I've installed a Windows 2012 R2 VM (free tier) and enabled all ports for external communication (including port 80).
I logged in to my VM and installed nginx webserver (I've also tried to python development server).
I can access the website internally on the VM (using 127.0.0.1 or the internal address of the server 10.1....) but when trying to access it from outside, using the external IP address (which is also the IP address I used in order to login to my server using RDP) I get no response.
Can you please help me understand what I'm doing wrong?
Thanks!
As #evilSnobu points out from his comments, the short answer is to allow the TCP port 80 in the windows firewall on windows VM itself.
Usually, we could login to that Windows VM and run the CMD command netsh advfirewall set allprofiles state off to disable the windows firewall temporarily. Then we can use telnet tool to check if TCP 80 port can be connected.
When we face the same issue no response outside of Azure VM. we can try one or more of the followings:
There is an NSG at the subnet level or NIC level as well which is not allowing data through.
There is a firewall on the VM itself (windows firewall etc.)
There is nothing listening on that port. It should be listening on 0.0.0.0 instead of 127.0.0.1 when you use netstat -ano in the windows CMD.
The service is not staring when you verify the port listening.
Outbound traffic with a specific port is denied from your local machines.
Hope this helps.
Related
I'm trying to open port 8080 on an Azure VM so that I can access SSAS through Power BI from my local computer. I have added an inbound rule to the network security group on azure portal as per https://learn.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal and I've also added an inbound rule on the firewall of the VM itself.
However, when I go to canyouseeme.org it can't see port 8080.
Any ideas what I'm doing wrong?
You also have to make sure that the firewall running on the virtual machine itself is disabled, or allows the specific ports you are interested in.
See here:
https://wiki.u-gov.it/confluence/display/SCAIUS/How+to+disable+firewall+inside+a+linux+virtual+machine
According to your description, I suggest you could check as the following steps:
1.Check Azure VM NSG, port 8080 should be open.
Note: The link you provided is open port on Vnet subnet, You also need open port on VM's nic.
2.Open port on your VM's Windows Firewall.
3.Port 8080 should be listening on your VM. You could use netstat -ant|findstr 8080 to check it. If it is not listening, maybe you need check your configuration. This link maybe helpful.
Note: The port should listen on 0.0.0.0. If it is listening on 127.0.0.1, it only could access inside VM.
1)Go to VM & open desired port in local firewall setting
Control Panel\System and Security\Windows Defender Firewall
click link -Advanced settings->Inbound rules ->New Rules
select Port option and add your desired port
2)Also On azure, In VM networking, whitelist the port
3 ) netstat -ant|findstr
Above steps worked for me.
The solution was to redeploy the VM after opening the ports on the Azure portal.
I've setup an Ubuntu Server on Azure. On this server, an application is running on port 3000. I want to access this application external. Azure tells me my server has public ip 40.68.XXX.XXX.
When I ping this IP, there is no response, despite ssh works when connecting to this IP-address.
I want to access 40.68.XXX.XXX:3000 external, does somebody know how to get this work?
Yes, you need to open up a port on the Network Security Group (NSG) and open up the port on your firewall (on the VM itself).
Easiest way to open the port is using the portal:
https://learn.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-nsg-quickstart-portal
I've changed RDP port to 8080 in registry on my Azure Virtual Machine (Windows Server). Now it is not accessible from outside, I cant connect it.
Azure VM is managed by Resource Manager (not Classic VM).
UPDATE:
Turning secuiruty rules so allow all not helped.
I've changed RDP port to 8080 in registry on my Azure Virtual Machine
(Windows Server)
We can use CustomScriptextension to check if RDP listening on port 8080.
netstat -ant | findstr "8080"
If your port not listening on Port 8080, we may need to restart RDP service.
If RDP listening on port 8080, we can use CustomScriptextension to disable windows firewall.
netsh advfirewall set allprofiles state off
About Extension, we create a ps1 file with the command, and upload it via Azure portal.
Azure has to know to allow traffic through to your VM. By default, on a Windows VM, only RDP is open. But you (for some reason) changed the RDP port in Windows Server. You need to do this with the network interface as well, via the VM settings (which has nothing to do with Windows itself):
Via Settings, go to Network Interfaces
Select your network interface and go to Network Security Group
From network security group, add an inbound rule for port 8080 (or modify the existing RDP rule to be port 8080).
