In my company, I have setup an Azure VM and selected a pre-defined VNet (associated with a subscription). I then added inbound rules on the newly created NSG allowing ports 80, 443 and 3389(rdp).
The VM has ubuntu and apache2 installed and when I browse vm's localhost the default apache page shows.
However, when I browse the VM site from my laptop via company network, I get a connection timeout error on the browser.
I used Azure - IP verify tool and fond the cause, it appears to be a rule created for isolating NSG by the Admin team, thus blocking all inbound traffic (see image below). I cannot remote this rule.
To override this rule, I created an inbound rule at NSG level with higher priority but it still does not
work.
Any help will be much appreciated.
Edit: I am able to RDP to my VM without any issues, the main issue is to do with browsing the website hosted in my VM from the company network
Edit
For your issue, you could ensure to add an inbound security rule with a higher priority than the rule 4090 like this: destination port 80,433 with action allow and priority 100. If there are two NSGs in the networking of the virtual machine: one is associated with NIC, the other is associated with a subnet, you should allow port 80,443 in both NSGs.
As far as I know, the UFW firewall is inactive on the Azure VM by default. If you enable it, you could adjust the firewall to allows HTTP and HTTPS traffic.
After that, you could run telnet VM's public IP 80 in the CMD on the laptop to verify if the networking connection is normal. If not, contact the admin in your company to allow the outgoing traffic for port 80 or 443 or something else like virus software on your laptop is blocking it.
If the above all is no effect, you could restart your azure VM on the Azure portal. Sometimes, it may take effect on accessing the website outside of Azure. You also could follow this tutorial: Install a LAMP web server on a Linux virtual machine in Azure.
Related
I created my VM(Google Cloud Platform), working with Windows Server 2008 R2. So i installed a program that needs the port 6900 opened to run. The program for work must connect to it own server that is: 200.229.50.3:6900. So i entered in the firewall rules of Google Cloud Platform, put ip as 0.0.0.0/0 and opened the port 6900. Also entered in the advanced configures of firewall on my VM, and also allowed the port 6900. Tried to run the program and failed, tried to run telnet to test and failed. Already checked security settings, disabled firewall, etc. I don't know whats is happening.
Follow my Google Cloud Platafform Firewall Rules bellow:
Firewall Rules
Follow my instance Firewall Rules:
Instance Firewall Rules
Follow the program getting error trying to connect on it own server:
Program error
If someone want enter in my instance to check better it, can download the RDP file from here: RDP file
my external ip: 104.198.152.164
user: lala2018
password: ^#0aQaaz)MXbMNy
The program that the error is ocurring is on the desktop with the name xstart.
Feel free to run it, and try to understand what is the problem, because i can't find reasons for it isn't running right.
Someone can help me?
Edit 1:
Follow my VPC routting:
VPC 1 VPC 2
Edit 2:
Traced Route - 200.229.50.3
After seeing the screenshot of the message you attached, it looks like you are trying to connect from a GCP instance to the server "200.229.50.3" whose IP address belongs to "LEVEL UP! INTERACTIVE LTDA" in Brasil; however, seems "200.229.50.3" is not allowing you to connect ("200.229.50.3" it doesn't respond). If this is correct, you may have to create firewall rules in "200.229.50.3" instead of creating them in GCP.
I can see you have three rules to permit ingress and egress traffic from and to the GCP instances but none of them affects to "200.229.50.3" because this server doesn't belong to the GCP project:
- The GCP firewall rule named "testeee" allows incoming connections from the IP address 200.229.50.3 to all instances within your GCP project through the port 6900.
- The Windows firewall rule named "Port 6900" allows connections from any IP outside the Windows server through the port 6900.
- The GCP firewall rules "mean-stack" and "exit900" are allowing egress traffic from GCP instances to any IP outside the GCP project through the port 6900.
I tried to establish a telnet connection to 200.229.50.3:6900 but it doesn't respond. This could be normal because there could be a firewall in that server which is not allowing connections from my IP address; however, I have to ask the following:
Can you confirm 200.229.50.3 is allowing connections through the port 6900 from your GCP Instance?
I didn't find such guide or articles how to do it for ElasticSearch hosted on Windows server.
I have the EC2 amazon windows instance which running ElasticSearch server on port 9200, but I can't achieve it by _ec2_ip_adress:9200 outside the server.
