在 Windows Vista 和 Windows Server 2008 中，TCP/IP 的默认动态端口范围已更改

原文地址：https://support.microsoft.com/en-us/kb/929851

To comply with Internet Assigned Numbers Authority (IANA) recommendations, Microsoft has increased the dynamic client port range for outgoing connections in Windows Vista and in Windows Server 2008. The new default start port is 49152, and the default end port is 65535. This is a change from the configuration of earlier versions of Windows that used a default port range of 1025 through 5000.

You can view the dynamic port range on a computer that is running Windows Vista or Windows Server 2008 computer by using the followingnetsh commands:

• netsh int ipv4 show dynamicport tcp
• netsh int ipv4 show dynamicport udp
• netsh int ipv6 show dynamicport tcp
• netsh int ipv6 show dynamicport udp

Note The range is set separately for each transport and for each version of IP. The port range is now truly a range with a starting point and with an endpoint. Microsoft customers who deploy servers that are running Windows Server 2008 may have problems with RPC communication between servers if firewalls are used on the internal network. In these cases, we recommend that you reconfigure the firewalls to allow for traffic between servers in the dynamic port range of 49152 through 65535. This range is in addition to well-known ports that are used by services and by applications. Or, the port range that is used by the servers can be modified on each server. You adjust this range by using thenetsh command, as follows:

netsh int <ipv4|ipv6> set dynamic <tcp|udp> start=number num=range

This command sets the dynamic port range for TCP. The start port is number, and the total number of ports is range. The following are sample commands:

• netsh int ipv4 set dynamicport tcp start=10000 num=1000
• netsh int ipv4 set dynamicport udp start=10000 num=1000
• netsh int ipv6 set dynamicport tcp start=10000 num=1000
• netsh int ipv6 set dynamicport udp start=10000 num=1000

These sample commands set the dynamic port range to start at port 10000 and to end at port 10999 (1000 ports). The minimum range of ports that can be set is 255. The minimum starting port that can be set is 1025. The maximum end port (based on the range being configured) cannot exceed 65535. To duplicate the default behavior of Windows Server 2003, use 1025 as the start port, and then use 3976 as the range for both TCP and UDP. This results in a start port of 1025 and an end port of 5000.

Note When you install Microsoft Exchange Server 2007 on a Windows Server 2008-based computer, the default port range is 1025 through 60000.

For more information about port usage and about how ports can be statically mapped in Exchange 2007, click the following article number to view the article in the Microsoft Knowledge Base:

270836 Exchange Server static port mappings

For more information about security in Exchange 2007, go to the following Microsoft TechNet website:

Exchange 2007 Security Guide