TcpListener.AcceptTcpClient 和防火墙
我有一个在防火墙后面的端口 4000 上运行的 TcpListener 对象。显然,为了让外部客户端连接到 TcpListener,需要在防火墙中打开端口 4000;否则,外部连接请求将无法通过。
我的问题与当我接受连接请求时发生的情况有关,如下所示:
TcpClient client = server.AcceptTcpClient();
TcpClient 在本地接口上使用系统分配的端口号打开。是否必须在防火墙内打开此端口号才能使外部客户端与此 TcpClient 实例通信?如果是这样,是否可以指定要使用的端口号范围,以便提前打开它们?或者防火墙是否自动允许在该系统分配的端口号上进行通信,因为防火墙后面的某些东西(在本例中是我的服务器)建立了(即接受了)连接?
I have a TcpListener object that is operating behind a firewall on port 4000. Obviously, in order for outside clients to connect to the TcpListener, port 4000 needs to be opened in the firewall; otherwise, no outside connection request would get through.
My question has to do with what happens when I accept the connection request like so:
TcpClient client = server.AcceptTcpClient();
The TcpClient is opened on the local interface with a system-assigned port number. Does this port number have to be opened within the firewall in order for the outside client to communicate with this TcpClient instance? If so, is it possible to specify a range of port numbers to use so they can be opened in advance? Or does the firewall automatically allow communication on this system-assigned port number because something behind the firewall (my server, in this case) established, i.e., accepted, the connection?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
在服务器计算机上,防火墙需要允许从客户端连接的端口到
TcpListener正在侦听的端口的传入连接。在客户端计算机上,防火墙需要允许从客户端连接的端口到
TcpListener正在侦听的端口的传出连接。大多数防火墙(例如,Windows 防火墙)都配置为允许到任何目标的任何传出连接,因此您只需创建一条规则,允许端口 4000 上来自任何源的传入连接。
如果您想更严格地限制这一点,可以将 TcpClient 绑定到特定端口 而不是系统分配的端口,并在服务器和客户端上创建防火墙规则以仅允许来自/到此端口的连接。
On the server machine, the firewall needs to allow incoming connections from the port the client is connecting from, to the port the
TcpListeneris listening on.On the client machine, the firewall needs to allow outgoing connections to the port the
TcpListeneris listening on, from the port the client is connecting from.Most firewalls (e.g., Windows Firewall) are configured to allow any outgoing connections to any destination, so you just have to create a rule that allows incoming connections on your port 4000 from any source.
If you want to restrict this more closely, you can bind the TcpClient to a specific port instead of the system-assigned port, and create firewall rules on the server and the client to allow connections only from/to this port.
在Windows防火墙中提供端口范围并不容易,但您可以授予整个程序,当您在Windows防火墙中添加新条目时,选择程序而不是端口并授予您的程序接收所有连接,然后无论您选择哪个端口,它总是会被允许。
Giving range of ports in windows firewall is not easy but you can grant entire program, when you add new entry in windows firewall, choose program instead of port and grant your program to receive all connections then regardless of which ports you choose, it will always be allowed.