Unable to establish connectivity on a port after configuring proper rules - azure

I have a Linux VM on azure, which I can access using SSH without any issues. I needed access to another port(lets say 7077) from outside, and here is what i have done so far, but unable to establish connectivity
Created an inbound rule from the networking settings, it created the rule on the Network security Group attached to the network interface.
Added a new Network Security Group, attached it to the Subnet
If I do a netcat request on port 22, i get a successful connectivity, but for the port 7077 I get connection refused.
Also with IP flow verification passes for the port
Any pointer would be helpful.

You need to allow that same port in the firewall settings of the VM. The OS itself is what is refusing the connection suggesting you have not setup any firewall rules to allow that port.
Try adding a allow rule in the firewall settings and see if you can reach that port.
https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules
http://www.thegeekstuff.com/2011/02/iptables-add-rule/
Ubuntu 17.04
https://help.ubuntu.com/lts/serverguide/firewall.html

Related

Cannot connect to VM azure

Yesterday I was able to connect to VM. After i closed it, I was not able to connect anymore.
I am getting these errors:
Network connectivity blocked by security group rule: DefaultRule_DenyAllInBound
Error:
I am expecting a possible solution to this problem.
You have a rule in your network security group to allow RDP on TCP 3389, however, your test connection is for SSH on TCP 22. Which are you trying to connect by? RDP or SSH?
Either add a rule to allow SSH or change your test to use RDP.
Note also, it is not good practice to open your NSG to source ANY. If you have an source IP or range that you can specify, it would be hugely more secure.
To create a new rule, on the Networking blade of the VM (your second screenshot) click Add Inbound Port Rule and create a rule like this:

Accessing Service Running on Azure Windows Machine on Specific Port

I have an Azure Windows Virtual Machine where I have enabled the Inbound Rule Port 8080 under Network Security Group. However, when I try to check the connectivity from my Windows Machine to Azure VM it fails. I used the below command.
>telnet <public_ip_address_of_the_vm> 8080
Connecting To XX.XXX.XXX.XXX...Could not open connection to the host, on port 8080: Connect failed
Note: The VM is enabled with Public IP Address. How to further troubleshoot this issue?
The first thing to do is ensure the VM is running. Then, look at is the Effective Security Rules for the NIC in question.
If the VM has multiple NICs you need to look at the effective rules for each nic (they can be different).
To run a quick test to determine if traffic is allowed to or from a VM, use the IP flow verify capability of Azure Network Watcher. IP flow verify tells you if traffic is allowed or denied. If denied, IP flow verify tells you which security rule is denying the traffic.
If there are no security rules causing a VM's network connectivity to fail, the problem may be due to:
Firewall software running within the VM's operating system
Routes configured for virtual appliances or on-premises traffic. Internet traffic can be redirected to your on-premises network via forced-tunneling. If you force tunnel internet traffic to a virtual appliance, or on-premises, you may not be able to connect to the VM from the internet. To learn how to diagnose route problems that may impede the flow of traffic out of the VM, see Diagnose a virtual machine network traffic routing problem.
Full Troubleshooting Docs with step-by-step instructions.

Enabling port for tcp in Azure VM

I have created a Windows WCF Service and I want to host it inside Azure VM.
The service is locally running fine inside the VM, but when attempting to access the service outside of the VM, I cannot connect to the service at the specified port.
While requesting the service, I'm getting the following error:
SocketException (0x274d): No connection could be made because the target machine actively refused it...
Also, while pinging the VM through the command prompt with public ip, I'm getting Request timed out.
I have enabled the port for TCP in Azure inbound rules as well as in VM firewall inbound rules. The VM is Windows Server.
How can I access the service running in the VM from another system?
Any help is appreciated.
check application is running on the port you exposed
check windows level firewall allows traffic on that port from your destination
check NIC level NSG allows traffic on that port from your destination
check subnet level NSG allows traffic on that port from your destination
you might also have Azure Firewall\UDR\NVA in the networking setup, check those as well (this is highly unlikely if you are not running an enterprise grade setup).

Connection refused on custom port on Azure linux VM

I have a linux vm on Azure. I opened an inbound rule for port 20212 tcp and furthermore in created a rule in iptables to allow traffic to this port.
But when i do telnet 127.0.0.1 20212 i get a connection refused error and also when i do telnet SERVER-IP 20212 i get the same error. Is there any other step in need in opening a custom port on Azure VMs
There are 3 moving pieces to this puzzle:
Network Security Group allowing a port
Linux VM firewall allowing a port
Application that is running and listening on the port
It appears that you are missing the third one.

Not able to access application hosted on Linux VM on Azure cloud

I have created a CentOS 7.1 VM using Resource Manager deployment model.
I am not able to access the application using a browser on a machine connected to internet.
However I am able to access the application on same machine and other VM on same virtual network using private IP address.
I configured Network Security Group and allowed port 80 and 443 in Inbound Rules.
Well, it turned out that I needed to open ports under "Inbound Security Rules" and needed to open all in "Source Port Range". For doing so, i needed to put * there and in Destination port for https - 443 etc.
This * thing was the catch which i was missing in all the Inbound security rules for allowing the ports.

Resources