It used to be possible to change your RDP port in Classic portal using endpoints. but in RM portal you cannot change your RDP port.
If you are trying to secure your box or by pass the security firewall to connect to your box, I recommend using Azure Load Balancer NAT rules, you can create a NAT rule to translate a custom port to 3389, and then you can only allow connectivity from LB to your VM, this a trick I use when I want to by pass the corporate's firewall, for example port 443.
Make sure you attach the LB to your VM from the NAT rule section
To access any port from public ip client -
Enable port in Azure firewall (if installed)
Enable Port in Network Security Group (add inbound rule) rule like 8080 -> 8080 or rule like 80 -> 8080
Enable Port in Windows Firewall of VM (on azure) -- most important if port is other than 80 and 443. - e.g. 8080, 8090 etc..
I have a Windows Server 2012 virtual machine provisioned on Azure. I installed Neo4j server on this virtual machine and I'm accessing the Neo4j browser on localhost:7474.
However I cannot access the browser outside using my virtual machine's public IP e.g <machineIP:7474>
Here's what I have done so far:
In the Azure portal, I added inbound rules for the NSG to allow http and https ports 80 and 443 (I have done the same on a Linux virtual machine also hosted in Azure and I can access the browser just fine)
I also added an inbound rule in Windows Firewall to allow Port 80 and 443 as well
What possibly blocks me from accessing the virtual machine's IP from the outside?
You have to add TCP port 7474 to the firewall in the Azure portal:
change your neo4j-server.properties
set
org.neo4j.server.webserver.address=0.0.0.0
To remotely access Neo4j installed on a Windows VM in Azure, these are the changes you'll need to make:
In the Azure portal, add TCP port 7474 to the Endpoints of your Windows VM
On your Windows VM, in the Windows Firewall Advances Security, add a new Inbound Rule for port 7474
Change the conf/neo4j.conf and uncomment this line:
org.neo4j.server.webserver.address=0.0.0.0
Note: In case you also want full access to Neo4j's browse interface including Bolt, then also add port 7687 both in the Azure Endpoints and the Windows Firewall.
I am using Azure Virtual Machine (Windows Server 2008 R2 image) provided from the gallery and created Public port and private port using the portal. I did remote log in to VM and I run a TCP server application inside VM (TCP server binds to the private port of the VM). Problem I face is that I can not connect it through the public IP and port (from external machine). I have created a inbound rule in VM's Firewall, where I enable connection to the Private port of VM. I tried recreating the VM, also the new ports. Still problem persists. One more thing I observed is that my TCP Client is able to connect to RemoteDesktop port of the VM also the PowerShell port. But does not connect to the port that I created through the portal. Pls suggest what can be wrong?
Note: I also observed some weird behavior. I enabled all ports for my TCP Server app in Inbound rule of firewall and found that some unknown IP (was similar to azure internal IP) is connecting to my server. Why it is happening?
I would like to understand as to how you are trying to connect with the Virtual Machine, using RDP or trying to test the connectivity, for example, using Port Ping.
Endpoints for RDP and Powershell are configured by default. So if you are trying to connect using Remote Desktop, you can directly connect to the VM using MSTSC from Run and provide the IP of the VM followed by the Port Number using the below format
xx.xx.xx.xx:3389
However if you would like to test the connectivity to the VM, I suggest you to use Port Ping instead of ICMP ping since ICMP traffic is blocked by the Azure load balancer and the ping requests timeout. While Ping.exe uses ICMP, other tools such as PsPing, Nmap, or Telnet allow you to test connectivity to a specific TCP port.
On the other hand, after creating the VM, you can add endpoints additionally as needed. You can also manage incoming traffic to the public port by configuring rules for the Network Access Control List (ACL) of the endpoint.
The private port is used internally by the virtual machine to listen for traffic on that endpoint.
The public port is used by the Azure load balancer to communicate with the virtual machine from
external resources. After you create an endpoint, you can use the network access control list
(ACL) to define rules that help isolate and control the incoming traffic on the public port. For
more information, see About Network Access Control Lists.