0

I have a private subnet in VNet 1 with Network Security Group only allowing inbound traffic from a specific private IP CIDR. This subnet hosts Azure Database for PostgreSQL with a server name.

I also have a public subnet in a different VNet (VNet2) that hosts a standard VM.

I have done VNet peering to connect the two and they don't overlap the address spaces. I have also whitelisted the Private IP of the VM (in VNet2) in the NSG of Private subnet in VNet 1 but I cannot ping the PostgreSQL DB from my VM. It says:

ping: mydb-dev.postgres.database.azure.com: Name or service not known

Both VNets are in same subscription and same region

HelmBurger
  • 1,168
  • 5
  • 15
  • 35
  • You can only ping IP addresses, not TCP ports or services. So whatever is going on isn't related to PostgreSQL. But did you just try connecting with psql? Machines can be configured not to respond to pings, but to still accept TCP connections. – jjanes Jun 27 '22 at 19:13
  • Try to disable the firewall if you haven't from both side – RahulKumarShaw Jun 28 '22 at 05:33
  • @RahulKumarShaw-MT firewall rules were configured correctly but I still couldn't get the 2 to talk. I ended up resolving the problem by moving both PostgreSQL and my VM into same VNet and then configured NSGs to allow traffic from VM to PostgreSQL. Although it didn't answer my initial question, but it at least unblocked me to move forward in my work. – HelmBurger Jul 05 '22 at 00:31
  • whitlist the public ip of subnet(Vnet2) as you did for vnet1 and then check – RahulKumarShaw Jul 05 '22 at 11:48
  • Hi @RahulKumarShaw-MT thanks for your help! As I mentioned in my comment above, I ended up solving the problem by moving my resources into the same VNet. So I'm not sure if this solution will work or not. – HelmBurger Jul 07 '22 at 16:46

1 Answers1

1

Things to be notice.

  • You can't ping directly with server name ping mydb-dev.postgres.database.azure.com. Because this domain/server name is not registered in any public or private DNS Zone. If you want to ping with Server name your domain should be registered in DNS record.

  • Another more imortant things is you need to open port default PostgreSQL port is 5432 at both the Vnet for inbound and outbound level.

  • you are able to ping when your deploying both the resource in one VNEt.So By default, there is no security boundary between subnets for a VNet, so VMs in each of these subnets can talk to one another.

RahulKumarShaw
  • 4,192
  • 2
  • 5
  • 11