Dec 11 2017 05:18 AM - edited Dec 12 2017 12:25 AM
I have a classic VM instance running in Azure (CentOS 7). I have an endpoint rule that allows to connect through 22 port from my address. Firewalld is disabled, iptables are not installed at all. However, I can't access the VM through 22 port, even after explicitly adding my ip address (instead of whole subnet ip-address belongs) to a whitelist. I've tried to trace route of the packages and here's what I got:
7 3 ms 195.50.15.74 TimeExceeded 8 18 ms 85.26.163.180 TimeExceeded 9 19 ms msa-24z-1.ntwk.msn.net [195.208.208.137] TimeExceeded 10 61 ms ae8-0.ams-96c-1a.ntwk.msn.net [104.44.227.249] TimeExceeded 11 149 ms be-61-0.ibr01.ams.ntwk.msn.net [104.44.9.140] TimeExceeded 12 143 ms be-7-0.ibr01.amb.ntwk.msn.net [104.44.5.32] TimeExceeded 13 144 ms be-5-0.ibr01.lts.ntwk.msn.net [104.44.4.233] TimeExceeded 14 144 ms be-2-0.ibr01.lon30.ntwk.msn.net [104.44.5.38] TimeExceeded 15 142 ms be-11-0.ibr01.nyc30.ntwk.msn.net [104.44.5.104] TimeExceeded 16 143 ms be-7-0.ibr01.was02.ntwk.msn.net [104.44.4.35] TimeExceeded 17 145 ms be-6-0.ibr01.bl7.ntwk.msn.net [104.44.5.85] TimeExceeded 18 142 ms ae101-0.icr01.bl20.ntwk.msn.net [104.44.10.119] TimeExceeded 19 2002 ms timed out 19 2001 ms timed out 19 2001 ms timed out 20 2002 ms timed out 20 2002 ms timed out 20 2001 ms timed out 21 2001 ms timed out
Endpoint rules:
I can connect to that VM using another Azure VM which is whitelisted in "Endpoints". Is this some sort of network issue? I can easily telnet that port from another VM and can't do that from my working PC. Other Azure VMs are accessible without any problems.
Dec 11 2017 08:01 PM
Did you check the NSGs you have to allow the port 22 for inbound port from anywhere or specific IP
Dec 12 2017 12:24 AM
I don't have any NSG assigned to that VM. There are only endpoint rules.
1st rule covers a subnet my ip-address belongs to. The last rule includes only my ip-address.
I also have a rule for another server's address and from that server port is open but if I add my computer's ip, VM is not accessible through the same port. It really seems like firewall exceptions work only for some ip addresses.
Dec 12 2017 12:42 AM