I completely sure that all TCP ports are opened in amazon security group rules, I've turned off the firewall on the server as well.
So that is the problem in ElasticSearch configs.
Can someone help me with that?
Well but you know that then any body would be able to delete/create stuff in your index until you have shield.
If you really want to open it, also make sure that in windows firewall you opened port 9200.
So what i would do i would probably restrict in firewall on in Amazon access to this port for specific IPs (Actually in my project i am doing that :) )
There is one more thing to check on which IP is runned as soon as i remember ES will run on private IP. Look to network.host default is __local__. Try network.host: 0.0.0.0
I'm not a hardware guys, so I'm probably missing something simple, but I did the following:
Created a Windows VM.
Activated the web server role/IIS features (I can successfully serve a page via localhost when remote desktopped in).
Made sure outgoing port 80 wasn't blocked in Windows firewall.
Created a load balancer that pointed to the instance (to make enablement of SSL easier).
I then tried pulling up both the load balancer public DNS and the VM'w and neither of them pull up any web page. The Windows VM instance reports that it's running, but the load balancer reports that the VM is OutOfService trying to forward port 80.
What do I need to do to be able to serve my web site?
Open port 80 on the AWS security group assigned to your EC2 instance.
Open inbound access to port RDP in your security group.
This will make you to access the Windows server of your ec2-instance.
Edit the Security Group assigned to your EC2 instance and add a rule to allow port 80 in Inbound and outbount rules.
I have installed IntelliJ YouTrack running on port 80 on a Windows Server 2012 t2.micro EC2 instance on AWS.
I am able to access YouTrack when I remote desktop into the machine and enter http://localhost or http:// or http://. Therefore I know the application is up and running on the expected port.
I have whitelisted my ip by adding the relevant inbound rule under the security group settings for the instance.
I was assuming that was the only necessary step to allow inbound connections to that specific port. However I cannot access YouTrack when I enter the public IP of the instance on my web-browser from the whitelisted IP. Also what I find more confusing is when I try to enter http:// within the remote desktop of the instance, I am still unable to connect.
What am I missing for enabling incoming connections to a port on my EC2 t2.micro instance?
I appreciate all the advice.
It seems that Windows firewall was running and blocking the connections beyond the security group settings. Opening port 80 within Windows firewall fixed the issue.
When I first ran into the issue I typed "Firewall" into the start search. First result was "Windows Firewall with Advanced Security". When I opened that I got the error "There was an error opening Windows Firewall with Advanced Security snap-in". I immediately assumed AWS eliminated the firewall service from the windows builds to force customers to prefer the security group controls of the AWS console.
Embarassingly I have just now tried the second option in the list "Windows Firewall" which showed the normal windows firewall being active and of course blocking incoming connections to port 80. I have added the exceptions to the required ports and the issue was immediately resolved.
I hope this helps someone else out there.
I have followed the steps provided by Amazon EC2. I have installed a wordpress website in the EC2 Instance.
My public DNS is given as ec2-xx-xxx-xx-xxx.us-west-2.compute.amazonaws.com/
and Public IP is also given as xx-xxx-xx-xxx.
How to view the website from any other machine?
Note:
EC2 Instance is created and running now.
I can view it in the localhost as well as public DNS in the EC2 instance using RDP. (http://ec2-xx-xxx-xx-xxx.us-west-2.compute.amazonaws.com/)
If you can see the web site from the EC2 instance, but not from other machines, there is probably one of the following things wrong:
The DNS entry is not available or is wrong. Since you can RDP using that entry, this can't be the cause.
Access to the correct port is being blocked by the security group or firewall. Since the instructions you referenced specifically say to make sure that both port 80 (HTTP) and 3389 (RDP) are open, and you know that is true from port 3389, this isn't likely, but is possible. Make sure that there are security group rules for both port numbers that look the same.
The Windows server itself is refusing to allow outside access to port 80 on that address. This is unlikely, but not impossible, and the instructions specify that you should "disable Internet Explorer Enhanced Security Configuration", and at the end cover "Making Your WordPress Site Public". Make sure that the web server isn't configured to only respond to requests from localhost (127.0.0.1) and that there are no Windows firewall rules blocking port 80.
I think that the likeliest problem is number 2, above. Perhaps you forgot to open port 80 in the security group, or typed a different port number or a different address range to open it to.