Skip to content

Instantly share code, notes, and snippets.

Last active October 24, 2021 01:06
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Opening IP Excluded Ports In Windows

I was having some real problems with CLI's not being able to open local ports to perform tasks that communicate with cloud services. In the current case, whenever I tried to authorize a Salesforce Org for use with the sfdx cli, I was getting an access permissions error:

$ sf login org -l Error: listen EACCES: permission denied at Server.setupListenHandle [as _listen2] (net.js:1303:21) at listenInCluster (net.js:1368:12) at GetAddrInfoReqWrap.doListen [as callback] (net.js:1505:7) at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:71:8) { code: 'EACCES', errno: -4092, syscall: 'listen', address: '', port: 1717 }

It turns out this is the local port used during OAuth transactions. I could have changed the port with variable in my sfdx-project.json file by adding:

"oauthLocalPort": "1771",

where the port would be some port not currently being used or reserved by an application. when I ran:

netsh int ip show excludedportrange protocol=tcp

There were several 100 port blocks being reserved by something. At first I thought it was WSL or Docker but those reserved ports tend to be above 50000.

Finally I found this:

When I stopped the winnat service (Windows Nat) all of those blocks of 100 excluded reports were removed from the list. So I:

net stop winnat netsh int ipv4 add excludedportrange protocol=tcp startport=1717 numberofports=1 net start winnat

Now when I run:

`# netsh interface ipv4 show excludedportrange protocol=tcp

Protocol tcp Port Exclusion Ranges

Start Port End Port

    80          80
  1717        1717     *
  5357        5357
  5700        5700
  8884        8884
 50000       50059     *
    • Administered port exclusions.`

This will keep this port from being blocked by winnat and other apps that preemptively reserve ports by excluding them.

Also see this rather good article on Salesforce Stack Exchange:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment