I and unable to RDP Azure VM on my corporate network using "DNS:Port" (like vmname.cloudapp.net:3389). It works fine on my home network, which means, endpoints are set correctly.
However, it was possible to RDP VM using Public IP but not anymore. With public IP, I was able to RDP VM on my corporate network, but not sure this has restricted recently?
Any way of to access a VM using Public IP rather DNS:Port format?
Thanks
It is common for enterprise IT to block outbound ports because some argue this provides better security. I don't think this necessarily makes sense, but here's what you can do to verify. As a best practice, always connect to Windows Azure VMs using DNS names rather than IP addresses because the addresses are subject to change, while DNS names will not.
1 Confirm the port you're trying to connect to. By default, Windows Azure assigns a port in the dynamic range (49152–65535) for Remote Desktop, which is mapped internally to the usual RDP port 3389. You can see which one this is by checking your VM endpoint public port in the Windows Azure portal (Select Virtual Machines > Your VM > Endpoints tab > RemoteDesktop entry). You need to connect using this port after the name (using the Connect button in the portal gives you an RDP shortcut file that does this for you). If my public port is 62472, I put this in the Remote Desktop Connection computer field:
percepten-VM1.cloudapp.net:62472
If you like, you can edit the public port here in the portal using the "Edit the endpoint" option on the RemoteDesktop entry. That way you can make it 3389 if your IT department asks you for a single port number to allow outbound.
2 Test your DNS resolution to your VM using nslookup or ping. If you get "non-existent domain", then your corporate DNS is blocking Windows Azure resolution. This is what you want to see:
>nslookup percepten-vm1.cloudapp.net
Non-authoritative answer:
Name: percepten-vm1.cloudapp.net
Address: 157.56.182.135
3 If you can resolve DNS, then try using an outbound port scan tool to verify port 3389 is allowed out. I found a nice one at portquiz.positon.org. To use, open the site with a port appended in the URL. In this case, open "http://portquiz.positon.org:3389". You should see this on the page:
Outgoing port tester
This server listens on all TCP ports, allowing you to test any
outbound TCP port. You have reached this page on port 3389.
...
4 If you receive "page not available", then the port is blocked. Try contacting IT to ask them to open port 3389 (or the entire dynamic range if you're feeling ambitious). If they want to open it only to specific places on the Internet, provide them this list of all Windows Azure IP address ranges:
Windows Azure Datacenter IP Address Ranges
Hope that helps!
Noah Stahl
Percepten
Related
I am using (airtel xstream fiber) connection and trying to do port forwarding. I forwarded port 3000 of wan and direct it to my system ip address 192.168.1.2 on port 3001.
Node server is running on my system on port 3001. And I can access my hello world website locally using 192.168.1.2:3001. But when I am trying to access using public ip, it show this error code "ERR_CONNECTION_TIMED_OUT".
Also, I found my router port 3001 is open using online port checking tool/website.
So, Can anyone please tell what could be reason behind this ? Is this the problem with windows.
You first need to check what ports are open by your ISP. If your ISP is giving you a local ip at the router. Basically, creating a ppp connection. It may be using a cg nat. In that case you need to buy a static ip, without that none of the traffic will be Directed to your router. Let me know if you find something, I'm currently looking to get xstream airtel as well.
No there is no need for static IP to be access server remotely. As of now, What I see is airtel allocates new ip every 24 hr or when router got disconnected. To access your server remotely you can do two things. First one is more secured.
Change Primary IP adress of your airtel router and use Portforwarding so that its port 80 will be free for you.
Enable DMZ and point it to your local server IP. [192.168.X.X]. In this case all of your ports of the device are exposed to internet. If you want to be secure. Make sure add another router between server and airtel router and enable port forwarding.
But in this case there is a catch, When you try to access your local website using public ip (which you can see on google search) it will redirect you to airtel router panel. But when you try to access it using other device (not server otherwise server will get disconnected) connected to internet using other network(other that your current airtel router like JIO sim, Airtel Sim, etc), It will work excellently.
To get rid of dynamic ip use no-ip services. Its website will help you more. Basically, It is dynamic dns server where you will get free domain. That will get update regularly while its service running on your system. To use other dns provider service like godaddy you must need an static ip.
I have a TCP Server for a my personal chat, I want to expand my connection beyond my local network and I want to open my port: 28752 to my IP public of pc to enter wherever I want only when my computer is on.
I have seen different solutions for example DMZ to associate my local IP to public IP, but i want to do this without modifying to router's setting I wanted to do it from a program. Is it possible?
