简体繁体 English

允许在端口 11111 上连接到 Microsoft 服务器

[英]Allowing Connections to Microsoft Server on port 11111

原文 2022-08-15 11:40:27 3 1 azure/ windows-server/ azure-virtual-network/ windows-firewall/ windows-server-2022

So this is admittedly a very n00b question on Microsoft Server, so please assume basic knowledge and be kind:).所以这在微软服务器上无疑是一个非常n00b的问题，所以请假设基本知识并且善良:)。 I do, however, feel I have a good knowledge of Linux networking concepts, but I am failing miserably with Microsoft.但是，我确实觉得我对 Linux 网络概念有很好的了解，但是我在微软方面失败了。

So, I am attempting to open up a port connection to my running Microsoft Server on port 11111 to connect to a running web application on that port.因此，我试图在端口 11111 上打开与正在运行的 Microsoft 服务器的端口连接，以连接到该端口上正在运行的 web 应用程序。 From within the Remote Desktop Program I am able to connect to the port on 127.0.0.1 and localhost.从远程桌面程序中，我可以连接到 127.0.0.1 和 localhost 上的端口。

So, I have confirmed that the app server is working and can send responses on port 11111.因此，我已经确认应用服务器正在工作并且可以在端口 11111 上发送响应。

However, I couldn't connect to this from outside the RDP instance, let's say I have been allocated the IP address 100.01.02.03 for argument sake.但是，我无法从 RDP 实例外部连接到此，假设我已分配 IP 地址 100.01.02.03 以供争论。 I navigate to 100.01.02.03:11111 in the browser, and the connection hangs.我在浏览器中导航到 100.01.02.03:11111，连接挂起。

So, what I have diagnosed is that the port is closed to outside connections.所以，我所诊断的是该端口对外部连接关闭。 I followed some nice guides on how to open a port in Windows Server Firewall, and opened the port following the relevant documentation:我遵循了一些关于如何在 Windows 服务器防火墙中打开端口的不错指南，并按照相关文档打开了端口：

I am confident that this is correct.我有信心这是正确的。

As my Microsoft Server is via an Azure Cloud instance, I have also added the inbound port rule to the Network security group associated to the VM running the server as follows:由于我的 Microsoft 服务器是通过 Azure 云实例，我还将入站端口规则添加到与运行服务器的 VM 关联的网络安全组中，如下所示：

However, I still can not connect to 100.01.02.03:11111 from another device... :(但是，我仍然无法从另一台设备连接到 100.01.02.03:11111 ... :(

Being a n00b/hobbyist, I am not sure what else I would need to do... I'd be very grateful for help in debugging or diagnosing what I may have done wrong, or some extra pointers or documentation or guides to be able to get this connection working.作为一个 n00b/爱好者，我不知道我还需要做什么......我会非常感谢帮助调试或诊断我可能做错了什么，或者一些额外的指针或文档或指南能够使此连接正常工作。

Many thanks!非常感谢！

1 个解决方案

• According to Security and Compliance analysis, the port 11111 was a very vulnerable port as viruses and trojans used this port to infiltrate and communicate with internal services in the system. • 根据安全与合规分析，11111 端口是一个非常容易受到攻击的端口，因为病毒和木马利用该端口渗透并与系统中的内部服务进行通信。 Thus, an extra layer of security and cautiousness based on the global security outlook is enforced on these types of flagged ports .因此，基于全局安全 outlook 的额外安全层和谨慎对这些类型的标记端口实施。

Thus, if you want to allow communication on this port for the VM's IP address, then ensure that the 'Allow' inbound traffic rule in the VM's respective NSG is at a priority higher than the 'Deny' rule for all other ports in the inbound port list as below: -因此，如果要允许在此端口上与 VM 的 IP 地址进行通信，请确保 VM 各自 NSG 中的“允许”入站流量规则的优先级高于入站中所有其他端口的“拒绝”规则端口列表如下： -

Once done, then ensure that there is no 'NRMS-Zero Trust' Corpnet network policy defined for the tenant as shown in the below snapshot: -完成后，请确保没有为租户定义“NRMS-零信任”Corpnet 网络策略，如下图所示：-

Since, you have allowed the inbound traffic for that port through the OS Windows firewall, by configuring the above given points, you should be able to connect to the VM's IP address through that port 11111 .由于您已允许该端口的入站流量通过 OS Windows 防火墙，因此通过配置上述给定点，您应该能够通过该端口 11111 连接到 VM 的 IP 地址。

Finally, try to check the connectivity through the 'Connection troubleshoot' option as shown below by entering the source and destination IP address correctly over the required port and protocol : -最后，尝试通过“连接故障排除”选项检查连接，如下所示，通过所需的端口和协议正确输入源和目标 IP 地址：-