Open docker to internet from azure Redhat server without IP forwarding - azure

I have 5 docker containers running inside Azure Redhat Server. If IP forwarding is enabled it works over the internet.
As a security issue need to disable IP forwarding.
Is there any solution like switching it from docker0 to eth0?

Related

deploy nginx on azure devtest lab vm

I am new to Azure and I allready have a problem, I am trying to deploy nginx on azure but nothing works !
I created my vm, opened port 22 to connect via ssh and port 80 for the nginx server.
Then I downloaded nginx with apt, I checked it was running but I can never get to the default home page. I tried using the public ip adress and the dns name.
Here is the network config
Any help would be welcomed.
I found the answer, for those of you that have their firewalls down like me, AND have load balancers direct the traffic to their VM, edit the inbound NAT rules of the load balancers, by adding ports and VM you want your traffic redirecting to, it worked for me.

Web server on Azure VM

I've installed a Windows 2012 R2 VM (free tier) and enabled all ports for external communication (including port 80).
I logged in to my VM and installed nginx webserver (I've also tried to python development server).
I can access the website internally on the VM (using 127.0.0.1 or the internal address of the server 10.1....) but when trying to access it from outside, using the external IP address (which is also the IP address I used in order to login to my server using RDP) I get no response.
Can you please help me understand what I'm doing wrong?
Thanks!
As #evilSnobu points out from his comments, the short answer is to allow the TCP port 80 in the windows firewall on windows VM itself.
Usually, we could login to that Windows VM and run the CMD command netsh advfirewall set allprofiles state off to disable the windows firewall temporarily. Then we can use telnet tool to check if TCP 80 port can be connected.
When we face the same issue no response outside of Azure VM. we can try one or more of the followings:
There is an NSG at the subnet level or NIC level as well which is not allowing data through.
There is a firewall on the VM itself (windows firewall etc.)
There is nothing listening on that port. It should be listening on 0.0.0.0 instead of 127.0.0.1 when you use netstat -ano in the windows CMD.
The service is not staring when you verify the port listening.
Outbound traffic with a specific port is denied from your local machines.
Hope this helps.

How to connect to docker on Azure VM?

I have installed a DIGITS docker on my Azure VM. I am trying to connect to this Docker using its IP Address from my local machine (outside the VM). I have not had any success in doing so. Is this even possible? If so, how?
I have the IP Address of the Docker from running docker inspect <container-ID> | grep IPAddress. Doing a curl on the obtained IPAddress with the specific port does not connect to the Docker.
As Chun-Yen Wang said, you should add the port exposed to Azure NSG.
For example, I expose docker on port 5000, add inbound rules via Azure portal like this:
After that you can use Azure VM's public IP address to access it, you can find your public IP address here:
curl http://52.168.28.103:5000
Hope that helps.
The docker containers on Azure VM can be accessed via the public IP address of the host VM, and the port exposed:
Public IP: there should be one when the VM is created.
Port: whatever ports the docker container exposes, they need to be opened for web traffic, just like Create a Linux virtual machine with the Azure portal, section "Open port 80 for web traffic".
Assuming your host/remote machine is running Linux - If you want to access the container (running on a remote server) directly from local machine you should first install SSH Server in the container and map the 22 port of container to a port on host. And then open that host port and protocol TCP (to let SSH) for inbound traffic on NSG in Azure portal (as told by Chun/Jason)

Cannot access Neo4j browser on a Windows Server

I have a Windows Server 2012 virtual machine provisioned on Azure. I installed Neo4j server on this virtual machine and I'm accessing the Neo4j browser on localhost:7474.
However I cannot access the browser outside using my virtual machine's public IP e.g <machineIP:7474>
Here's what I have done so far:
In the Azure portal, I added inbound rules for the NSG to allow http and https ports 80 and 443 (I have done the same on a Linux virtual machine also hosted in Azure and I can access the browser just fine)
I also added an inbound rule in Windows Firewall to allow Port 80 and 443 as well
What possibly blocks me from accessing the virtual machine's IP from the outside?
You have to add TCP port 7474 to the firewall in the Azure portal:
change your neo4j-server.properties
set
org.neo4j.server.webserver.address=0.0.0.0
To remotely access Neo4j installed on a Windows VM in Azure, these are the changes you'll need to make:
In the Azure portal, add TCP port 7474 to the Endpoints of your Windows VM
On your Windows VM, in the Windows Firewall Advances Security, add a new Inbound Rule for port 7474
Change the conf/neo4j.conf and uncomment this line:
org.neo4j.server.webserver.address=0.0.0.0
Note: In case you also want full access to Neo4j's browse interface including Bolt, then also add port 7687 both in the Azure Endpoints and the Windows Firewall.

How to connect to a webserver hosted on vmplayer guest os?

I am running a webserver (eg: tomcat7) in vmplayer guest, with NAT and I am able to view the webserver from guest using it's hostname:port but host browser is unable to connect to this webserver. Any idea? Is there any specific network configuration that needs to be done for host to connect to guest?
Note: I used ifconfig and got ip address from eth8, but ping request times out all the time.
VMWARE player network settings screenshot
Update
I also had to add entries in both machines hosts file for DNS
Change the network settings to use Bridged. That will connect to your router and get an IP off DHCP which your Host will be able to see. NAT is using your host address.

Resources