NSG Rules for AzureVM are not working

mister_kanister 0 Reputation points
2023-03-31T09:22:40.51+00:00

Good Day!

I've created an Azure VM with terraform with mandatory other ressources to make this VM accessible via Internet. Don't matter what I do, no other ports that 80, 443 and 22 are open. Web app running in K3S is accessible. Accessible via SSH. For my application I need port 9000 to be available which running a Hello World nodejs app. (curls localhost:9000 return "Hello World"). Even if I add a NSG rule to accept every port from every IP still don't work. Ubuntu ufw is disabled. I seems NSG rules somehow get ignored.

Strange thing is when I use nmap -sS <publicip> -p 9000 (TCP) it reports

PORT     STATE  SERVICE
9000/tcp closed cslistener

On the other hand when I use sudo nmap -sU <publicip> -p9000 (UDP) it reports

PORT     STATE         SERVICE
9000/udp open|filtered cslistener

If I explicitly close UDP 9000 nothing changes. It's my second VM I've created. NSG is associated with the network interface attached to the VM.

Thanks in advance!

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,095 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,540 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. deherman-MSFT 37,666 Reputation points Microsoft Employee
    2023-03-31T15:34:51.3933333+00:00

    @mister_kanister

    Sorry to hear you are having issues connecting to your application on port 9000. It looks like your last sentence was cut off.

    I confirmed that I was able to create an inbound rule for port 9000 and use that port when connecting. I ran "nmap -p T:9000 -Pn 20.115.149.99" can see the results below.

    User's image

    User's image

    Please double check your NSG to make sure it is allowing the traffic. This page walks through how to accomplish this. If you are still having issues, you can install and troubleshoot using Azure Network Watcher.

    Hope this resolves your issue. Let me know if you still have problems or need help.


    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments

  2. mister_kanister 0 Reputation points
    2023-04-03T09:01:31.26+00:00

    Hello! Thanks for your response!

    I've updated my question to make it more complete. NSG test reports positive and displays my rule. However I still can't curl publicip:4242 or nmap. Checked effective rules associated with the internal NIC.

    nmap now reports different results after I changed port

    TCP

    
    PORT     STATE    SERVICE
    
    4242/tcp filtered vrml-multi-use
    
    

    UDP

    
    PORT     STATE         SERVICE
    
    4242/udp open|filtered vrml-multi-use
    
    
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.