question

Mjmarahman avatar image
0 Votes"
Mjmarahman asked martinta edited

Load balancer not forwarding port

Basically I have a load balancer > NAT > NSG > VM. I allowed port 8000 from all sides LB, NSG and VM. Even when using the tool it says "It seems that your backend resources are responding on all configured ports".

However, once trying to connect to that port and even using online tools to check if that port is open. It shows it as not open even though I had copied the same way that SSH forwarding was enabled. Does anyone know why it fails on port 8000? Perhaps I missed a step or something?


This image shows the NSG attached to the VM, which I had allowed port 8000 and 22. This is only for a test environment.
f8UkB48.png





This image shows the VM allowing and having an application running on port 8000.
mi337SW.png




This image shows when trying to troubleshoot the Load Balancer with the port 8000 NAT rule it says that were no problems (this did take a long time)

pcnsbFl.png




The image below shows the NAT rules for the load balancer, one of these I am using for using a different port for SSHing to the virtual machine and it works fine. But the one for port 8000 doesn't work.

SoKZHjb.png



Checking with an external tool to check if the port is open and only the one I am using for SSH works but the one for 8000 doesn't.
LyIk6wD.png


[1]: https://i.imgur.com/SoKZHjb.png


azure-virtual-machinesazure-virtual-machines-networkingazure-load-balancer
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Does no one know the solution this? I really need help with it as it is for my final grad project and any comment would be really helpful.

0 Votes 0 ·
martinta avatar image
0 Votes"
martinta answered Mjmarahman published

Okay, i will try - but please bear in mind that I am in no way, shape or form a linux expert.

But if i recall right, a linux (debian atleast) creates two different interfaces, a loopback interface which is 127.0.0.1 (itself) and a eth0 which is the internal IP address of the server (eg. 192.168.0.10)

In your picture, it is open for port 22 on 0.0.0.0 which I would suspect being all interfaces, but the port 8000 is "only" for 127.0.0.1.

Again, i'm not a linux expert, but could the issue be that the port is only listening on the loopback interface?

194783-linux.jpg



linux.jpg (78.9 KiB)
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for your response @martinta, you might be correct here.
Hello @Mjmarahman, you can try and run the command sudo ufw allow from any to any port 8000 and check if this resolves the issue. You can also run the command sudo ufw status verbose and see if the port is open.

0 Votes 0 ·
Mjmarahman avatar image Mjmarahman ChaitanyaNaykodiMSFT-9638 ·

Hi @martinta and @ChaitanyaNaykodiMSFT-9638

I had tried both of these, I switched the application to be using the 0.0.0.0 instead of 127.0.0.1 and it isn't listen to it either. Could this be a load balancer problem? It is based at Europe West and I am in Qatar (Middle East). It is a basic SKU load balancer than a standard one. Should I have a standard one instead? I am remotely accessing using the front end of the ssh no problem (not through bastion).

0 Votes 0 ·

Could you by any chance post the result of "sudo ss -ltnp" and "sudo ufw status verbose"

The problem could be the load balancer or the VM, unfortunately, the load balancer isen't the most talkative device, and still lack (in my opionion) basic features in regards to monitoring.
I would not suspect the problem to be related to your physical location. If it has a public IP address you should be able to access it.

0 Votes 0 ·
Show more comments
Mjmarahman avatar image
1 Vote"
Mjmarahman answered martinta edited

This has been resolved, I thank everyone who took their time and helped me. The lesson learned here is to know which VM you are working on and especially when you are tired at 3 am in the morning. I was working on another virtual machine all along, after I figured that out the other configuration to that virtual machine except the NAT rule because I forgot about that. I gave up on this and I came back with a steady mind.

Then I reviewed this screenshots again and my configuration on the NAT to see that I still had it on the wrong virtual machine. Now it works :).

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Great you got it to work. :-)

We have all been there. And thanks for following up with what was wrong.

0 Votes 0 ·