDP — Remote Desktop Protocol). Also used by Windows Terminal Server.
What is port 135 commonly used for?
Port 135 is used for RPC client-server communication; ports 139 and 445 are used for authentication and file sharing.