It is possible to open up ports. But it depends on the OS in which you are trying to accomplish it. You can use the linux iptables to manipulate the ports opened and closed to any linux machine. IptablesSome examples . The ports should also be opened on the firewall layer outside the VM. eg: It could be AWS access policy, Security group, MAC's security firewall. Your laptop, when connected to the internet, will have a public IP address, you can share that public IP. But these IP address will change when you get connected to a different router. You can use AWS cli commands to assign a static IP address for your machine and expose it publicly. At the least minimum, you would need a public DNS server to expose your IP publicly. Easy way to achieve this is by putting in web server on cloud. Without a domain , you cant expose your IP. Once you have finalized on the domain (eg: AWS Route 53, Ingree IP from K8 etc), you can change/manipulate them from your program. It need not be language specific.
i have problem with access to server with domains.
Test url: testpage.example.com.
Server is in local network with port fowarding (80, 443), configured as web server using caddy server as reverse proxy.
Case 1 (using Asus router):
Connected on local network behind router. Server is in the same network as my computer. Everything works like a charm in and out of my network.
Case 2 (using internet provider router):
Connected on local network behind router. Can't access server with domain. Works with direct IP. Outside network, works as in case 1.
I used same server.
Does anyone know why this problem occured? How can i solve it?
Thanks,
David
Two options I can think of:
You could add a record to whatever DNS server you're using in Case 2.
You could write a short script that runs whenever you change network connections to modify your hosts file accordingly.
This happens when the server you are trying to reach "testpage.example.com" resolves to your router's external IP address. Because your public IP address is the same as server's IP address (even though inside your home network you have different private IP addresses) your requests are lost in the ether.
As a workaround you can resolve the testpage.example.com manually on your local machine.
For Windows c:\windows\system32\etc\hosts
For Linux /etc/hosts
testpage.example.com 192.168.1.102 -> private IP of the machine serving the site.
Like if one is on 192.168.1.1 and the other on 192.168.1.2, can you configure the machine's to each other's static IP addresses and thereby have them start receiving information for each other's InstanceInputEndpoints (since now the Azure gateway should route the InstanceInputEndpoint to the new owner of the IP address)?
No, you can't do that!
And, as of today (Dec. 2013) you are highly advised to never set static IP Address of your Virtual Machine inside Windows Azure! You should always use default DHCP configuration. If you wand IP Address predictability check out this blog post. You can still use Azure Virtual Network with Web and Worker Roles and have IP Address predictability.
If you use VM you should create several VM and a Networks, define address space you will use. When you create a VM, make sure your VM is using the networks that you create. If you forget to include the vm into the network, you need to recreate the VM.
Example how to change the internal IP using 3 VM:
Server A is connected to the network and get ip 192.168.0.1
Server B 192.168.0.2
Server C 192.168.0.3
shutdown all your server from azure portal so that the status is deallocated then turn it on with this sequence:
Server B
Server C
Server A
The Result will be:
Server A 192.168.0.3
Server B 192.168.0.1
Server C 192.168.0.2
If you turn off the VM from inside the VM, it won't be change the internal IP.
If you remote onto one of your VMs, you will see an XML file at
C:\config
The filename looks something like
[deployment id]_[role name]_[instance number].[version number]
Inside the file you will find all the instances in the deployment with their IP addresses. If you edit the IP address in this file for a particular role instance on a particular VM, that VM will think that the IP address for the instance is the one in the file and will start routing traffic to it.
Warning: I've never tried to do this programmatically. Also, the changes will get wiped out if there is any update to the deployment (either initiated by you or by Azure). And there might be some other horrible side effect.
I can't access my host machine from my guest machine using the computer name (i.e. WINS). I can access it using whatever IP address it happens to have at the time, but I need a consistent way of accessing it (even if I'm not online).
I have a Windows Server 2003 guest virtual machine and a Vista host. I'm using Shared Networking (NAT). I'm running Microsoft Virtual PC 2007 SP1. I've set my DNS server to 192.168.131.254 and everything else is DHCP. Any help is appreciated.
Make a domain name in the windows hosts file on the Vista Host system:
C:\WINDOWS\system32\drivers\etc\hosts
172.16.16.4 localserver
Here is the blog that explains it:
http://blog.flexuous.com/2007/02/04/virtual-pc-ip-routing-enabling-vpc-nat-loopback-connector-at-the-same-time/
You didn't mention the network setup. If you happen to control the router, such as a home network, you've got a couple of options.
Dynamic DNS updates. When a host gets it's IP address via DHCP, it can automatically update it's DNS records with it's hostname. This is similar to services such as dyndns, but also works on your local network without net access.
Static DHCP Assignments - Assign an IP address to MAC Address relationship on the router, so that every time a DHCP request is sent out from that MAC, it will always get the same IP address. Then you can add this address to your hosts file for access via name.
Another option would be to setup a static loopback device on both the host and the guest and place them in their own private network. That way, the IP address will never change. Then, you can add the corresponding IP addresses into the host files of each respective machine to reference by name.