Thursday, August 13, 2015

Open inbound port on Windows 7, howto

Let's say you wish to open up a port (i.e., a local, inbound port) for the use of (i.e., to be served by) some program running on your Windows 7 (Home Premium SP1) computer. If installing the program didn't automatically result in opening up that port, here's how to do so.

For security reasons, you should limit the usage of an inbound local port to just the single receiving program. Plus in many cases you should configure that program not to use its standard port number (if possible). Instead, pick a number between 1024 and 49151 (inclusive and random) to be your inbound local port number.


First identify what Windows 7 calls your router's 'Network Location'. (Later we'll need this.) Here's how to do it:
  1. In Control Panel, click 'Network and Sharing Center'.
  2. Under the words 'View your active networks', identify (of your active routers) which is the appropriate one. (Most people only have one active router.)
  3. Find and click the text you see, immediately under that active router. Then
  4. Observe which Network Location is selected (i.e., surrounded by a dotted box).
  5. You should decide (if you haven't already) whether this router is best considered as providing:
    • A Home Network (a private network);
    • A Work Network (in a corporate domain); or
    • A Public Network.
    As it happens, my wireless router is provided by my landlord, so I categorize it as an unsafe Public Network. And that's its Network Location.

Then set up Windows Firewall to allow your desired inbound connection to the receiving program. (You'll need to be an Administrator for this.) Here's how:
  1. In Control Panel, click 'Windows Firewall'.
  2. Click 'Advanced Settings'—this takes you to 'Windows Firewall with Advanced Security'.
  3. Click 'Inbound Rules'.
  4. Click 'New Rule'.
  5. Select 'Port' and click 'Next'.
  6. Ensure 'TCP' is selected.
  7. Ensure 'Specific local ports' is selected.
  8. Enter your local inbound port number and click 'Next'.
  9. Ensure 'Allow the Connection' is selected, and click 'Next'.
  10. For 'When does this rule apply?', ensure that the box by your router's Network Location (see above) is checked (but no other Network Locations are), and click 'Next'.
  11. Under the word 'Name', enter the name of the receiving program, then a word (or an abbreviation) indicating (to you) the port's purpose (or functionality), the words 'In' and 'Port', and the port number (all five concatenated together). Click 'Finish'. (Later, this naming scheme will ease finding this rule, if necessary.)
  12. Click 'Refresh'.
  13. Right-click your new rule and select 'Properties'.
  14. Click the 'Advanced' tab.
  15. If you need this local inbound port to be accessible merely from other computers within your LAN, then:
    • Under 'Edge traversal', ensure 'Block edge traversal' is selected. This prevents computers outside your LAN from initiating contact with this inbound port on your computer (at least, through this Windows Firewall 'Action: Allow' rule).
    Otherwise, to allow inbound access to this local port from computers outside your LAN:
    • Under 'Edge traversal', unselect 'Block edge traversal'.
  16. Click the 'Programs and Services' tab.
  17. Select 'This program'.
  18. Enter the path to your receiving program and click 'OK'.
Copyright (c) 2015 Mark D. Blackwell.

No comments:

Post a Comment

Thanks for commenting on my post!