全部,
我曾经是 ZoneAlarm 的忠实用户。但最近我需要在我的其中一台机器上打开一个端口(Windows 8.1,SQL Server 的端口 1433),我发现这显然是一项不可能完成的任务。因此,我询问了他们,他们告诉我可以使用 CoMoDo。
我确实下载并安装了它,但现在看起来我仍然无法远程访问服务器。 CoMoDo 和 Windows FW 都处于活动状态,我认为我确实在它们两个上打开了相关端口。 但是,尝试通过 telnet 连接到计算机的端口 1433 导致“连接超时”。
所以,我的问题是 - 如何在 Windows 8.1 FW 和 CoMoDo FW 中正确打开端口?
我还应该补充一点,这是我家里的本地局域网。
谢谢。
[编辑]
这是我根据收到的答案后执行的一些故障排除步骤的输出。
C:\Users\Igor\Desktop>netstat -na | find "1433"
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING
TCP 192.168.1.4:1433 192.168.1.4:55788 ESTABLISHED
TCP 192.168.1.4:55788 192.168.1.4:1433 ESTABLISHED
TCP [::]:1433 [::]:0 LISTENING
igor@IgorDellGentoo ~/dbhandler $ nmap -v -p1433 192.168.1.4
Starting Nmap 7.01 ( https://nmap.org ) at 2016-06-24 23:09 EDT
Initiating Ping Scan at 23:09
Scanning 192.168.1.4 [2 ports]
Completed Ping Scan at 23:09, 3.00s elapsed (1 total hosts)
Nmap scan report for 192.168.1.4 [host down]
Read data files from: /usr/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.15 seconds
igor@IgorDellGentoo ~/dbhandler $ nmap -v -p1433 192.168.1.1
Starting Nmap 7.01 ( https://nmap.org ) at 2016-06-24 23:10 EDT
Initiating Ping Scan at 23:10
Scanning 192.168.1.1 [2 ports]
Completed Ping Scan at 23:10, 0.04s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 23:10
Completed Parallel DNS resolution of 1 host. at 23:10, 0.03s elapsed
Initiating Connect Scan at 23:10
Scanning 192.168.1.1 [1 port]
Completed Connect Scan at 23:10, 0.01s elapsed (1 total ports)
Nmap scan report for 192.168.1.1
Host is up (0.035s latency).
PORT STATE SERVICE
1433/tcp closed ms-sql-s
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
igor@IgorDellGentoo ~/dbhandler $ ping -c 3 192.168.1.4
PING 192.168.1.4 (192.168.1.4) 56(84) bytes of data.
64 bytes from 192.168.1.4: icmp_seq=1 ttl=128 time=58.4 ms
64 bytes from 192.168.1.4: icmp_seq=2 ttl=128 time=6.63 ms
64 bytes from 192.168.1.4: icmp_seq=3 ttl=128 time=3.79 ms
--- 192.168.1.4 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 3.794/22.975/58.493/25.141 ms
igor@IgorDellGentoo ~/wxFork/buildGTK2/samples/listctrl $ busybox telnet 192.168.1.4 1433
telnet: can't connect to remote host (192.168.1.4): Connection timed out
IgorDellGentoo dbhandler # tcpdump -ni wlan0 host 192.168.1.4
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
23:20:02.159167 IP 192.168.1.2.47013 > 192.168.1.4.1433: Flags [S], seq 691635572, win 29200, options [mss 1460,sackOK,TS val 1402552123 ecr 0,nop,wscale 7], length 0
23:20:03.159796 IP 192.168.1.2.47013 > 192.168.1.4.1433: Flags [S], seq 691635572, win 29200, options [mss 1460,sackOK,TS val 1402553124 ecr 0,nop,wscale 7], length 0
23:20:05.163791 IP 192.168.1.2.47013 > 192.168.1.4.1433: Flags [S], seq 691635572, win 29200, options [mss 1460,sackOK,TS val 1402555128 ecr 0,nop,wscale 7], length 0
23:20:07.171775 ARP, Request who-has 192.168.1.4 tell 192.168.1.2, length 28
23:20:07.176715 ARP, Reply 192.168.1.4 is-at ac:b5:7d:e8:72:b7, length 28
23:20:09.171794 IP 192.168.1.2.47013 > 192.168.1.4.1433: Flags [S], seq 691635572, win 29200, options [mss 1460,sackOK,TS val 1402559136 ecr 0,nop,wscale 7], length 0
23:20:17.187794 IP 192.168.1.2.47013 > 192.168.1.4.1433: Flags [S], seq 691635572, win 29200, options [mss 1460,sackOK,TS val 1402567152 ecr 0,nop,wscale 7], length 0
23:20:33.203776 IP 192.168.1.2.47013 > 192.168.1.4.1433: Flags [S], seq 691635572, win 29200, options [mss 1460,sackOK,TS val 1402583168 ecr 0,nop,wscale 7], length 0
23:21:05.267791 IP 192.168.1.2.47013 > 192.168.1.4.1433: Flags [S], seq 691635572, win 29200, options [mss 1460,sackOK,TS val 1402615232 ecr 0,nop,wscale 7], length 0
23:21:10.275756 ARP, Request who-has 192.168.1.4 tell 192.168.1.2, length 28
23:21:10.282680 ARP, Reply 192.168.1.4 is-at ac:b5:7d:e8:72:b7, length 28
23:21:43.253368 IP 192.168.1.4 > 224.0.0.22: igmp v3 report, 1 group record(s)
23:21:45.301655 IP 192.168.1.4 > 224.0.0.22: igmp v3 report, 1 group record(s)
^C
13 packets captured
13 packets received by filter
0 packets dropped by kernel
[/编辑]
答案1
为了一切顺利,您应该转发 TCP/UDP 1433 和 1434。SQL SDBE 也可能使用 1954 TCP。
通过创建自定义规则在路由器和防火墙中打开它们。将端口添加到规则列表时,必须指定协议和端口号。创建端口规则时,您只能指定 TCP 和 UDP 端口,这足以满足您的需要。
几乎:
- 打开Windows防火墙
- 点击高级设置。系统可能会要求你输入管理员密码或确认你的访问权限。
- 在“高级安全 Windows 防火墙”对话框的左侧窗格中,单击“入站规则”,然后在右侧窗格中点击或单击“新建规则”。
- 按照屏幕上的说明添加我指定的一个端口,然后对其他端口重复此操作。
对于Comodo:
防火墙->高级->网络安全策略->全局规则。选择添加,然后为每个端口添加规则:
操作:允许
协议:TCP
方向:进/出
源地址:任意
目的地地址:任意
源端口:任意
目标端口:1433
对所有重复。