Click here to Skip to main content
15,867,756 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
Can we limit the available port numbers in window 7 so that any program which is asking for random ports will get the port in that range only.

This will help me to get the port number that a program might randomly selecting.

[Update]
Okay , let me give the background of the problem I am dealing with.

I have a virtual machine which is connected to the host computer through NAT network. There is a program which is running inside the VM and it is connecting to an external server address. Now in this particular process of the connection the client sends a random port number to server so that server can also connect back to that specified port of client. Now as the VM is sitting behind the NAT network the actual ip address of the VM is not exposed to the server(ip address of VM is converted to the ip of the host computer and sent to server i.e. that's how NAT works) so actually the server fails to connect back.

To resolve this issue I was wondering if I can use the specified port forwarding facility of the virtual machine for NAT network. For that I need to know which port the client program inside the VM is going to select for sending to the server.Forwarding that port with the host computer should help. As the client program is probably selecting any random available port number so to stop that I was wondering that if I limit available the port numbers so that the client program will be forced to use the specified port number which is also known to me. This known port number can be forwarded which should solve the issue.

So my question is will it be possible to write any program which will block any range of ports from getting available to any other programs which are looking for random available port. Of course, then I will be able keep some specified port number available for the programs which makes me able to know what is the port number that will be selected when asked by any program

Any other solution of the problem mentioned above is also appreciated.
Posted
Updated 28-Oct-15 10:27am
v3
Comments
CPallini 28-Oct-15 4:52am    
"This will help me to get the port number that a program might randomly selecting."
What do you mean, exactly?
Chirantan Ghosh 28-Oct-15 13:32pm    
Okay , let me give the background of the problem I am dealing with.

I have a virtual machine which is connected to the host computer through NAT network. There is a program which is running inside the VM and it is connecting to an external server address. Now in this particular process of the connection the client sends a random port number to server so that server can also connect back to that specified port of client. Now as the VM is sitting behind the NAT network the actual ip address of the VM is not exposed to the server(ip address of VM is converted to the ip of the host computer and sent to server i.e. that's how NAT works) so actually the server fails to connect back.

To resolve this issue I was wondering if I can use the specified port forwarding facility of the virtual machine for NAT network. For that I need to know which port the client program inside the VM is going to select for sending to the server.Forwarding that port with the host computer should help. As the client program is probably selecting any random available port number so to stop that I was wondering that if I limit available the port numbers so that the client program will be forced to use the specified port number which is also known to me. This known port number can be forwarded which should solve the issue.

So my question is will it be possible to write any program which will block any range of ports from getting available to any other programs which are looking for random available port. Of course, then I will be able keep some specified port number available for the programs which makes me able to know what is the port number that will be selected when asked by any program

Any other solution of the problem mentioned above is also appreciated.

KarstenK 28-Oct-15 7:47am    
Maybe a firewall is a solution.

I saw this on a Microsoft site:
https://support.microsoft.com/en-us/kb/929851
which uses the "netsh" command to set dynamic port range. I hope this works for you. if it does work, don't forget to accept it as an answer.
 
Share this answer
 
Comments
Chirantan Ghosh 28-Oct-15 13:46pm    
Hello Tonex247,

Thanks for sharing the link. This is quite a solution but the number of minimum ports can be mentioned here is 255 which is a lot. I want to make less number as available port.

do u see any solution for that?
You attack the problem wrong.

A properly configured NAT is automatically doing what is needed to establish proper communication between client and server and return.
The fact that there is a NAT is not a problem.
This is exactly what is silently doing your DSL-box or your router.

Test:
- Test if PC hosting the VM can access internet. Should be OK, if not work, your PC have a configuration problem like the FireWall preventing internet communication or simply preventing network communication, or a problem on PC's NAT.
- Once PC is OK, test if VM can browse on internet. If internet browsing is OK, your program certainly not working. if VM can't browse on internet, the NAT on host PC is probably mis-configured or the VM prevent network access.

