Azure resource manager windows VM accessing endpoints from internet not working - azure

I have installed mirthconnect on windows virtual machine in azure resource manager. I am able to access admin console with http://localhost:8080 .But same is not accessible from internet. I have added endpoints in network security.
Is there any other configuration I am missing here ?
I am able to RDP to the machine . I have tried with source as * and destination as * also . But still no luck.
I am not able to telnet also with the VM public IP and the given ports.

Connect to your Virtual Machine, Open the Firewall Advanced Settings and add an exception for the port 8080 as the EndPoint Configuration doesn't do that for you

Did you allow 8080/TCP from anywhere, for all profiles in Windows Firewall?
Is you daemon listening on 0.0.0.0 or just 127.0.0.1?
netstat -ban
should give you the answer there.
e.g.
[spoolsv.exe]
TCP 0.0.0.0:1540 0.0.0.0:0 LISTENING
[lsass.exe]
TCP 0.0.0.0:2179 0.0.0.0:0 LISTENING
[vmms.exe]
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
If you're only listening on localhost (127.0.0.1) you need to address the configuration of your daemon and then restart it.

Related

Connecting to host from inside a docker container on linux requires opening firewall port

Background: I'm trying to have XDebug connect to my IDE from within a docker container (my php app is running inside a container on my development machine). On my Macbook, it has no issue doing this. However, on linux, I discovered that from within the container, the port I was using (9000) was not visibile on the host gateway (Using sudo nmap -sT -p- 172.20.0.1 where 172.20.0.1 is my host gateway in docker).
I was able to fix this issue by opening port 9000 on my development machine (sudo ufw allow 9000/tcp). Once I did this, the container could see port 9000 on the host gateway.
My Question: Is this completely necessary? I don't love the idea of opening up a firewall port just so a docker container, running on my machine, can connect to it. Is there a more secure alternative to this?
From what you've told us, opening the port does sound necessary. If a firewall blocks a port, all traffic over that port is blocked and you won't be able to use the application on the container from the host machine.
What you can do to make this more secure is to specify a specific interface to open the port for as specified here:
ufw allow in on docker0 port 9000 proto tcp
Obviously replace docker0 with the docker interface on your machine. You can find this by looking at the output of ip address show or by following the steps here if the interface name is not obvious.

How to mount Azure File Share in an environment where port 445 is blocked

I'm trying to mount an Azure File Share in an environment where the Proxy settings block port 445 for the global IP address.
As shown in the figure below, port forwarding is done with Azure Virtual Matchine (Linux), connecting to localhost: 1445, and 445 communication to Azure File Share is possible.
However, the mount command cannot use any port other than 445.
I have set the netsh interface portproxy to forward communication on port 445 to localhost: 1445, but the port on 445 does not listen.
$ netsh interface portproxy add v4tov4 listenport = 445 listenaddr = xxx-storage.file.core.windows.net connectport = 1445 connectaddress = 127.0.0.1
$ netstat -ano | findstr: 445
How to mount Azure File Share in an environment where port 445 is blocked?
Also, File Sync cannot be used in my environment.
I have not tried this scenario but you might be able to accomplish this with SSH local port forwarding. The key is if your proxy is blocky localhost connections to port 445.
ssh -L 127.0.0.1:445:FILE_SHARE_URL:445 YOUR_LINUX_BOX_IP
Forwarding (AllowTcpForwarding) needs to be enabled on the Linux SSH server (the jump host).
Server-Side Configuration
I think you also will need to enable the Linux VM IP forwarding but I am not sure.
Since the software will be connecting to port 445 on localhost (127.0.0.1) most firewalls ignore that connection. Then the connection on port 445 is forwarded over SSH which the firewall cannot see. The Linux jump host then opens a connection to the FILE_SHARE_URL.
Local Forwarding

Azure VPS not opening any ports no matter what

I'm trying to open several ports on Azure. I have a single VPS with a single network security group with a single virtual network and subnet. Everything seems to be configured correctly, check images:
But trying to ping any port, for instance 8080:
nc -zv 52.166.131.228 8080
nc: connect to 52.166.131.228 port 8080 (tcp) failed: Connection refused
running desperate here, I've followed the guidelines to no avail https://learn.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-nsg-quickstart-portal ...any idea what I'm missing??
According to your error, I think you should check your service firstly. I don’t find 8080 is listening according to your output.
Please ensure port 8080 is listening, you could try to use telnet for test in your VM firstly.
telnet 127.0.0.1 8080
Notes: NSG could associate to VM and subnet.
Please refer to this article about how to manage NSG
I notice that your port 5432 is only listening on 127.0.0.1. I think you should check your configuration. If you want to access port 5432 with public IP, the port should listening on 0.0.0.0

Connecting to IIS website from another computer on the LAN - port not listening

I have website working fine on my local machine as host name hml.frontend in the hosts file: 127.0.0.1 hml.frontend
In IIS I have bindings as hml.frontend 127.0.0.1 and hml.frontend 192.168.1.94. The latter I used ipconfig to get my local ip address issued to me by my BT Home Hub 5 router.
In windows 10 firewall I have allowed App/Feature NetLogon service and World Wide Web services (HTTP).
In advanced settings in Inbound Rules I have added a rule which allow the connection from all sources to ports 80 and 443. Scope is any IP addresses.
On my macbook I have added the 192.168.1.94 as hml.frontend to the hosts file.
I can ping hml.frontend OK from the macbook.
However from a web browser the http://hml.frontend site cannot be reached from the macbook.
telnet 192.168.1.94 80 from the macbook says unable to connect to remote host.
Back on the PC I have done netstat -na to see which ports IIS is listening on and 127.0.0.1:80 is there and so is 192.168.1.94:139 and many more ports against that IP address but not port 80.
Any ideas what I can check to get my PC to listen for that website hostname on port 80?
I got it to work, I was on the right track that the IP address was not being listened to.
In order to add the ip address I have to be listened to, I went into cmd as adminstrator, did
netsh
http
show iplisten
'show' result shows that just 127.0.0.1 was being listened on port 80
add iplisten ipaddress=192.168.1.94
show iplisten
quit
'show' result shows that now additionally 192.168.1.94 is being listened on port 80
Then I went back in with
netstat -na
And now I see the line I want:
TCP 192.168.1.94:80 0.0.0.0:0 LISTENING
Some information was gained from this article.
http://windowsitpro.com/windows-server/solve-iis-listener-problems
The site is now reachable from my macbook using the hostname http://hml.frontend

telnet to azure vm port from outside

I want to telnet virtual machine on port 1234. I have server.exe running on vm which listens to port 1234.
When I run telnet within virtual machine cmd "telnet 127.0.0.1 1234" response is
"ok"
However when I run telnet from outside using "telnet publicIP 1234" response is
Connecting To publicIP...Could not open connection to the host, on
port 1234: Connect failed
I have added endpoints in azure portal and tried switching off the firewall from both virtual machine and my local machine.
Can anyone please suggest?
Two things to consider:
Make sure that your server.exe listens also the VM network adapter, but not only on 127.0.0.1
Make sure that your ISP( Internet Provider) does not block outgoing ports - very common issue.
To avoid (2) change the public port for the VM Endpoint to 80 and try with telnet publicIP 80
To make sure you comply with (1), while on the VM try telnet **localIP** 1234

Resources