After installing some software, you may need to open specific port on windows firewall to service external connections. For example, we open port 1433 for SQL server or open port 1521 for Oracle database server. In this post, I'll introduce two ways to open port.
Open Port by CLI
We can easily open port in command prompt (cmd.exe) as Administrator in Windows platform.
For various network policies, we should set different allowable scopes for them. To apply the following commands in your situations, please change the port number 1433 into yours.
For Local LAN
For all remote clients in the same local subnet, we use the constant LOCALSUBNET to represent it.
Open Port 1433 for SQL Server
netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = any
Open Port 1521 for Oracle Database
netsh advfirewall firewall add rule name = OracleListener dir = in protocol = tcp action = allow localport = 1521 remoteip = localsubnet profile = any
Sometimes, you might be required to turn Windows firewall completely off.
Usually, open for local LAN is the most used type.
For Specific IP Address
For a single IP address only, you should specify its IP address.
For Mixed Network
Let's see a mixture network case.
As you can see, there's a combination of a single IP, CIDR and local LAN.
The command should be executed in command prompt (cmd) by administrator in Windows and each parameter is explained as followings:
- name
- dir
- protocol
- action
- localport
- remoteip
- profile
The name of the inbound rule. You may name it by its main usage.
The transport direction, either IN or OUT.
The internet protocol that you want to open, either TCP, UDP or ANY.
The action of this rule that you want to perform. The value can be ALLOW, BLOCK or BYPASS.
The port number that you want to open.
The scope of remote clients, it can be ANY for any specific IP address, or a CIDR for a range of IP addresses separated by commas, the default is local subnet (LOCALSUBNET).
The scope of this rule will be applied, it can be DOMAIN, PRIVATE, PUBLIC or ANY. In this case, we open it within all scopes.
Let's see the execution result.
C:\Windows\system32>netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = any
Ok.
We should confirm the rule is working by opening windows firewall directly.
Open Port by GUI
Using GUI to setup an inbound rule is pretty straightforward. Let's see the steps.