Up until two weeks ago I'd been happily connecting to a virtual machine hosted in the Azure cloud over SSH. All of a sudden, the connection could not be established anymore, the SSH always times out. The tricky part is that it only happens from a computer that is in a certain firm's lan (one public IP). Every other internet access connection works fine and I'm able to connect to the virtual machine successfully. My IT support tells me that they can see the packets leaving our network and the firewall is not blocking the connection - I can't see any failed login attempts in the SSH log on the server. The IT suggests the Azure may be blocking our IP for the SSH connection (other ports work fine btw). My question is - is such a thing even real? Can Azure block the IP without the user knowing about it? Is there some kind of IP blacklist I could edit?
Thanks!
The only place where Your IP could be cutted-off is ACL on SSH endpoint. Go to management portal and check if You have any ACLs on SSH endpoint. Maybe You misconfigured some?
Related
I want to connect to a vm in the Azure cloud from home i.e. without a fixed IP. I have added the two security rules for network interface and NSG respectively to accept inbound connections on the ssh port 22 using the ipv4 address given by showip.net. This doesn't work and I get a connection time-out - I tried out ipv6 address as well. If I do the very same thing for another server (outside Azure), the very same procedure works. The native ip address for both my home computer and the virtual machine I use as alternative are IPv6.
So the question is - does my connection from home fail, because there is some sort of reverse lookup failing or what could be the other causes?
Thanks!
It sounds like most likely the issue is some weird NATing of your ISP - especially when IPv6 comes into play, it can often be a bit hard to find the actual external IP address that your requests are coming from. You can try different sites like whatsmyip.com etc to see if you find another one that you can add.
Apart from that, there are various things you could try:
Use SSH from the Azure Cloud Shell (https://shell.azure.com)
Use Azure Bastion to have a jump host in the same VNET
Use a point-to-site VPN from your PC into your VNET
i'm using the portal : https://portal.azure.com, and log in with your Azure account.
I made 2 VM one Windows and other Linux.
But when i want to open them with RDP (win2016) and SSH (linux) with the Key Public/Private made correctly (puttyGen, Putty) i can't run them.
What i have to understand.
I'm connected on public wireless (SSID MacDonald or SSID Airport), my VM IP are founded with :
Get-AzNetworkInterfaceIpConfig
i set a Static IP from the Configuration NetWorking of my VM (Linux and Windows).
But what i can do to resolde this issue that i can't connect on my VM, with RDP or SSH ?
thank you
I think more info will be needed for someone to be helpful here.
first wall, what error message did you get when you try to connect using RDP or SSH?
did you allow RDP or SSH port when you create these VMs? These can be checked in VM settings page on the Azure portal. below is a screenshot of my Linux VM, for your reference:
update:
I'm not allowed to comment at the moment, so I'm posting my response to the additional info here.
if you're able to connect to the VMs using another connection, it means things work as expected on these VMs. Most likely the wireless connection you mentioned blocks outgoing RDP or SSH traffic. check with its admin on that.
I deployed a testing website on my host and want to access from VM.
I setup a network connection and both are connected to a home group.
I can share files form one to another using share folder.
I assigned IP to my website so that I may be able to access using its IP.
When I brows at local using IP. it run perfect.
But when I brows from VM. It gives me error This site can't be reached.
in your VM environment, you need to check networking configurations and permissions.
could be a lot of things, if you could add a picture it would be easier to tell you. if you can't, see if your connection is bridged or not.
also, a good thing to check is that your router has an open port for your VM and allows another connection inside your subnet.
The problem is solved. I dig out and taken 3 steps. and my issue is solved.
I Turn off my windows firewall on host.
Authentications:
i) In IIS I click on Authentication.
ii) Anonymous Authentications Enabled.
IP Address and Domain Restrictions:
In IIS Click on IP Address and Domain Restrictions and Add IP address of VM or
any PC
from where I want to access.
and now it worked.
I have a newly installed MikroTik switch, and have successfully configured it for VPN traffic. However, behind the switch is a Linux server to which I am unable to connect via PuTTY. I can see the server and its IP address in Winbox->IP->DHCP Server->Leases, but as I say, I can't connect from within the VPN. I've made several attempts to add a rule to the firewall that would permit access and I've even gone so far as to uncheck the firewall router box in Quick Set, but no matter what I've tried, it always times out. To be clear, I'd like the server to be visible to all machines connected to the switch - both via ethernet and via pp2p.
I've been googling for hours, and I'm completely new to network engineering, so any help would be greatly appreciated.
I think the problem may be due to NAT and your VPN IP Subnet. I have my VPN users in 192.168.4.0/24 the main subnet is 192.168.0.0/22. In Winbox got to IP>Firewall then in the NAT tab make sure you have a masquerade action on your VPN subnet. I think the VPN quick set adds one but if your using different subnets it gets confused. See the image for what I have set for my VPN users to access servers and resources on the main network.
I've setup Azure point to site and I'm able to connect from my computer to an Azure VM (file share). I'm also able to ping my computer IP address from the Azure VM. However, I'm not able to connect to any resource on my local computer. When trying to access a file share on my computer from the Azure VM I get the following error:
file and print sharing resource (169.254.108.240) is online but isn't responding to connection attempts.
The remote computer isn’t responding to connections on port 445, possibly due to firewall or security policy settings, or because it might be temporarily unavailable. Windows couldn’t find any problems with the firewall on your computer.
Port 445 is enabled on my local computer:
netsh firewall set portopening TCP 445 ENABLE
As an additional test If I issue a \169.254.108.240 from my local computer point to itself it works fine. The same try from the Azure VM gives me the error above.
Thanks,
Your IP address (169.254.*) is a non-routable address. You'll need to get a valid IP (say with DHCP, or set manually) and allow connections to your machine. If you have a firewall, this means adding a NAT rule to it.
If possible, try making the connection from another computer on your LAN to isolate any other firewall/Azure issues.
I think you have to consider several concepts while implementing azure network, first try to put point to site network on a different range of IPs (like 10.4.0.0) then try to disable firewall on your computer and try again, if you have proper routing device it should go through and get the feedback form the local machine.