Windows Server firewall not accepting forwarded ports

Jesper Westerberg 21 Reputation points
2022-03-27T15:46:02.54+00:00

Hello,

I am running Windows Server 2022 and am trying to forward ports to a couple of Hyper-V VM's. Virtualization and Windows Server-specific operations is largely new to me so I hope I'm not asking too dumb questions here.
Forwarding ports is however not a new operation for me; this has been done successfully many a time before in my home router towards a NAS, laptop clients and other devices. All have worked well and I am certain things are in order on the router side.

As a test, I tried forwarding port 9999 to a VM and checked with port checker tools such as canyouseeme.org and portchecker.co - both say the port was closed.
I then changed the forwarding rule to the Windows Server host instead, for which I also applied a rule for all profiles to allow connections on port 9999 specifically.
The server has 2 NIC's - one for OS management and another dedicated to the Hyper-V vSwitch. For the remainder of this port, the ports mentioned are forwarded to the management NIC on the server.

Rule Name: Test 9999
----------------------------------------------------------------------
Enabled: Yes
Direction: In
Profiles: Domain,Private,Public
Grouping:
LocalIP: Any
RemoteIP: Any
Protocol: TCP
LocalPort: 9999
RemotePort: Any
Edge traversal: Yes
Action: Allow

Rule Name: Test 9999
----------------------------------------------------------------------
Enabled: Yes
Direction: In
Profiles: Domain,Private,Public
Grouping:
LocalIP: Any
RemoteIP: Any
Protocol: UDP
LocalPort: 9999
RemotePort: Any
Edge traversal: Yes
Action: Allow
Ok.

The port remains closed with the port checker tools. I turned on the Windows Firewall logs to both ALLOW and DENY events, for all profiles, trying to find my port 9999 test and see whether there's some other rule blocking the connection attempt, in which there was nothing registered for port 9999 at all, unless I'm reading it wrong.
I installed Wireshark to try and make sense of whether a connection actually gets through. I set up the filter for port 9999 and another random port, 55020 (not forwarded to server), and tested both. Wireshark only detected network activity for port 9999, so my conclusion is that the forwarding works but is then blocked by something else.

I tried setting the policies for all firewall profiles to accept all incoming connections regardless of rules, port still closed.
I even tried turning the firewall off for all profiles, and the port still remains closed. I am pulling my hair trying to find out where to look now. Can you direct me to where I can keep looking or something I may have missed? Could it have something to do with my double NIC's?
Many thanks!

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,212 questions
Hyper-V
Hyper-V
A Windows technology providing a hypervisor-based virtualization solution enabling customers to consolidate workloads onto a single server.
2,733 questions
0 comments No comments
{count} votes

Accepted answer
  1. Anonymous
    2022-03-27T16:06:42.477+00:00

    As a test, I tried forwarding port 9999 to a VM and checked with port checker tools such as canyouseeme.org and portchecker.co - both say the port was closed.

    These tools try to connect to a process running that's listening on the given port. Is anything listening? From cmd.exe
    netstat -aon
    to check this.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.