http:\/\/support.microsoft.com\/kb\/2761899<\/a><\/p>\n\u539f\u56e0<\/p>\n
\u5982\u679c TCP \u52d5\u614b\u9023\u63a5\u57e0\u7bc4\u570d\u8d85\u51fa\u9810\u8a2d\u7bc4\u570d\uff0c\u53ef\u80fd\u6703\u767c\u751f\u9019\u500b\u554f\u984c\u3002Hyper-V \u865b\u64ec\u7ba1\u7406\u670d\u52d9 (Vmms.exe) \u53ef\u8b93\u60a8\u4f7f\u7528 Windows \u670d\u52d9\u5f37\u5316\uff0c\u4e26\u9650\u5236\u672c\u8eab\u52d5\u614b\u9023\u63a5\u57e0\u7bc4\u570d\u3002
\u5982\u679c\u8981\u5224\u65b7 TCP \u52d5\u614b\u9023\u63a5\u57e0\u7bc4\u570d\uff0c\u8acb\u5728\u63d0\u9ad8\u6b0a\u9650\u7684\u547d\u4ee4\u63d0\u793a\u5b57\u5143\u57f7\u884c\u4e0b\u5217\u547d\u4ee4\uff1a<\/p>\n
C:\\>netsh int ipv4 show dynamicportrange tcp\nProtocol tcp Dynamic Port Range\n---------------------------------\nStart Port : 49152\nNumber of Ports : 16384<\/pre>\n\u82e5\u8981\u89e3\u6c7a\u9019\u500b\u554f\u984c\uff0c\u8acb\u57f7\u884c\u4e0b\u5217\u6307\u4ee4\u78bc\u4e00\u6b21\uff0c\u6bcf\u500b\u53d7\u5f71\u97ff Hyper-V \u4e3b\u6a5f\u3002\u6b64\u6307\u4ee4\u78bc\u52a0\u5165\u81ea\u8a02\u7684\u901a\u8a0a\u57e0\u7bc4\u570d\uff0c\u624d\u80fd\u555f\u7528\u901a\u8a0a 9000 \u5230 9999 \u4e4b\u9593\u7684\u984d\u5916\u7684\u9023\u63a5\u57e0\u7bc4\u570d\u7684 Vmms.exe\u3002\u6307\u4ee4\u78bc\u53ef\u4ee5\u8996\u9700\u8981\u4fee\u6539\u3002
\u82e5\u8981\u8a2d\u5b9a\u6307\u4ee4\u78bc\uff0c\u4ee5\u65b0\u589e\u81ea\u8a02\u7684\u9023\u63a5\u57e0\u7bc4\u570d\uff0c\u8acb\u4f9d\u7167\u4e0b\u5217\u6b65\u9a5f\u57f7\u884c\uff1a<\/p>\n
\n- \u555f\u52d5\u6587\u5b57\u7de8\u8f2f\u5668\uff0c\u4f8b\u5982 \u300c \u8a18\u4e8b\u672c \u300d\u3002\n
- \u8907\u88fd\u4e0b\u5217\u7a0b\u5f0f\u78bc\u4e2d\uff0c\u4e26\u5c07\u7a0b\u5f0f\u78bc\u518d\u8cbc\u5230\u6587\u5b57\u6a94\u6848\uff1a\n
<\/p>\n'This VBScript adds a port range from 9000 to 9999 for outgoing traffic \n'run as cscript addportrange.vbs on the hyper-v host\n\noption explicit\n\n'IP protocols\nconst NET_FW_IP_PROTOCOL_TCP = 6\nconst NET_FW_IP_PROTOCOL_UDP = 17\n\n'Action\nconst NET_FW_ACTION_BLOCK = 0\nconst NET_FW_ACTION_ALLOW = 1\n\n'Direction\nconst NET_FW_RULE_DIR_IN = 1\nconst NET_FW_RULE_DIR_OUT = 2\n\n'Create the FwPolicy2 object.\nDim fwPolicy2\nSet fwPolicy2 = CreateObject(\"HNetCfg.FwPolicy2\")\n\n'Get the Service Restriction object for the local firewall policy.\nDim ServiceRestriction\nSet ServiceRestriction = fwPolicy2.ServiceRestriction\n\n'If the service requires sending\/receiving certain type of traffic, then add \"allow\" WSH rules as follows\n'Get the collection of Windows Service Hardening networking rules\n\nDim wshRules\nSet wshRules = ServiceRestriction.Rules\n\n'Add outbound WSH allow rules\nDim NewOutboundRule\nSet NewOutboundRule = CreateObject(\"HNetCfg.FWRule\")\nNewOutboundRule.Name = \"Allow outbound traffic from service to TCP 9000 to 9999\"\nNewOutboundRule.ApplicationName = \"%systemDrive%\\WINDOWS\\system32\\vmms.exe\"\nNewOutboundRule.ServiceName = \"vmms\"\nNewOutboundRule.Protocol = NET_FW_IP_PROTOCOL_TCP\nNewOutboundRule.RemotePorts = \"9000-9999\"\nNewOutboundRule.Action = NET_FW_ACTION_ALLOW\nNewOutboundRule.Direction = NET_FW_RULE_DIR_OUT\nNewOutboundRule.Enabled = true\nwshRules.Add NewOutboundRule\n\n'end of script<\/pre>\n<\/code><\/p>\n
- \u5c07\u6a94\u6848\u5132\u5b58\u70ba”Addportrange.vbs”(\u5305\u542b\u5f15\u865f)\u3002\u6b63\u78ba\uff0c\u9019\u6703\u5efa\u7acb\u70ba\u5177\u6709.vbs \u526f\u6a94\u540d\u7684\u6a94\u6848\u3002\u6a94\u6848\u5716\u793a\u6703\u5f9e [\u8a18\u4e8b\u672c] \u5716\u793a\u8b8a\u66f4\u70ba\u6307\u4ee4\u78bc\u5716\u793a\u3002\n
- \u57f7\u884c cscript \u6307\u4ee4\u78bc\u3002<\/li>\n<\/ol>\n
\n