问题
I am very new to the AZURE, and was trying to connect two VM (same network, separate Subset).
I have enabled RDP on both the VM, So I can ping from VM-1 to VM-2 like this:
PS C:\Users\AzureUser> Test-NetConnection 10.0.1.4 -port 3389
ComputerName : 10.0.1.4
RemoteAddress : 10.0.1.4
RemotePort : 3389
InterfaceAlias : Ethernet
SourceAddress : 10.0.0.4
TcpTestSucceeded : True
I guess this is because this port 3389 is used for RDP.
Now in Inbound port rules I have added port 8080 but not able to connect.
PS Output:
PS C:\Users\AzureUser> Test-NetConnection 10.0.1.4 -port 8080
WARNING: TCP connect to 10.0.1.4:8080 failed
WARNING: Ping to 10.0.1.4 failed -- Status: TimedOut
ComputerName : 10.0.1.4
RemoteAddress : 10.0.1.4
RemotePort : 8080
InterfaceAlias : Ethernet
SourceAddress : 10.0.0.4
PingSucceeded : False
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded : False
Overall Virtual Network connection is like this:
Any help is appreciated.
回答1:
It's a good idea to see if the port is listening at the destination
netstat -ano | findStr "8080"
Port 3389 is pinging as it is already opened and assigned the RDP application. Similarly, port 8080 should have an application running and in listening mode to ping the port successfully
Thanks, Manu
回答2:
You are pinging from one subnet to another. The the traffic must be able to get out of the first subnet and into the second. Therefore, you need to define both inbound and outbound rules.
See: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#default-security-rules
回答3:
According to your networking topology, both VMs are in the same VNET, but different SUBNET, it means that traffic between VMs are allowed by default rules in NSG. In order to make sure that everything is correct on Azure network, you can do the following tests.
any chance that VM Windows firewall (10.0.1.4) is blocking traffic on port 8080? Just in case, disable Windows Firewall for this VM and test it again.
from VM 10.0.1.4 run this command, make sure that exists a service listening on port 8080.
netstat -ano | findtr 8080 TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 4 TCP [::]:8080 [::]:0 LISTENING 4
- you can use Network Watcher to see IP Flow. Select your source VM and put all information about VM destination, local port is a random high port, you can use the same in this image, remote IP and port is your VM 10.0.1.4.
- I would say that you have an issue inside your VM 10.0.1.4, based on all information you provided. Let me know if all steps above didn't help and then we can continue working on it.
来源:https://stackoverflow.com/questions/62601960/azure-vms-on-the-same-vnet-different-subnet-can-not-ping-to-port-other-then-338