I'm starting to use the cloud service of Microsoft Azure and I have a question about Virtual Networks.
I created a virtual network, without dns server, and allocate two virtual machines in this virtual network.
So I ran one service in my virtual machine that have a web interface on port 4040.
But I can't access this port from my local machine, like:
public_ip:4040
or
internal_ip: 4040
I added an endpoint to port 4040 in this machine in my manage portal and the result is the same.
Can anyone suggest something to try?
This kind of operation is possible?
Congratulations on flagging-off your Azure Journey!
I assume these are windows servers that you have them deployed. I have elaborated some of the troubleshooting that you can do:
You would have an NSG attached to the VM NIC/Subnet. Kindly proceed to create an inbound rule to Allow 4040 from your specific public IP from where you are trying to access the VM.
Now, do a nestat -ano | Findstr 4040 from your cmd and see if it's listening
Should you have them both, now turnoff your windows firewall from all profiles
After which, you can take a network capture using easy to go tools such as Wireshark/network monitor on the VM's or if you are using a Linux VM. Simple TCPdump.
While you are collecting captures, keep in mind to initiate traffic from your client IP to the respective Public IP:4040
Narrow down the issue:
- If the packets are incoming with destination port 4040. No issues with Azure
- If the 4040 is not listening, the service needs to listen on that port
- Put the firewall back on and see if the TCP packets are still coming on 4040
- If none of this works, it's highly unlikely for that port to be used. So, you can give
it a restart and check the same.
But, I highly recommend network captures with continuous TCP ping on to the port 4040.
I hope this helps. Should you have any difficulty with network captures use the links below:
https://blogs.msdn.microsoft.com/lucascan/2007/08/15/using-microsoft-network-monitor-netmon-to-capture-a-network-trace/
Psping: https://learn.microsoft.com/en-us/sysinternals/downloads/psping
http://www.azurespeed.com/Azure/PsPing
If there is a firewall between your machine and the azure cloud you need to have opened the port 4040 for your machine.
Related
So I'm using an Azure VM that has a public IP address, and I've opened an inbound port, let's say it's 5555.
What I'm trying to do now is to run an application on the VM that has an API via localhost, also with the port 5555. I'm calling it then with public_ip:5555/api/...
Since I was not able to connect to the application from outside, is there something missing here? Most tutorials and resources I've found just mentioned opening the port.
Thanks.
Take a look at Azure's IP Flow Verify utility, which will check your NSG rules to ensure traffic can reach your VM. https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
If traffic is reaching your VM, check your host firewall and then your application server logs.
I have created a Windows WCF Service and I want to host it inside Azure VM.
The service is locally running fine inside the VM, but when attempting to access the service outside of the VM, I cannot connect to the service at the specified port.
While requesting the service, I'm getting the following error:
SocketException (0x274d): No connection could be made because the target machine actively refused it...
Also, while pinging the VM through the command prompt with public ip, I'm getting Request timed out.
I have enabled the port for TCP in Azure inbound rules as well as in VM firewall inbound rules. The VM is Windows Server.
How can I access the service running in the VM from another system?
Any help is appreciated.
check application is running on the port you exposed
check windows level firewall allows traffic on that port from your destination
check NIC level NSG allows traffic on that port from your destination
check subnet level NSG allows traffic on that port from your destination
you might also have Azure Firewall\UDR\NVA in the networking setup, check those as well (this is highly unlikely if you are not running an enterprise grade setup).
I prepared two virtual machines with Windows Server 2012. I want allow them to communicate with each other: I opened port and disabled firewall on both machines, but when I try to ping one VM from another one using private or public IP address and when I am using telnet, I have problem with timeout. Both are in same virtual network. What else should I do?
By default, VMs in the same VNet could communicate with each other with any port and any protocol in the NSG unless you have added some inbound or outbound port rules with high priority. Also some rules in windows firewall blocks on the VMs.
In this case, you could check if the app or service is started and the port is listening for 0.0.0.0.
I've been experimenting with a containerised app that listens for and processes TCP traffic on a specified port.
To make this work on my own physical machine that was acting as the host I had to setup port forwarding from it to the container.
I've since deployed the dockerized app to an Azure Container Instance, which runs as expected and starts listening on own IP address and the specified port BUT I can't find a way to setup port forwarding so that traffic sent to the public IP address assigned to the container group can get to the app, is this possible?
This article on container groups seems to suggest it is but doesn't seem to say how
Official answer from Microsoft Support (posting here in case anyone has the same question)
Unfortunately Port forwarding is not supported in ACI yet and it’s in roadmap.
UPDATE
It looks like this answer from support is wrong. Ports specified when creating the container group are automatically published so containers with exposed ports can receive traffic from the outside, the issue I was having was with a problem with my code.
I am using Azure Virtual Machine (Windows Server 2008 R2 image) provided from the gallery and created Public port and private port using the portal. I did remote log in to VM and I run a TCP server application inside VM (TCP server binds to the private port of the VM). Problem I face is that I can not connect it through the public IP and port (from external machine). I have created a inbound rule in VM's Firewall, where I enable connection to the Private port of VM. I tried recreating the VM, also the new ports. Still problem persists. One more thing I observed is that my TCP Client is able to connect to RemoteDesktop port of the VM also the PowerShell port. But does not connect to the port that I created through the portal. Pls suggest what can be wrong?
Note: I also observed some weird behavior. I enabled all ports for my TCP Server app in Inbound rule of firewall and found that some unknown IP (was similar to azure internal IP) is connecting to my server. Why it is happening?
I would like to understand as to how you are trying to connect with the Virtual Machine, using RDP or trying to test the connectivity, for example, using Port Ping.
Endpoints for RDP and Powershell are configured by default. So if you are trying to connect using Remote Desktop, you can directly connect to the VM using MSTSC from Run and provide the IP of the VM followed by the Port Number using the below format
xx.xx.xx.xx:3389
However if you would like to test the connectivity to the VM, I suggest you to use Port Ping instead of ICMP ping since ICMP traffic is blocked by the Azure load balancer and the ping requests timeout. While Ping.exe uses ICMP, other tools such as PsPing, Nmap, or Telnet allow you to test connectivity to a specific TCP port.
On the other hand, after creating the VM, you can add endpoints additionally as needed. You can also manage incoming traffic to the public port by configuring rules for the Network Access Control List (ACL) of the endpoint.
The private port is used internally by the virtual machine to listen for traffic on that endpoint.
The public port is used by the Azure load balancer to communicate with the virtual machine from
external resources. After you create an endpoint, you can use the network access control list
(ACL) to define rules that help isolate and control the incoming traffic on the public port. For
more information, see About Network Access Control Lists.