1

我是 Windows Azure 的新手,对网络的了解有限。我有一个在 Windows azure 上运行的 VM,它被配置为具有虚拟网络。因此,在仪表板下,机器将具有以下信息:

Public virtual IP address (VIP): 168.62.210.xx
Internal IP Address: 10.1.1.4

我在那台机器上运行了一个定制的服务器,它将监听端口 2641。在端点下,我有:

Name   Protocol Public Port Private Port Load Balanced
Handle TCP      2641        2641         NO

我假设会有一个 NAT 基本上将传入流量从 168.62.210.xx:2641 路由到 10.1.1.4:2641,反之亦然(从 10.1.1.4 到 168.62.210.xx)?

有没有办法验证该端口是否正常工作?

在 linux 上, 的输出nc -z 168.62.210.xx 2641; echo $?为 1(表示端口未打开)。

如果我设置服务器,我假设我必须将服务器绑定到 10.1.1.4 而不是 168.62.210.xx?

任何帮助将不胜感激。

谢谢,

4

2 回答 2

2

您是否在 VM 上的 Windows 防火墙上打开了端口(2641)?

于 2012-10-12T13:32:36.640 回答
0

请确保您已在与 vm 网络接口关联的网络安全组中配置入站和出站安全规则。

类似于 azure 门户网站上列出的图片: 在此处输入图像描述

在 azure 中配置网络规则的另一种方法是调用 Azure PowerShell SDK,您可以使用下面的代码片段

# 0. set the target resource group name and target vm name
$ResourceGroupName = "ocoslab-eric" # set your own resource group
$VMName = "vm-eric-demo" # set your own vm name

# 1. get the vm information
$VM = Get-AzureRmVM -ResourceGroupName $ResourceGroupName -Name $VMName

# 2. get the network interface information
$NICID = $VM.NetworkInterfaceIDs[0]
$NICName = ([regex]"/.*/(.*?)$").Match($NICID).Groups[1].Value
$NICResourceGroupName = ([regex]"/resourceGroups/(.*?)/").Match($NICID).Groups[1].Value
$NIC = Get-AzureRmNetworkInterface -Name $NICName -ResourceGroupName $NICResourceGroupName

# 3. get or create the associated security network group
If ($NIC.NetworkSecurityGroup -eq $null) {
    $NSG = New-AzureRmNetworkSecurityGroup -Name 'custom-nsg' -Location $VM.Location -ResourceGroupName $ResourceGroupName
    $NIC.NetworkSecurityGroup = $NSG
} Else {
    $NSGId = $NIC.NetworkSecurityGroup.Id
    $NSGName = ([regex]"/.*/(.*?)$").Match($NSGId).Groups[1].Value
    $NSGResourcGroup = ([regex]"/resourceGroups/(.*?)/").Match($NSGId).Groups[1].Value
    $NSG = Get-AzureRmNetworkSecurityGroup -Name $NSGName -ResourceGroupName $NSGResourcGroup
    $NIC.NetworkSecurityGroup = $NSG
}

# 4. create security rule to allow the port and associate with the security network group
# Parameter explanation:
#   a.  -Name                       Specifies the name of a network security rule configuration
#   b.  -Access                     Specifies whether network traffic is allowed or denied. psdx_paramvalues Allow and Deny.
#   c.  -Protocol                   Specifies the network protocol that a rule configuration applies to. 
#                                   - Tcp
#                                   - Udp
#                                   - Wildcard character (*) to match both 
#   d.  -Direction                  Specifies whether a rule is evaluated on incoming or outgoing traffic. psdx_paramvalues Inbound and Outbound.
#   e.  -SourceAddressPrefix        Specifies a source address prefix. psdx_paramvalues
#                                   - A CIDR
#                                   - A source IP range
#                                   - A wildcard character (*) to match any IP address.
#   f.  -SourcePortRange            Specifies a source port or range. This value is expressed as an integer, as a range between 0 and 65535, or as a wildcard character (*) to match any source port.
#   g.  -DestinationAddressPrefix   Specifies a destination address prefix. psdx_paramvalues
#                                   - A Classless Interdomain Routing (CIDR) address
#                                   - A destination IP address range
#                                   - A wildcard character (*) to match any IP address  
#   h.  -DestinationPortRange       Specifies a destination port or range. psdx_paramvalues
#                                   - An integer
#                                   - A range of integers between 0 and 65535
#                                   - A wildcard character (*) to match any port
#   i.  -Priority                   Specifies the priority of a rule configuration. psdx_paramvalues An integer between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.

Add-AzureRmNetworkSecurityRuleConfig  -NetworkSecurityGroup $NSG `
                -Name 'custom_rule_name' `
                -Access Allow `
                -Protocol Tcp `
                -Direction Inbound `
                -SourceAddressPrefix Internet `
                -SourcePortRange * `
                -DestinationAddressPrefix * `
                -DestinationPortRange 3389 `
                -Priority 100 | Out-Null

# 5 finally, set the NetworkSecurityGroup and NetworkInterface state
Set-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $NSG | Out-Null
Set-AzureRmNetworkInterface -NetworkInterface $NIC | Out-Null

Write-Host "Done"

并且,对于完整的代码示例可下载位,请访问如何通过 PowerShell 管理 Azure 虚拟机的端口

于 2016-11-21T03:17:01.563 回答