1. 首页
  2. 问答
  3. Windows Azure VM端点

Windows Azure VM端点

2012-10-12 204 views
1

我是Windows Azure的新手,对网络知识有限。我有一台运行在windows azure上的虚拟机,它被配置为具有虚拟网络。因此,在仪表板,机器将具备以下信息:Windows Azure VM端点

Public virtual IP address (VIP): 168.62.210.xx 
Internal IP Address: 10.1.1.4

我有一个定制的服务器机器将在端口2641在端点上听上运行,我有:

Name Protocol Public Port Private Port Load Balanced 
Handle TCP  2641  2641   NO

我假设将有一个NAT,基本上将来自168.62.210.xx:2641的输入流量路由到10.1.1.4:2641,反之亦然(从10.1.1.4到168.62.210.xx)?

是否有方法来验证该端口是否工作?

在linux上,nc -z 168.62.210.xx 2641; echo $?的输出是1(表示端口未打开)。

如果我设置服务器,我假设我将不得不将服务器绑定到10.1.1.4而不是168.62.210.xx?

任何帮助将不胜感激。

谢谢,

来源

2012-10-12 Tu Hoang

回答

2

您是否在VM上的Windows防火墙上打开了端口(2641)?

来源

2012-10-12 13:32:36 mcollier

+0

嗯,这不是我们添加端点时自动完成的吗?我关掉了防火墙,通信经过了,所以防火墙阻止了它。 –

+1

不,添加端点仅允许流量(通过网络)流动。编辑端点不会更改Windows Server防火墙设置(不会更改操作系统)。使用虚拟机(在IaaS环境中),您负责完全管理操作系统。 Windows Azure管理门户可以帮助您配置一些网络选项,但不能帮助您配置虚拟机的操作系统。 – mcollier

+1

你确定你的Linux机器可以通过端口2641上网吗?假设Windows Azure中的虚拟机是Windows Server计算机,而不是Linux计算机(它不会位于虚拟网络中),您是否试图查看是否存在使用netstat -ano |命令监听端口2641的进程?找到“:2641”?对于防火墙,请在端口2641上添加inboud规则。您可以使用具有高级安全性的Windows防火墙执行此操作。 – benjguin

0

请确保您已配置与vm网络接口关联的网络安全组中的入站和出站安全规则。

对蔚蓝的门户下面列出的图像相似: enter image description here

另一种方式来配置在蔚蓝的呼吁Azure中的PowerShell SDK网络规则,您可以使用代码段下面

# 0. set the target resource group name and target vm name 
$ResourceGroupName = "ocoslab-eric" # set your own resource group 
$VMName = "vm-eric-demo" # set your own vm name 

# 1. get the vm information 
$VM = Get-AzureRmVM -ResourceGroupName $ResourceGroupName -Name $VMName 

# 2. get the network interface information 
$NICID = $VM.NetworkInterfaceIDs[0] 
$NICName = ([regex]"/.*/(.*?)$").Match($NICID).Groups[1].Value 
$NICResourceGroupName = ([regex]"/resourceGroups/(.*?)/").Match($NICID).Groups[1].Value 
$NIC = Get-AzureRmNetworkInterface -Name $NICName -ResourceGroupName $NICResourceGroupName 

# 3. get or create the associated security network group 
If ($NIC.NetworkSecurityGroup -eq $null) { 
    $NSG = New-AzureRmNetworkSecurityGroup -Name 'custom-nsg' -Location $VM.Location -ResourceGroupName $ResourceGroupName 
    $NIC.NetworkSecurityGroup = $NSG 
} Else { 
    $NSGId = $NIC.NetworkSecurityGroup.Id 
    $NSGName = ([regex]"/.*/(.*?)$").Match($NSGId).Groups[1].Value 
    $NSGResourcGroup = ([regex]"/resourceGroups/(.*?)/").Match($NSGId).Groups[1].Value 
    $NSG = Get-AzureRmNetworkSecurityGroup -Name $NSGName -ResourceGroupName $NSGResourcGroup 
    $NIC.NetworkSecurityGroup = $NSG 
} 

# 4. create security rule to allow the port and associate with the security network group 
# Parameter explanation: 
# a. -Name      Specifies the name of a network security rule configuration 
# b. -Access      Specifies whether network traffic is allowed or denied. psdx_paramvalues Allow and Deny. 
# c. -Protocol     Specifies the network protocol that a rule configuration applies to. 
#         - Tcp 
#         - Udp 
#         - Wildcard character (*) to match both 
# d. -Direction     Specifies whether a rule is evaluated on incoming or outgoing traffic. psdx_paramvalues Inbound and Outbound. 
# e. -SourceAddressPrefix  Specifies a source address prefix. psdx_paramvalues 
#         - A CIDR 
#         - A source IP range 
#         - A wildcard character (*) to match any IP address. 
# f. -SourcePortRange   Specifies a source port or range. This value is expressed as an integer, as a range between 0 and 65535, or as a wildcard character (*) to match any source port. 
# g. -DestinationAddressPrefix Specifies a destination address prefix. psdx_paramvalues 
#         - A Classless Interdomain Routing (CIDR) address 
#         - A destination IP address range 
#         - A wildcard character (*) to match any IP address 
# h. -DestinationPortRange  Specifies a destination port or range. psdx_paramvalues 
#         - An integer 
#         - A range of integers between 0 and 65535 
#         - A wildcard character (*) to match any port 
# i. -Priority     Specifies the priority of a rule configuration. psdx_paramvalues An integer between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. 

Add-AzureRmNetworkSecurityRuleConfig -NetworkSecurityGroup $NSG ` 
       -Name 'custom_rule_name' ` 
       -Access Allow ` 
       -Protocol Tcp ` 
       -Direction Inbound ` 
       -SourceAddressPrefix Internet ` 
       -SourcePortRange * ` 
       -DestinationAddressPrefix * ` 
       -DestinationPortRange 3389 ` 
       -Priority 100 | Out-Null 

# 5 finally, set the NetworkSecurityGroup and NetworkInterface state 
Set-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $NSG | Out-Null 
Set-AzureRmNetworkInterface -NetworkInterface $NIC | Out-Null 

Write-Host "Done"

而对于完整的代码示例可下载位,请访问How to manage port for Azure Virtual Machine by PowerShell

来源

2016-11-21 03:17:01 Eric

相关问题

 相关问题