A firewall rule can prevent the program from accessing network/internet, you have to check.
If you suspect a NAT problem, you can try the VM on another PC, or re-install the VM manager (aka VirtualBox or VirtualPC).

[Update]
From your comment:
In fact, what you want is to make your software to listen to the virtual network and also through the NAT on the host machine.
- Your software is awaiting for an incoming request: this is called port listening.
- You want your software to listen to real network over the NAT of the host machine, this is called port forwarding, this is a standard function of NAT.

What you need to do:
- choose the port on which you will listen.
- on the VM, make your software to listen chosen port, make sure the firewall is set to allow this. Upnp can allow this automatically.
- on the host, you need to say that a port (on real network) is forwarded to your port on VM. This can be done automatically using Upnp because the NAT on the Host machine is also the gateway of the virtual network.

search internet for Upnp, port listening and port forwarding for more informations.
 
Share this answer
 
v2
Comments
Chirantan Ghosh 29-Oct-15 17:22pm    
Hello,

Thanks for replying.

I am not telling there is a any problem with the NAT of the VM . NAT is working perfectly as it supposed to. Even as you asked to test the internet access , that is also working fine from the VM. Any network request initiated from internal of VM is working fine as long as that never requires a server initiated connection as well.

And here I am telling a situation where a connection request is initiated from a external server to the VM.This won't work and thats agreed also as NAT network works in that way.

To iterate once more , if a VM is sitting behind a NAT network on the host PC and any software running in the VM also requires a connection initiated from server that will never work.

For example, Active FTP will never work from a VM with NAT as the procedure requires a server initiated data connection but Passive FTP will work as it does not require that.

However, this problem can be overcome if the VM is connected to bridge network to the host.

In my problem I am using a software which in running in the VM with NAT and in its procedure of connection it requires a server initiated connection for which it is failing and I was wondering if somehow I can correct this without changing the network mode from NAT to bridge by playing with the port numbers.
Patrice T 29-Oct-15 18:40pm    
see update in my answer
I don't get the whole situation very well, I would be inclined to approve ppolymorphe and say that it's the job of the NAT router.

Basically, the client (the application in your VM) sends a packet to an ip address outside the LAN. Thus, gateway address will be used. Gateway address should be the LAN interface of the firewall/NAT router.

The router check the packet against configured rules to see what it's going to do with it. Obviously, the packet is for outside world (WAN), and there should not be any rule preventing it to be forwarded. The router sends the packet to the ouside server, which replies sending a packet to the public IP address of the firewall/router.

There should be a rule in the router which says that any packet from WAN to LAN in reply to a previously established connection is allowed. If there is such a rule, the packet is forwarded to the IP address of the VM, matching the original port; the router takes care of storing and retrieving the original communication port.

There is a special case, however. The FTP protocol uses two ports, 20 and 21; port 21 is for sending commands to the server, whereas port 20 is reserved to file transfers. This introduces a complexity in the routing process. In Linux world, a special module exists to give netfilter the ability to handle ftp requests.

Is your application in the same scheme as FTP protocol? Do you initiate connections from one port that require a response on another port?
 
Share this answer
 
Comments
Chirantan Ghosh 29-Oct-15 17:24pm    
Hello,

Thanks for your reply.

Please have a look of my above comment where I tried to explain more on my situation.
implement UPnP in the client program - EXACTLY designed to handle this scenario

NAT traversal[^]
 
Share this answer
 
Comments
Chirantan Ghosh 29-Oct-15 17:25pm    
Hello,

The client program is a third party program so cannot change that :(.
"To resolve this issue I was wondering if I can use the specified port forwarding facility of the virtual machine for NAT network."

You don't need port forwarding from the client end. That's only needed if to offer a local service behind your firewall to the outside world.

If you can surf the web from your VM client - NAT is working - which means you have a different problem.

Follow ppolymorphe's advice for troubleshooting.

Note: it *is* possible to limit the range of local port numbers - but that won't solve your real problem.

https://support.microsoft.com/en-us/kb/929851[^]
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900