2012-10-12 405 views
1

我是Windows Azure的新手,對網絡知識有限。我有一臺運行在windows azure上的虛擬機,它被配置爲具有虛擬網絡。因此,在儀表板,機器將具備以下信息:Windows Azure VM端點

Public virtual IP address (VIP): 168.62.210.xx 
Internal IP Address: 10.1.1.4 

我有一個定製的服務器機器將在端口2641在端點上聽上運行,我有:

Name Protocol Public Port Private Port Load Balanced 
Handle TCP  2641  2641   NO 

我假設將有一個NAT,基本上將來自168.62.210.xx:2641的輸入流量路由到10.1.1.4:2641,反之亦然(從10.1.1.4到168.62.210.xx)?

是否有方法來驗證該端口是否工作?

在linux上,nc -z 168.62.210.xx 2641; echo $?的輸出是1(表示端口未打開)。

如果我設置服務器,我假設我將不得不將服務器綁定到10.1.1.4而不是168.62.210.xx?

任何幫助將不勝感激。

謝謝,

回答

2

您是否在VM上的Windows防火牆上打開了端口(2641)?

+0

嗯,這不是我們添加端點時自動完成的嗎?我關掉了防火牆,通信經過了,所以防火牆阻止了它。 –

+1

不,添加端點僅允許流量(通過網絡)流動。編輯端點不會更改Windows Server防火牆設置(不會更改操作系統)。使用虛擬機(在IaaS環境中),您負責完全管理操作系統。 Windows Azure管理門戶可以幫助您配置一些網絡選項,但不能幫助您配置虛擬機的操作系統。 – mcollier

+1

你確定你的Linux機器可以通過端口2641上網嗎?假設Windows Azure中的虛擬機是Windows Server計算機,而不是Linux計算機(它不會位於虛擬網絡中),您是否試圖查看是否存在使用netstat -ano |命令監聽端口2641的進程?找到「:2641」?對於防火牆,請在端口2641上添加inboud規則。您可以使用具有高級安全性的Windows防火牆執行此操作。 – benjguin

0

請確保您已配置與vm網絡接口關聯的網絡安全組中的入站和出站安全規則。

對蔚藍的門戶下面列出的圖像相似: enter image description here

另一種方式來配置在蔚藍的呼籲Azure中的PowerShell SDK網絡規則,您可以使用代碼段下面

# 0. set the target resource group name and target vm name 
$ResourceGroupName = "ocoslab-eric" # set your own resource group 
$VMName = "vm-eric-demo" # set your own vm name 

# 1. get the vm information 
$VM = Get-AzureRmVM -ResourceGroupName $ResourceGroupName -Name $VMName 

# 2. get the network interface information 
$NICID = $VM.NetworkInterfaceIDs[0] 
$NICName = ([regex]"/.*/(.*?)$").Match($NICID).Groups[1].Value 
$NICResourceGroupName = ([regex]"/resourceGroups/(.*?)/").Match($NICID).Groups[1].Value 
$NIC = Get-AzureRmNetworkInterface -Name $NICName -ResourceGroupName $NICResourceGroupName 

# 3. get or create the associated security network group 
If ($NIC.NetworkSecurityGroup -eq $null) { 
    $NSG = New-AzureRmNetworkSecurityGroup -Name 'custom-nsg' -Location $VM.Location -ResourceGroupName $ResourceGroupName 
    $NIC.NetworkSecurityGroup = $NSG 
} Else { 
    $NSGId = $NIC.NetworkSecurityGroup.Id 
    $NSGName = ([regex]"/.*/(.*?)$").Match($NSGId).Groups[1].Value 
    $NSGResourcGroup = ([regex]"/resourceGroups/(.*?)/").Match($NSGId).Groups[1].Value 
    $NSG = Get-AzureRmNetworkSecurityGroup -Name $NSGName -ResourceGroupName $NSGResourcGroup 
    $NIC.NetworkSecurityGroup = $NSG 
} 

# 4. create security rule to allow the port and associate with the security network group 
# Parameter explanation: 
# a. -Name      Specifies the name of a network security rule configuration 
# b. -Access      Specifies whether network traffic is allowed or denied. psdx_paramvalues Allow and Deny. 
# c. -Protocol     Specifies the network protocol that a rule configuration applies to. 
#         - Tcp 
#         - Udp 
#         - Wildcard character (*) to match both 
# d. -Direction     Specifies whether a rule is evaluated on incoming or outgoing traffic. psdx_paramvalues Inbound and Outbound. 
# e. -SourceAddressPrefix  Specifies a source address prefix. psdx_paramvalues 
#         - A CIDR 
#         - A source IP range 
#         - A wildcard character (*) to match any IP address. 
# f. -SourcePortRange   Specifies a source port or range. This value is expressed as an integer, as a range between 0 and 65535, or as a wildcard character (*) to match any source port. 
# g. -DestinationAddressPrefix Specifies a destination address prefix. psdx_paramvalues 
#         - A Classless Interdomain Routing (CIDR) address 
#         - A destination IP address range 
#         - A wildcard character (*) to match any IP address 
# h. -DestinationPortRange  Specifies a destination port or range. psdx_paramvalues 
#         - An integer 
#         - A range of integers between 0 and 65535 
#         - A wildcard character (*) to match any port 
# i. -Priority     Specifies the priority of a rule configuration. psdx_paramvalues An integer between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. 

Add-AzureRmNetworkSecurityRuleConfig -NetworkSecurityGroup $NSG ` 
       -Name 'custom_rule_name' ` 
       -Access Allow ` 
       -Protocol Tcp ` 
       -Direction Inbound ` 
       -SourceAddressPrefix Internet ` 
       -SourcePortRange * ` 
       -DestinationAddressPrefix * ` 
       -DestinationPortRange 3389 ` 
       -Priority 100 | Out-Null 

# 5 finally, set the NetworkSecurityGroup and NetworkInterface state 
Set-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $NSG | Out-Null 
Set-AzureRmNetworkInterface -NetworkInterface $NIC | Out-Null 

Write-Host "Done" 

而對於完整的代碼示例可下載位,請訪問How to manage port for Azure Virtual Machine by PowerShell