Needed to open a big range of ports on Windows Firewall on one of my web boxes. Via the GUI you can only do one port at a time. But run this at the command prompt to add a range:
FOR /L %I IN (5001,1,5201) DO netsh firewall add portopening TCP %I "Passive FTP"%I
This opens ports 5001 to 5201, and names them 'Passive FTP'.
Found this here.
Oh, takes time, like a port or two a second, so if you have a wide range it's going to take some time.
This worked excellently, especially for opening the 100+ ports needed for the Blizzard Downloader required to update World of Warcraft! Thank you very much!!!
Posted by: User | June 10, 2009 at 05:55 AM
You are very welcome. Thanks for letting me know this was useful!
Posted by: David Eedle | June 10, 2009 at 06:48 AM
This works perfect - thanks
Posted by: Deepti | July 24, 2009 at 04:14 PM
Awesome, now how do i delete a range of ports i created incorrectly? DOH
Posted by: Tab | September 02, 2009 at 12:18 PM
Ah, now that's good a question, and I'm sorry I don't know. Haven't had the need!
David
Posted by: David Eedle | September 02, 2009 at 12:40 PM
If you change your mind, it is (all in one line):
FOR /L %I IN (5001,1,5201) DO netsh firewall delete portopening TCP %I
Posted by: Abner Diaz | September 05, 2009 at 05:57 AM
Very helpful, many thanks
Posted by: Joe | September 23, 2009 at 08:17 PM
Will this also work for UDP ports?:
FOR /L %I IN (5001,1,5201) DO netsh firewall add portopening UDP %I "Passive FTP"%I ?
Posted by: Clark | November 15, 2009 at 07:21 AM
Clark, I suspect so although I haven't tried.
Posted by: David Eedle | November 15, 2009 at 01:03 PM
Clark, I just tried it for UDP and it works.
Posted by: David | December 04, 2009 at 06:50 AM
Nice. Thanks I've been setting up teh Windows Firewall on a 2003 DC that was wide-open. This, along with Rpccfg.exe is helping that gosh-durn dynamic-port-all-have-to-be-open-for-RPC-apps-to-work thing.
Posted by: Ed | December 09, 2009 at 06:15 AM
dude im having problems opening ports 28000-29100
for my windows firewall. i play msn gaming zone and its blocked all of the suddden, cant find help anywhere I have windows xp i dont know alot about computers, feel free to respond or even call me 334-380-5510
Posted by: steadmanward | August 08, 2010 at 02:47 AM
If you wish to narrow the scope of the port opening (instead of leaving it open for the entire internet) you can do it like this:
for /L %i in (5001,1,5201) DO netsh firewall add portopening protocol=TCP %i name="ExceptionName"%i scope=custom addresses=10.1.1.0/255.255.255.0,64.25.16.0/255.255.255.0
Posted by: Devin | August 27, 2010 at 04:59 AM
I cannot open ports 28000 to 28809 as well to play backgammon. I read info above where do I type this? Thank you for your help.
Posted by: steve romey | November 27, 2010 at 04:44 AM
Hi Steve
You need to type this at the Command Prompt. Usually you can open this:
Click Start
Click Accessories
Click Command Prompt
It should open a small black window, which is the command screen. It's used for typing commands directly to your computer.
Hope that helps
David
Posted by: David Eedle | November 27, 2010 at 01:24 PM
Can this be done for any port range? just wondering
Posted by: nathan | December 12, 2010 at 08:57 PM
Hello Nathan
Yes, you can use this for any range of ports. My example above is for 5001 to 5201. You can substitute your own values for these.
David
Posted by: David Eedle | December 13, 2010 at 06:22 AM
Thank you so much, I had to open passive ftp ports in my server, it would have taken years!
Thanks again
Posted by: Paolo | February 02, 2011 at 02:10 AM
I came here looking for a way to open a large group of ports for my passive FTP server. Imagine the irony! The ports in your example almost lined up with them as well, I copy/pasted your command and altered 2 numbers and hit go. You rock!
Posted by: AJ | March 11, 2011 at 01:49 PM
Glad it worked for you AJ.
Posted by: David Eedle | March 11, 2011 at 01:54 PM
Merci pour la tip :D
Posted by: Flopot | April 06, 2011 at 01:23 AM
Dear Sir,
Pls Help me how to open Port 5001, 5002,5003,5004 and 1443 in windows 2003 server.pls help as soon as possible
Thanks in advance
Posted by: Abhishek | May 31, 2011 at 02:56 PM
Hi Abhishek
With such a small number of ports, why not just open them individually via Windows Firewall?
David
Posted by: David Eedle | May 31, 2011 at 03:02 PM
Dear Sir,
we tried to add all the port numbers locally in the Server and Client computers still some of the ports are not opening. We added all the port number in the Windows fire wall – add port option. We are checking the port open condition by the below mentioned utility command
“ Telnet ”
– please suggest whether this is the correct procedure or not.
Thanks,
Abhishek
Posted by: Abhishek | May 31, 2011 at 03:18 PM
Hi Abhishek
It's a bit hard to be of assistance because I don't know what you are trying to achieve, and what your set up is.
If you have added the ports correctly via Windows Firewall then they should be open.
I would suggest you start by disabling Windows Firewall service - which will mean all ports are open - and try that. If that works then maybe something is wrong with the way you added the ports to Windows Firewall. Make sure you configured the scope correctly for example - I don't know if you are trying to make a connection to the server from outside your network, or internally, for example.
If you are trying to access the server from the internet, then are you sure there is no other firewall in operation? For example many hosting providers have firewalls in place and you might need to ask them to open the ports for you.
I'm sorry, but without more detailed information about your particular circumstances it is difficult to comment.
My script on this blog post is simply a quick way to deal with the problem of Windows Firewall only adding one port at a time. The script is not doing anything you cannot do in Windows Firewall - other than offering the convenience of being able to open a group of ports with a single command.
Kind regards...David
Posted by: David Eedle | May 31, 2011 at 03:31 PM