Be able to bind specific ports that I have always used.
Be able to specify which ports docker/hyperv exclude or use, and/or I expect that docker/hyper-v actually use the ports that it is excluding and that they show up in
netstat -ano as being used or listened on.
If I start a service that binds on port 50051 (it is a grpc service, and that is the traditional port used by grpc), it says:
listen tcp :50051: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
MinGW 12:11:50 ~$ docker run -p 50051:50051 hello-world C:\Program Files\Docker\Docker\Resources\bin\docker.exe: Error response from daemon: driver failed programming external connectivity on endpoint infallible_lehmann (906354afc8855cc38fc8ac3e9e5b0642c9470f48f99c48e188ed3c8cfe236c9e): Error starting userland proxy: Bind for 0.0.0.0:50051: unexpected error Permission denied.
I was extremely confused by this problem, because I was able to bind other ports, such as 8080 or 60000, yet it did not appear that 50051 was in use by anything on my system.
netstat -ano shows nothing using 50051.
Get-NetTCPConnection in powershell with admin privileges shows nothing using 50051.
Even if I disconnect from the internet and disable both windows firewall and my antivirus, and run everything as admin, I still get the errors.
After hours of google searching, I found a command that showed what happened to 50051:
PS C:\WINDOWS\system32> netsh interface ipv4 show excludedportrange protocol=tcp Protocol tcp Port Exclusion Ranges Start Port End Port ---------- -------- 49692 49791 49792 49891 49892 49991 49992 50091 50092 50191 50214 50313 50498 50597 * - Administered port exclusions.
It seems that 50051 is excluded (whatever that means?!), even though it isn't in use by anything.
After lots of trial and error, I discovered that Docker for Windows and Hyper-V are responsible for all of those excluded port ranges above.
It also seems like all those port ranges change or increase by 1 every time I reboot, so I suppose 450 reboots from now my problem will go away, maybe...
I have never had this problem, despite using docker for years now.
I run lots of containers and setups that other people at my company work on and rely on, so it is not feasible for me to be changing the ports around on them to work around this issue. (Other people use the kube templates and docker-compose, and some of them connect with other docker-compose networks, etc, and expect things on certain ports.)
When I try to delete that excluded port range, I get this, despite running the command as administrator:
PS C:\WINDOWS\system32> netsh interface ipv4 delete excludedportrange protocol=tcp startport=49992 numberofports=100 Access is denied.
I've submitted feedback via the Windows Feedback hub, upvote here: https://aka.ms/AA6z7h1