windows server 2022 RRAS port limit

Question

i install windows server 2022 as main router,only enable RRAS NAT ,DHCP and DNS. now i can access to internet , nat type is fullcone , but port is like are limit to 61000+. how to open port? i try firewall open all port is not work.


Answer 1

Hello,

Thank you for posting in Microsoft Community forum.

RRAS (Routing and Remote Access Service) in NAT mode. You find that the port range seems limited to a high range above 61000.

Here are some solutions to help you open additional ports:

1. Check the NAT configuration:

The full cone NAT type should allow outbound connections and may require opening specific ports for incoming connections. Check if you have enabled specific port forwarding or port range mapping under the RRAS settings.

You may need to manually configure port forwarding for specific applications. Go to RRAS -> NAT -> Port Range Forwarding and ensure that the ports you need are correctly mapped.

1. Firewall Configuration:

If your firewall is still blocking certain ports even after allowing all ports, ensure that the firewall is not applying any rules that could override your open ports. Double-check the Inbound Rules and Outbound Rules in the firewall.

1. Port Limitations in the NAT Pool:

RRAS NAT uses a limited set of ports for its pool. If the available ports in its default configuration are exhausted, you can extend the port range:

1. Open RRAS -> NAT -> Properties -> Port Range, and adjust the range if possible.
2. Modify Port Limits in RRAS:

You may also want to change the default port pool settings:

1. Open RRAS, right-click on your NAT device, and select Properties.
2. Under Port Allocation, you can modify the starting and ending port range to increase the available ports for NAT.
3. Check Network Adapter Settings:

From the images you uploaded, the NAT setup appears to be correctly assigning public IP addresses. Ensure that the adapter settings are not limiting the available ports.

If these steps do not resolve the issue, a deeper review of your RRAS settings and potential restrictions in your network hardware may be necessary.

Answer 2

in RRAS no any port range setting

Answer 3

It seems that you are not seeing any port range settings in the RRAS (Routing and Remote Access Service) configuration. By default, RRAS does not expose a direct option to configure a port range for NAT in the GUI, but there are a few things you can try:

1. Adjusting Port Range in RRAS via Registry:

You may be able to modify the port range for NAT by editing the Windows registry. To do this, follow these steps:

• Open the Registry Editor (Press Windows + R, type regedit, and hit Enter).
• Navigate to:
• HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
• Right-click on the right pane, select New, and then choose DWORD (32-bit) Value.
• Name the new DWORD as MaxUserPort.
• Set the value to a higher number to extend the port range (for example, 65534 to allow a larger range).
• Restart the server to apply the changes.

Important: Editing the registry can affect your system configuration, so make sure to back up your registry before making any changes.

2. Check Port Forwarding Configuration:

In RRAS, you may still want to ensure that port forwarding is correctly configured for specific applications that need to be accessible externally. This ensures the correct ports are mapped from the public IP to the internal IP of the server.

• Open the RRAS Management Console.
• Navigate to NAT and right-click on the NAT device (public interface).
• Choose Properties and check if any port forwarding options are configured or available to open specific ports manually for applications or services you need.

3. Consider Using Windows Firewall Rules:

In addition to RRAS, you may also need to adjust the Windows Firewall to allow more ports for inbound and outbound traffic:

• Open Windows Defender Firewall with Advanced Security.
• Under Inbound Rules and Outbound Rules, you can create new rules to open specific ports for your applications.

4. Alternative Solutions for Port Limitation:

If none of these solutions resolve the issue, consider whether the public IP range provided by your ISP might be causing the limitation in port forwarding. In some cases, ISPs may limit port ranges for NAT traffic, which would require contacting them for further support.

If you need more detailed guidance on any of these steps, feel free to ask!