Windows Azure Virtual Machine - Opening a port

Question

I am trying to open a port in a Windows Azure virtual machine. I have a game listening on that port, and I am able to access it via localhost, so the game is running.

I have also opened the port in the firewall and created an endpoint in the virtual machine, but the port doesn't seem to be open to the outside world. I have tried accessing it both via the IP address and the DNS with the same results.

Is there anything else I should do? I have looked up several tutorials online and can't figure out what I am doing wrong.

score 35 · Answer 1 · answered Jul 04 '16 at 16:07

35

this has changed to this

I would recommend ignoring 100% of what is on google at the moment

answered Jul 04 '16 at 16:07

Mr Heelis

2,370
4
24
34

Leo · Accepted Answer · 2016-03-18T01:25:38.843

14

Irina, make sure you have configured your endpoint properly by setting the private and public port. Here's a documentation that explains the steps to accomplish this...

http://www.windowsazure.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/

edited Mar 18 '16 at 01:25

answered Jan 13 '14 at 04:22

Leo

14,625
2
37
55

Thank you, Leo. This is the tutorial I followed to oepn the endpoint, but unfortunately the port doesn't seem to be opened to the outside world. I am wondering if somehow the IP address is not public. I will retry and post back if I find the solution. Thanks again! – Irina Jan 13 '14 at 17:44
did you connect to the public VIP? your hostname should be something like "myhostname.cloudapp.net". you can see the public dns on the dashboard tab of your VM. – Ben Jan 15 '14 at 06:51
Ben - I did. Surprisingly, I tried a different port today and it worked just fine. For some reason, it looks like the virtual machine would simply not open the specific port I wanted; maybe I didn't do something right the first time and it saw it as a potential threat. Following the same procedure for a different port worked immediately. Thanks for everybody's help! – Irina Jan 15 '14 at 23:43

score 7 · Answer 3 · answered May 31 '20 at 14:22

This is a two step process:

Configure the port rule in the Azure Portal (No need of any restarts. The effect takes place in a few minutes.) Here are the steps (at the time of writing): Click on the VM -> Click on 'Networking' -> Click 'Allow inbound port rule'
Configure the port rule in the VM's own Firewall - this depends on the Operating System your VM has got (OR disable this firewall) Here are the steps for Windows 10: Open 'Windows Firewall with Advanced Security' Desktop App -> Click on 'Inbound Rules' on the left panel -> Click on 'New Rule' in the Actions panel on the right. The following screenshots explain the rest.

Now the application listening to the port can be reached over the internet.

Will · Answer 4 · 2018-07-05T04:05:49.707

6

It's easy via Azure CLI, for example , open port 80

$ az vm open-port -g MyResourceGroup -n MyVm --port 80

Open multiple ports at the same time

az vm open-port -g MyResourceGroup -n MyVm --port 80-100 --priority 100

Open all..

az vm open-port -g MyResourceGroup -n MyVm --port '*'

Pay special attention to this parameter,Must be unique for each rule

--priority : Rule priority, between 100 (highest priority) and 4096 (lowest priority). Must be unique for each rule in the collection. Default: 900.

edited Jul 05 '18 at 04:05

answered Jul 05 '18 at 03:53

Will

1,573
14
13

splendid! Thx a lot! – xpt Mar 12 '19 at 03:36
1

I don't know what exactly `az vm open-port ...` is doing. But this worked for me. Only setting an inbound rule via Frontend was not enough. (Maybe the firewall settings of the VM were also changed by using this command, don't know.) – colidyre Feb 12 '20 at 16:04

score 5 · Answer 5 · answered Feb 10 '17 at 17:42

5

For future reference, if you're trying to listen to 3000 or that range it simply does not work.

Go to the 8080's range, make the inbound rule and you're up and running.

answered Feb 10 '17 at 17:42

Rod

386
3
7

Indeed the list of ports that can be opened in Azure VMs seems to be restricted in some way. I was trying port 4723 for [WinAppDriver](https://github.com/Microsoft/WinAppDriver) which didn't work. I tried out some more and 22, 80, 443, 8080 worked but 23, 7000, 7005, 8081 didn't. – Livven Dec 05 '17 at 16:13

score 3 · Answer 6 · answered Jul 22 '16 at 16:49

Probably this is the latest solution at a time of writing this answer:

You need to create a Network Security Group (or use an existing one). The easiest way is to search for Network Security Groups in the search resources bar. If there is an existing NSG, click on it and find inbound security rules from the settings. Then add an inbound rule with your desired port.For example, I opened port 8080 on my VM with settings shown in picture below.

More info: https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-windows-nsg-quickstart-portal/

score 3 · Answer 7 · answered Sep 06 '16 at 18:01

3

In addition to described, you may need to create inbound rule in VM firewall. The settings in portal create forwarding from public IP towards VM. VM itself should allow applications to listen on the port. This may explain why this didn't work for Irina on some ports and worked on other ports.

answered Sep 06 '16 at 18:01

Yosef Dinerstein

86
4

and how do you do that? – CQM Sep 10 '16 at 07:05
Not may, but absolutely need to unless it's already opened (e.g. rdp is allowed by default), NSG only allow traffic on network interface level, OS firewall does not have to do with this and has to be separately configured – illegal-immigrant Feb 09 '17 at 03:40

PRTJ · Answer 8 · 2021-08-03T07:40:40.253

2

Check the Windows firewall on the VM also. If port 8080 is not added in firewall inbound rules, then make sure to add a new inbound rule to allow access to port 8080. (Remotely login to your VM. Windows Defender Firewall -> Advanced Settings)

edited Aug 03 '21 at 07:40

answered Aug 03 '21 at 07:35

PRTJ

980
1
8
15

reza.Nikmaram · Answer 9 · 2022-07-30T13:33:35.127

Source port ranges: * (allows any source port)

After you've created a VM that's configured to serve web requests on the standard TCP port 80, you can:

Create a network security group.

Create an inbound security rule allowing traffic and assign values to the following settings:

 - Destination port ranges: 80            
 - Source port ranges: * (allows any source port)
 - Priority value: Enter a value that is less than 65,500 and higher in
    priority than the default catch-all deny inbound rule.

Associate the network security group with the VM network interface or subnet.

it's assumed you've already started the appropriate services and opened any OS firewall rules on the VM

for other example : port ranges: 2022-2023