I'm trying to open port 8080 on an Azure VM so that I can access SSAS through Power BI from my local computer. I have added an inbound rule to the network security group on azure portal as per https://learn.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal and I've also added an inbound rule on the firewall of the VM itself.
However, when I go to canyouseeme.org it can't see port 8080.
Any ideas what I'm doing wrong?
You also have to make sure that the firewall running on the virtual machine itself is disabled, or allows the specific ports you are interested in.
See here:
https://wiki.u-gov.it/confluence/display/SCAIUS/How+to+disable+firewall+inside+a+linux+virtual+machine
According to your description, I suggest you could check as the following steps:
1.Check Azure VM NSG, port 8080 should be open.
Note: The link you provided is open port on Vnet subnet, You also need open port on VM's nic.
2.Open port on your VM's Windows Firewall.
3.Port 8080 should be listening on your VM. You could use netstat -ant|findstr 8080 to check it. If it is not listening, maybe you need check your configuration. This link maybe helpful.
Note: The port should listen on 0.0.0.0. If it is listening on 127.0.0.1, it only could access inside VM.
1)Go to VM & open desired port in local firewall setting
Control Panel\System and Security\Windows Defender Firewall
click link -Advanced settings->Inbound rules ->New Rules
select Port option and add your desired port
2)Also On azure, In VM networking, whitelist the port
3 ) netstat -ant|findstr
Above steps worked for me.
The solution was to redeploy the VM after opening the ports on the Azure portal.
Related
I am unable to access an azure Ubuntu VM's web app on port 8080. The VM is linked to a Virtual Network, where the network security group has inbount rules configured for 8080, and the ubuntu firewall has been disabled(ufw).
Here are the details:
The VM :
The allowed rules for port 8080 in the network security group :
The firewall has been disabled on the vm :
Any request to http://publicipaddress:8080/service does not work :
Please advise what else is required to make it work.
The request however works if an inbound rule of allow-all (*) is added instead of a particular port (8080), which defeats the purpose of security.
Thanks, Cheers
-Gary
From your description, here are some possible reasons:
Your application or service is not listening on the correct port 8080 for Foreign Address 0.0.0.0:*. You could try to run the command sudo netstat -alpn | grep LISTEN on the Azure VM to validate it. If not, you could find what's real IP of the application consumed.
Your Azure VM is associated with some other NSGs. You could check if there is an extra subnet level or network interface level from virtual machine --- networking.
Try to remove the custom Outbound security rules in your NSG.
Let me know if you need further help.
Thanks Nancy,
The output of the netstat command is :
It appears that the port 8080 is listening to all addresses (but maybe on IPv6?)
The VM and the NSG are part of the same group :
the resource group:
Did remove the outgoing rules, but it still does'nt work :(.
Not sure what else am i missing.
It was my mistake of wrongly configuring the nsg ingress to match the port number (eg : 8080) instead of matching the source port to *.
The protocol - source and destination host:port combination where therefore wrongly setup.
It all works now after correcting it.
I have an azure pc in Windows server 2008 r2. The fire wall is off. I have defined html, opened port 80 and evneport8080. I have defined a end point too
but when I do psping ipaddress:80 the remote computer refused the network connection. But if I try to psping ipaddress:3389 it seems to work, but not any new port I have created.
What is this msg, and will it impact my connectivity?
You will need to add an NSG rule to allow TCP traffic on port 80.
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal
By default, an NSG rule is added to allow only port 3389.
According to your description, we should check your web service is running or not, we can use netstat -ant to check it.
Update:
Does your VM create in Azure classic module?
if yes, we should add endpoints to your Azure VM via azure portal, like this:
More information about add endpoints, please refer to this link.
Also we can add endpoints in Azure classic portal:
I know that ping'ing into Azure VMs is disabled. The following page shows how to use Sysinternals' PsPing to do a TCP-based ping:
https://blogs.msdn.microsoft.com/mast/2014/06/22/use-port-pings-instead-of-icmp-to-test-azure-vm-connectivity/
Unfortunately, I cannot get PsPing to work from my premises to the Azure VM I have. I created an inbound rule in the Network Security Group through the Azure portal:
My Azure VM is a Windows 2012 Datacenter server. I added the following rule to its firewall:
Nevertheless, I can't get PsPing to work when targeting port 80. Incidentally, PsPing to port 3389 (the RDP port) works.
What else should I try?
You should check whether your port is listening. According to your description, it seems that port 80 is not listening on your VM. You could use the following command to check.
netstat -ant|findstr 80
Please ensure the port 80 is listening on tcp, the result should be like below:
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING InHost
Also, you should check your NSG. NSG could be associated to a subnet or a VM nic.
I've changed RDP port to 8080 in registry on my Azure Virtual Machine (Windows Server). Now it is not accessible from outside, I cant connect it.
Azure VM is managed by Resource Manager (not Classic VM).
UPDATE:
Turning secuiruty rules so allow all not helped.
I've changed RDP port to 8080 in registry on my Azure Virtual Machine
(Windows Server)
We can use CustomScriptextension to check if RDP listening on port 8080.
netstat -ant | findstr "8080"
If your port not listening on Port 8080, we may need to restart RDP service.
If RDP listening on port 8080, we can use CustomScriptextension to disable windows firewall.
netsh advfirewall set allprofiles state off
About Extension, we create a ps1 file with the command, and upload it via Azure portal.
Azure has to know to allow traffic through to your VM. By default, on a Windows VM, only RDP is open. But you (for some reason) changed the RDP port in Windows Server. You need to do this with the network interface as well, via the VM settings (which has nothing to do with Windows itself):
Via Settings, go to Network Interfaces
Select your network interface and go to Network Security Group
From network security group, add an inbound rule for port 8080 (or modify the existing RDP rule to be port 8080).
It used to be possible to change your RDP port in Classic portal using endpoints. but in RM portal you cannot change your RDP port.
If you are trying to secure your box or by pass the security firewall to connect to your box, I recommend using Azure Load Balancer NAT rules, you can create a NAT rule to translate a custom port to 3389, and then you can only allow connectivity from LB to your VM, this a trick I use when I want to by pass the corporate's firewall, for example port 443.
Make sure you attach the LB to your VM from the NAT rule section
To access any port from public ip client -
Enable port in Azure firewall (if installed)
Enable Port in Network Security Group (add inbound rule) rule like 8080 -> 8080 or rule like 80 -> 8080
Enable Port in Windows Firewall of VM (on azure) -- most important if port is other than 80 and 443. - e.g. 8080, 8090 etc..
I set a new port by Add EndPoints option but it does not open that specific port on azure virtual machine.... i checked using following link
can any one tell me how to resolve this issue?
http://postimg.org/image/wb5rid6ib/
TCPSockets endpoint is not open on my virtual machine
Add-AzureEndpoint opens a port at the Azure firewall not your at your VM's side. That means after opening the port in Azure, you have to open the port at your VM's individual firewall, too. Depending on your operating system that could be done differently. E.g. in Windows Server you would configure the Windows Firewall.
More precisely, Add-AzureEndpoint create a port forwarding rule from the specified public port to the private port you have specified for your VM.