Windows Azure VM端点

时间:2012-10-12 04:28:54

标签: windows azure port endpoint

我是Windows Azure新手,对网络知识有限。我在Windows Azure上运行的VM配置为具有虚拟网络。因此,在仪表板下,机器将具有以下信息:

Public virtual IP address (VIP): 168.62.210.xx
Internal IP Address: 10.1.1.4

我在该机器上运行的定制服务器将在端口2641上侦听。在端点下,我有:

Name   Protocol Public Port Private Port Load Balanced
Handle TCP      2641        2641         NO

我假设会有一个NAT基本上将传入流量从168.62.210.xx:2641路由到10.1.1.4:2641,反之亦然(从10.1.1.4到168.62.210.xx)?

有没有办法验证该端口是否正常工作?

在linux上,nc -z 168.62.210.xx 2641; echo $?的输出为1(表示端口未打开)。

如果我设置服务器,我假设我必须将服务器绑定到10.1.1.4而不是168.62.210.xx?

非常感谢任何帮助。

谢谢,

2 个答案:

答案 0 :(得分:2)

您是否在VM上的Windows防火墙上打开了端口(2641)?

答案 1 :(得分:0)

请确保您已在与vm网络接口关联的网络安全组中配置入站和出站安全规则。

与azure门户网站上列出的图像类似: enter image description here

在azure中配置网络规则的另一种方法是调用Azure PowerShell SDK,您可以使用下面的代码片段

# 0. set the target resource group name and target vm name
$ResourceGroupName = "ocoslab-eric" # set your own resource group
$VMName = "vm-eric-demo" # set your own vm name

# 1. get the vm information
$VM = Get-AzureRmVM -ResourceGroupName $ResourceGroupName -Name $VMName

# 2. get the network interface information
$NICID = $VM.NetworkInterfaceIDs[0]
$NICName = ([regex]"/.*/(.*?)$").Match($NICID).Groups[1].Value
$NICResourceGroupName = ([regex]"/resourceGroups/(.*?)/").Match($NICID).Groups[1].Value
$NIC = Get-AzureRmNetworkInterface -Name $NICName -ResourceGroupName $NICResourceGroupName

# 3. get or create the associated security network group
If ($NIC.NetworkSecurityGroup -eq $null) {
    $NSG = New-AzureRmNetworkSecurityGroup -Name 'custom-nsg' -Location $VM.Location -ResourceGroupName $ResourceGroupName
    $NIC.NetworkSecurityGroup = $NSG
} Else {
    $NSGId = $NIC.NetworkSecurityGroup.Id
    $NSGName = ([regex]"/.*/(.*?)$").Match($NSGId).Groups[1].Value
    $NSGResourcGroup = ([regex]"/resourceGroups/(.*?)/").Match($NSGId).Groups[1].Value
    $NSG = Get-AzureRmNetworkSecurityGroup -Name $NSGName -ResourceGroupName $NSGResourcGroup
    $NIC.NetworkSecurityGroup = $NSG
}

# 4. create security rule to allow the port and associate with the security network group
# Parameter explanation:
#   a.  -Name                       Specifies the name of a network security rule configuration
#   b.  -Access                     Specifies whether network traffic is allowed or denied. psdx_paramvalues Allow and Deny.
#   c.  -Protocol                   Specifies the network protocol that a rule configuration applies to. 
#                                   - Tcp
#                                   - Udp
#                                   - Wildcard character (*) to match both 
#   d.  -Direction                  Specifies whether a rule is evaluated on incoming or outgoing traffic. psdx_paramvalues Inbound and Outbound.
#   e.  -SourceAddressPrefix        Specifies a source address prefix. psdx_paramvalues
#                                   - A CIDR
#                                   - A source IP range
#                                   - A wildcard character (*) to match any IP address.
#   f.  -SourcePortRange            Specifies a source port or range. This value is expressed as an integer, as a range between 0 and 65535, or as a wildcard character (*) to match any source port.
#   g.  -DestinationAddressPrefix   Specifies a destination address prefix. psdx_paramvalues
#                                   - A Classless Interdomain Routing (CIDR) address
#                                   - A destination IP address range
#                                   - A wildcard character (*) to match any IP address  
#   h.  -DestinationPortRange       Specifies a destination port or range. psdx_paramvalues
#                                   - An integer
#                                   - A range of integers between 0 and 65535
#                                   - A wildcard character (*) to match any port
#   i.  -Priority                   Specifies the priority of a rule configuration. psdx_paramvalues An integer between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.

Add-AzureRmNetworkSecurityRuleConfig  -NetworkSecurityGroup $NSG `
                -Name 'custom_rule_name' `
                -Access Allow `
                -Protocol Tcp `
                -Direction Inbound `
                -SourceAddressPrefix Internet `
                -SourcePortRange * `
                -DestinationAddressPrefix * `
                -DestinationPortRange 3389 `
                -Priority 100 | Out-Null

# 5 finally, set the NetworkSecurityGroup and NetworkInterface state
Set-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $NSG | Out-Null
Set-AzureRmNetworkInterface -NetworkInterface $NIC | Out-Null

Write-Host "Done"

并且,对于完整的代码示例可下载位,请访问How to manage port for Azure Virtual Machine by PowerShell

相关问题
最新问题