Windows Azure虚拟机端点

我是Windows Azure的新手，对networking知识有限。我有一个运行在Windows Azure上的虚拟机被configuration为具有虚拟networking。因此，在仪表板下，机器将具有以下信息：

Public virtual IP address (VIP): 168.62.210.xx Internal IP Address: 10.1.1.4

我有一台定制的服务器在该机器上运行，将在端口2641上进行侦听。在端点下，我有：

 Name Protocol Public Port Private Port Load Balanced Handle TCP 2641 2641 NO

我假设将有一个NAT基本上路由传入stream量从168.62.210.xx：2641到10.1.1.4:2641，反之亦然（从10.1.1.4到168.62.210.xx）？

有没有办法来validation该端口是否工作？

在linux上，输出nc -z 168.62.210.xx 2641; echo $? nc -z 168.62.210.xx 2641; echo $? 是1（意思是端口没有打开）。

如果我设置服务器，我假设我将不得不将服务器绑定到10.1.1.4而不是168.62.210.xx？

任何帮助将不胜感激。

谢谢，

您是否在VM上的Windows防火墙上打开了端口（2641）？

请确保已经在与vm网络接口关联的网络安全组中配置入站和出站安全规则。

与以下在Azure门户上列出的图片类似：在这里输入图像描述

在Azure中配置网络规则的另一种方法是调用Azure PowerShell SDK，可以使用下面的代码片段

 # 0. set the target resource group name and target vm name $ResourceGroupName = "ocoslab-eric" # set your own resource group $VMName = "vm-eric-demo" # set your own vm name # 1. get the vm information $VM = Get-AzureRmVM -ResourceGroupName $ResourceGroupName -Name $VMName # 2. get the network interface information $NICID = $VM.NetworkInterfaceIDs[0] $NICName = ([regex]"/.*/(.*?)$").Match($NICID).Groups[1].Value $NICResourceGroupName = ([regex]"/resourceGroups/(.*?)/").Match($NICID).Groups[1].Value $NIC = Get-AzureRmNetworkInterface -Name $NICName -ResourceGroupName $NICResourceGroupName # 3. get or create the associated security network group If ($NIC.NetworkSecurityGroup -eq $null) { $NSG = New-AzureRmNetworkSecurityGroup -Name 'custom-nsg' -Location $VM.Location -ResourceGroupName $ResourceGroupName $NIC.NetworkSecurityGroup = $NSG } Else { $NSGId = $NIC.NetworkSecurityGroup.Id $NSGName = ([regex]"/.*/(.*?)$").Match($NSGId).Groups[1].Value $NSGResourcGroup = ([regex]"/resourceGroups/(.*?)/").Match($NSGId).Groups[1].Value $NSG = Get-AzureRmNetworkSecurityGroup -Name $NSGName -ResourceGroupName $NSGResourcGroup $NIC.NetworkSecurityGroup = $NSG } # 4. create security rule to allow the port and associate with the security network group # Parameter explanation: # a. -Name Specifies the name of a network security rule configuration # b. -Access Specifies whether network traffic is allowed or denied. psdx_paramvalues Allow and Deny. # c. -Protocol Specifies the network protocol that a rule configuration applies to. # - Tcp # - Udp # - Wildcard character (*) to match both # d. -Direction Specifies whether a rule is evaluated on incoming or outgoing traffic. psdx_paramvalues Inbound and Outbound. # e. -SourceAddressPrefix Specifies a source address prefix. psdx_paramvalues # - A CIDR # - A source IP range # - A wildcard character (*) to match any IP address. # f. -SourcePortRange Specifies a source port or range. This value is expressed as an integer, as a range between 0 and 65535, or as a wildcard character (*) to match any source port. # g. -DestinationAddressPrefix Specifies a destination address prefix. psdx_paramvalues # - A Classless Interdomain Routing (CIDR) address # - A destination IP address range # - A wildcard character (*) to match any IP address # h. -DestinationPortRange Specifies a destination port or range. psdx_paramvalues # - An integer # - A range of integers between 0 and 65535 # - A wildcard character (*) to match any port # i. -Priority Specifies the priority of a rule configuration. psdx_paramvalues An integer between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. Add-AzureRmNetworkSecurityRuleConfig -NetworkSecurityGroup $NSG ` -Name 'custom_rule_name' ` -Access Allow ` -Protocol Tcp ` -Direction Inbound ` -SourceAddressPrefix Internet ` -SourcePortRange * ` -DestinationAddressPrefix * ` -DestinationPortRange 3389 ` -Priority 100 | Out-Null # 5 finally, set the NetworkSecurityGroup and NetworkInterface state Set-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $NSG | Out-Null Set-AzureRmNetworkInterface -NetworkInterface $NIC | Out-Null Write-Host "Done"

有关完整的代码示例可下载位，请访问如何使用PowerShell管理Azure虚拟机的端口