关于我的掌上电脑>服务器应用程序使用此处讨论的Web API RESTful方法问题(Does an ASP.NET Web API app need to be installed into the "real" IIS before a handheld device can access its RESTful methods?),我试图通过使用此处描述的shell命令验证我没有防火墙问题:http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx,明确地:
netsh firewall add portopening TCP 80 IISExpressWeb enable ALL
我也是使用端口777做的,因为那是我在applicationhost.config中设置的那个:
<bindings>
<binding protocol="http" bindingInformation="*:28642:localhost" />
<binding protocol="http" bindingInformation="*:777:192.168.125.50" />
<binding protocol="https" bindingInformation="*:44300:localhost" />
</bindings>
这样做,我从命令shell获得了这个指纹:
重要说明:命令执行成功。但是,“netsh firewall”已被弃用;改为使用“netsh advfirewall firewall”。
所以,我接着输入以下内容(传统/默认端口80,如Hanselmann的帖子所示,然后是我在传统失败时添加到applicationconfig.host的那个(777)),一个接一个地输入:< / p>
netsh advfirewall firewall add portopening TCP 80 IISExpressWeb enable ALL
netsh advfirewall firewall add portopening TCP 777 IISExpressWeb enable ALL
但是,在输入命令shell的命令(或建议)之后,我从cmd shell获得了以下反馈(两次):
未找到以下命令:advfirewall firewall add portopening TCP 80 IISExpressWeb启用所有。
所以它告诉我使用newfangled命令,然后说没有这样的东西!这个故事是什么?有没有办法实际使用新命令?我的语法错了,还是...... ???
答案 0 :(得分:2)
在命令提示符下键入netsh /?
说明可用选项,以及查看有关您要键入netsh <option> /?
的选项的信息。这样做
I:\>netsh advfirewall /?
The following commands are available:
Commands in this context:
? - Displays a list of commands.
consec - Changes to the `netsh advfirewall consec' context.
dump - Displays a configuration script.
export - Exports the current policy to a file.
firewall - Changes to the `netsh advfirewall firewall' context.
help - Displays a list of commands.
import - Imports a policy file into the current policy store.
mainmode - Changes to the `netsh advfirewall mainmode' context.
monitor - Changes to the `netsh advfirewall monitor' context.
reset - Resets the policy to the default out-of-box policy.
set - Sets the per-profile or global settings.
show - Displays profile or global properties.
The following sub-contexts are available:
consec firewall mainmode monitor
To view help for a command, type the command, followed by a space, and then
type ?.
您可以更深入地应用<command> /?
,例如netsh advfirewall firewall /?
,这会导致'netsh advfirewall firewall add /?`,这会导致
I:\>netsh advfirewall firewall add rule /?
Usage: add rule name=<string>
dir=in|out
action=allow|block|bypass
[program=<program path>]
[service=<service short name>|any]
[description=<string>]
[enable=yes|no (default=yes)]
[profile=public|private|domain|any[,...]]
[localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
[remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|
<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
[localport=0-65535|<port range>[,...]|RPC|RPC-EPMap|IPHTTPS|any (default=a
ny)]
[remoteport=0-65535|<port range>[,...]|any (default=any)]
[protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|
tcp|udp|any (default=any)]
[interfacetype=wireless|lan|ras|any]
[rmtcomputergrp=<SDDL string>]
[rmtusrgrp=<SDDL string>]
[edge=yes|deferapp|deferuser|no (default=no)]
[security=authenticate|authenc|authdynenc|authnoencap|notrequired
(default=notrequired)]
Remarks:
- Add a new inbound or outbound rule to the firewall policy.
- Rule name should be unique and cannot be "all".
- If a remote computer or user group is specified, security must be
authenticate, authenc, authdynenc, or authnoencap.
- Setting security to authdynenc allows systems to dynamically
negotiate the use of encryption for traffic that matches
a given Windows Firewall rule. Encryption is negotiated based on
existing connection security rule properties. This option
enables the ability of a machine to accept the first TCP
or UDP packet of an inbound IPsec connection as long as
it is secured, but not encrypted, using IPsec.
Once the first packet is processed, the server will
re-negotiate the connection and upgrade it so that
all subsequent communications are fully encrypted.
- If action=bypass, the remote computer group must be specified when dir=i
n.
- If service=any, the rule applies only to services.
- ICMP type or code can be "any".
- Edge can only be specified for inbound rules.
- AuthEnc and authnoencap cannot be used together.
- Authdynenc is valid only when dir=in.
- When authnoencap is set, the security=authenticate option becomes an
optional parameter.
Examples:
Add an inbound rule with no encapsulation security for messenger.exe:
netsh advfirewall firewall add rule name="allow messenger"
dir=in program="c:\programfiles\messenger\msmsgs.exe"
security=authnoencap action=allow
Add an outbound rule for port 80:
netsh advfirewall firewall add rule name="allow80"
protocol=TCP dir=out localport=80 action=block
Add an inbound rule requiring security and encryption
for TCP port 80 traffic:
netsh advfirewall firewall add rule
name="Require Encryption for Inbound TCP/80"
protocol=TCP dir=in localport=80 security=authdynenc
action=allow
Add an inbound rule for messenger.exe and require security
netsh advfirewall firewall add rule name="allow messenger"
dir=in program="c:\program files\messenger\msmsgs.exe"
security=authenticate action=allow
Add an authenticated firewall bypass rule for group
acmedomain\scanners identified by a SDDL string:
netsh advfirewall firewall add rule name="allow scanners"
dir=in rmtcomputergrp=<SDDL string> action=bypass
security=authenticate
Add an outbound allow rule for local ports 5000-5010 for udp-
Add rule name="Allow port range" dir=out protocol=udp localport=5000-5010
action=allow
答案 1 :(得分:2)
我只是为未来的“几代人”添加这个 - 我希望我可以将答案检查与肯·怀特分开,然后欣赏;第一个做了这么多的工作,我想我会把它给他,虽然两个答案都很好。我实际上找到了我需要的东西,但在我的问题顶部引用的Hanselmann的帖子中附带的评论中(Blake,etwa在页面的60%左右)。
我必须在开始&gt;中输入“cmd”运行框,mash Ctrl + Shift + Enter以管理员身份运行shell,然后输入以下命令:
netsh advfirewall firewall add rule name="IISExpressWeb" dir=in protocol=tcp localport=80 profile=private remoteip=localsubnet action=allow
netsh advfirewall firewall add rule name="IISExpressWeb" dir=in protocol=tcp localport=777 profile=private remoteip=localsubnet action=allow
他们没有从住在控制台内的微软精灵那里咆哮(他们温柔地回应了一个简单的,“好吧。”我粘贴并运行它们之后)。
答案 2 :(得分:1)
看起来这只是一种语法问题; portopening
不是advfirewall
的有效选项。退房:
从命令行运行netsh advfirewall firewall add rule /?
也会为您提供一堆语法信息。