can't access remote desktop's opened tcp from local system - remote-access

I can able to login the dedicated server(has Windows server 2012) from local system by Remote Desktop connection. I used IP address and admin password to login dedicated server. I ran tomcat server in dedicated server and deployed my application then I can access my application from dedicated server's browser like
localhost:8080/myapp
or
xx.xx.xx.xx:8080/myapp
It was working fine there, but when I tried to access the same app from my local system as
xx.xx.xx.xx:8080/myapp
It's not working. I ran netstat -a to see whether the tcp is running or not in dedicated server , I can see 0.0.0.0:8080 is in Listening state in dedicated server. Any idea?

Also if it's a firewall issue then rather turning the firewall you can write inbound and outbound rule for specific port. Turning your firewall on server is a dangerous compromise with security.

Related

Cannot connect to my website running on Azure VM

I cannot seem to connect to my website running on Azure VM. I have looked through every single Azure docs.
I allowed incoming connections to port 80 per documentation:
I have a very basic Hello World nodejs app listening on port 80 (i confirmed this app works locally my own system):
I am attempting to connect to the site via the Public IP assigned to me that i see in Azure Portal:
The problem is any attempt to connect to 40.XXX.XXX.230:80 in Chrome simply times out.
I am new to VM's but i think something is wrong with port forwarding?
Another thing to check:
Remote desktop into the virtual machine, and confirm that the virtual machine's local firewall allows incoming HTTP and HTTPS connections.

Web server on Azure VM

I've installed a Windows 2012 R2 VM (free tier) and enabled all ports for external communication (including port 80).
I logged in to my VM and installed nginx webserver (I've also tried to python development server).
I can access the website internally on the VM (using 127.0.0.1 or the internal address of the server 10.1....) but when trying to access it from outside, using the external IP address (which is also the IP address I used in order to login to my server using RDP) I get no response.
Can you please help me understand what I'm doing wrong?
Thanks!
As #evilSnobu points out from his comments, the short answer is to allow the TCP port 80 in the windows firewall on windows VM itself.
Usually, we could login to that Windows VM and run the CMD command netsh advfirewall set allprofiles state off to disable the windows firewall temporarily. Then we can use telnet tool to check if TCP 80 port can be connected.
When we face the same issue no response outside of Azure VM. we can try one or more of the followings:
There is an NSG at the subnet level or NIC level as well which is not allowing data through.
There is a firewall on the VM itself (windows firewall etc.)
There is nothing listening on that port. It should be listening on 0.0.0.0 instead of 127.0.0.1 when you use netstat -ano in the windows CMD.
The service is not staring when you verify the port listening.
Outbound traffic with a specific port is denied from your local machines.
Hope this helps.

Access Ubuntu Server VM on Azure

I've setup an Ubuntu Server on Azure. On this server, an application is running on port 3000. I want to access this application external. Azure tells me my server has public ip 40.68.XXX.XXX.
When I ping this IP, there is no response, despite ssh works when connecting to this IP-address.
I want to access 40.68.XXX.XXX:3000 external, does somebody know how to get this work?
Yes, you need to open up a port on the Network Security Group (NSG) and open up the port on your firewall (on the VM itself).
Easiest way to open the port is using the portal:
https://learn.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-nsg-quickstart-portal

Azure Networking ActiveFTP issue

We have recently moved our server onto Azure. It runs our point-of-sale system and uploads a few files via FTP to our webserver which then gets parsed and products are created.
The point of sale software developers have a bunch of batch files that run FTP.exe which unfortunately doesn't support passive file transfers(regardless of what you read - quote pasv & literal pasv don't work). So we are stuck using active transfers, unfortunately this doesn't suit Azure very well.
The server is using ports 10090 - 10100 for active connections (I have created a rule in the NSG to allow 10090-10100 in) but unfortunately this isn't working at all.
I'm in the process of trying to convince the developers to rewrite using WinSCP so that we can just use passive transfers, but otherwise I've been searching for another solution, and so far nothing has worked.
I know it's not an issue in the OS as I've turned off Windows Firewall & still no luck.
Any help or suggestions with this problem is greatly appreciated.!
The server is using ports 10090 - 10100 for active connections (I have
created a rule in the NSG to allow 10090-10100 in) but unfortunately
this isn't working at all.
This is a by design behavior, because the VM's NSG inbount rules have no entries about the random unprivileged ports.
In active mode FTP the client connects from a random unprivileged port (N > 1023) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20.
Here is the connection appears as follows:
For test, I had create 2 VMs (turn off windows firewall) in the same Vnet, and setup FTP on VM1, then use VM2 (disable use passive FTP) to access FTP, it works. Because VM1 and VM2 can connect with each other, and in the same Vnet the NSG does't work for internal network traffic.
So, in this case, active FTP isn't working because the server can't initiate a connection to the client. Maybe the most secure method is passive mode FTP.

FTP on WIndows Azure VM

I have a VM-1 on Azure with windows server 2012. I have installed FTP server in this. (FileZilla)
Another VM-2 in different cloud, where a windows service will access a FTP server in VM-1.
Both VMs are in different cloud. In FTP , while listing directories I am getting '425 Cant open data connection for dir listing'
I am using active mode in FTP.
But If I install the windows service in local machine, it is running correctly without any issue in FTP.
I'll answer though this isn't a programming question, because I can help. :)
When a virtual machine is created, a default ACL is put in place to block all incoming traffic other than for RDP and Remote PowerShell connections.
http://azure.microsoft.com/blog/2014/03/28/network-isolation-options-for-machines-in-windows-azure-virtual-networks/
You need inbound ports other than 21 for active connections, typically high ports above 1024, if you have port 21 open inbound already then you should use passive (pasv) mode to let the server open a random outbound port first to solve the issue of needing an ACL for other inbound ports.
More info on Active vs Passive and ports: http://slacksite.com/other/ftp.html

Resources