This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 1%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
I have enabled incoming TCP port 8080 via nsg config for my VM and the VM has firewalls enabled for the same port.
I can already see traffic is able to get in if source is in the same server.
But if source is external and access is via public IP the traffic is getting refused.
Can someone in azure support assist? Problem looks like it is in Azure net as localhost server access is fine.
my VM name is lamp01 and public ip 13.90.34.179
Did you try to specify TCP Protocol, and Inbound from Inet? Maybe you already get a solution. Maybe you can tell us. Did you try to increase priority?
Regards Chris
Did you try to specify TCP Protocol, and Inbound from Inet?
Yes I have and I have provided a screenshot of my NSG settings: https://imgur.com/a/QPdxVHx
Maybe you already get a solution.
No. And there has not been any Azure support response.
Maybe you can tell us. Did you try to increase priority?
Yes. No effect.
As you have already stated, the main places for traffic to be blocked are NSGs, or a firewall on the VM. If you have additional parts to your network like an Azure Firewall, Load Balancer, or custom routes that might alter traffic, it can get more complicated. If you simply have a VM with a Public IP address, and no User Defined Routes that could alter the traffic, then it is being blocked by an NSG, or by the VM itself.
In situations like these, I like to double check everything. Lets start with NSGs:
In the NSG you provided a screenshot of 'lamp01-nsg', port 8080 to 8090 is allowed on any protocol. An outbound rule is not needed with TCP connectivity, so this NSG is not blocking the traffic.
NSGs can be applied to the NIC of a VM, and the subnet that the VM is in. Make sure that you do not also have an NSG on the subnet that is blocking the traffic.
Next, we need to check the machine itself to make sure that it is listening on port 8080. I assume with the 'lamp' name of your NSG, that you are using a Linux VM. I like to use 'netstat -tl' to output listening ports on the OS. Make sure that your VM is listening on port 8080.
Next, try to establish a connection. First, try from within the VM using CURL on the VM's private IP address. Next, try to connect from the same VNET via the private IP(If you have another VM running in the VNET), and last, try to connect from a computer outside the VNET via the public IP. Make sure you are connecting via port 8080. Depending upon where the failure occurs will give you additional information on where the block is occurring.
You can also try a TCP ping test, I like to use PSPING to check for TCP connectivity on an address. If you are able to establish external TCP connectivity but unable to get a website, it is likely a configuration issue with the web hosting software on your VM.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 44%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
As you have already stated, the main places for traffic to be blocked are NSGs, or a firewall on the VM. If you have additional parts to your network like an Azure Firewall, Load Balancer, or custom routes that might alter traffic, it can get more complicated. If you simply have a VM with a Public IP address, and no User Defined Routes that could alter the traffic, then it is being blocked by an NSG, or by the VM itself.
Ok
In situations like these, I like to double check everything. Lets start with NSGs:
Ok
In the NSG you provided a screenshot of 'lamp01-nsg', port 8080 to 8090 is allowed on any protocol. An outbound rule is not needed with TCP connectivity, so this NSG is not blocking the traffic.
Ok
NSGs can be applied to the NIC of a VM, and the subnet that the VM is in. Make sure that you do not also have an NSG on the subnet that is blocking the traffic.
I have not setup any additional NSGs
Next, we need to check the machine itself to make sure that it is listening on port 8080. I assume with the 'lamp' name of your NSG, that you are using a Linux VM. I like to use 'netstat -tl' to output listening ports on the OS. Make sure that your VM is listening on port 8080.
Yes it is. I have tested by using a local app to connect.
Next, try to establish a connection. First, try from within the VM using CURL on the VM's private IP address. Next, try to connect from the same VNET via the private IP(If you have another VM running in the VNET), and last, try to connect from a computer outside the VNET via the public IP. Make sure you are connecting via port 8080. Depending upon where the failure occurs will give you additional information on where the block is occurring.
I am able to connect to the machine via port 80 from a public source only port 8080 is not working.
You can also try a TCP ping test, I like to use PSPING to check for TCP connectivity on an address. If you are able to establish external TCP connectivity but unable to get a website, it is likely a configuration issue with the web hosting software on your VM.
From all information available, the issue seems to be with NSG rules and network of Azure. Everything else is correct but the NSG is not implementing the allow port 8080 rule correctly. Hopefully you can investigate this possibility.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 42%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Hi! Try to run Network Watcher, IP Flow Verify blade. ![55226-networkwatcher.png][1] [1]: /api/attachments/55226-networkwatcher.png?platform=QnA