您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

如何使用 Azure 门户打开虚拟机端口How to open ports to a virtual machine with the Azure portal

通过在子网或 VM 网络接口上创建网络筛选器可为 Azure 中的虚拟机 (VM) 打开端口或创建终结点。You open a port, or create an endpoint, to a virtual machine (VM) in Azure by creating a network filter on a subnet or a VM network interface. 将这些筛选器(控制入站和出站流量)置于附加到接收流量的资源的网络安全组中。You place these filters, which control both inbound and outbound traffic, on a network security group attached to the resource that receives the traffic.

本文中的示例演示了如何创建使用标准 TCP 端口 80 的网络筛选器(假设已启动了相应的服务并在 VM 上打开了任何 OS 防火墙规则)。The example in this article demonstrates how to create a network filter that uses the standard TCP port 80 (it's assumed you've already started the appropriate services and opened any OS firewall rules on the VM).

在创建配置为在标准 TCP 端口 80 上处理 Web 请求的 VM 之后,可以:After you've created a VM that's configured to serve web requests on the standard TCP port 80, you can:

  1. 创建网络安全组。Create a network security group.

  2. 创建允许流量的入站安全规则并将值分配给以下设置:Create an inbound security rule allowing traffic and assign values to the following settings:

    • 目标端口范围:80Destination port ranges: 80

    • 源端口范围:*(允许任何源端口)Source port ranges: * (allows any source port)

    • 优先级值:输入的值小于 65500 和默认全方位的优先级高于拒绝入站的规则。Priority value: Enter a value that is less than 65,500 and higher in priority than the default catch-all deny inbound rule.

  3. 将网络安全组与 VM 网络接口或子网相关联。Associate the network security group with the VM network interface or subnet.

虽然此示例使用简单规则来允许 HTTP 流量,但你也可以使用网络安全组和规则来创建更复杂的网络配置。Although this example uses a simple rule to allow HTTP traffic, you can also use network security groups and rules to create more complex network configurations.

登录 AzureSign in to Azure

通过 https://portal.azure.com 登录到 Azure 门户。Sign in to the Azure portal at https://portal.azure.com.

创建网络安全组Create a network security group

  1. 搜索并选择 VM 的资源组,选择“添加” ,然后搜索并选择“网络安全组” 。Search for and select the resource group for the VM, choose Add, then search for and select Network security group.

  2. 选择“创建” 。Select Create.

    此时将打开“创建网络安全组” 窗口。The Create network security group window opens.

    创建网络安全组

  3. 输入网络安全组的名称。Enter a name for your network security group.

  4. 选择或创建一个资源组,然后选择位置。Select or create a resource group, then select a location.

  5. 选择“创建” 以创建网络安全组。Select Create to create the network security group.

创建入站安全规则Create an inbound security rule

  1. 选择新的网络安全组。Select your new network security group.

  2. 选择“入站安全规则” ,并选择“添加” 。Select Inbound security rules, then select Add.

    添加入站规则

  3. 选择“高级”。 Select Advanced.

  4. 从下拉菜单中选择常见的“服务”,如 HTTP 。Choose a common Service from the drop-down menu, such as HTTP. 如果要提供要使用的特定端口,也可以选择“自定义” 。You can also select Custom if you want to provide a specific port to use.

  5. (可选)更改优先级名称Optionally, change the Priority or Name. 优先级会影响应用规则的顺序:数值越小,越先应用规则。The priority affects the order in which rules are applied: the lower the numerical value, the earlier the rule is applied.

  6. 选择“添加” 以创建规则。Select Add to create the rule.

将网络安全组与子网相关联Associate your network security group with a subnet

最后一步是将网络安全组与子网或特定网络接口相关联。Your final step is to associate your network security group with a subnet or a specific network interface. 对于此示例,我们将网络安全组与子网相关联。For this example, we'll associate the network security group with a subnet.

  1. 选择“子网”,然后选择“关联” 。Select Subnets, then select Associate.

    将网络安全组与子网相关联

  2. 选择虚拟网络,并选择相应的子网。Select your virtual network, and then select the appropriate subnet.

    将网络安全组与虚拟网络相关联

    现在,连接到该子网的任何 VM 都可以通过端口 80 访问。Any VMs you connect to that subnet are now reachable on port 80.

其他信息Additional information

也可以使用 Azure PowerShell 执行本文中的步骤You can also perform the steps in this article by using Azure PowerShell.

使用本文中介绍的命令可以快速获取流向 VM 的流量。The commands described in this article allow you to quickly get traffic flowing to your VM. 网络安全组提供许多出色的功能和粒度来控制对资源的访问。Network security groups provide many great features and granularity for controlling access to your resources. 有关详细信息,请参阅使用网络安全组筛选网络流量For more information, see Filter network traffic with a network security group.

对于高可用性 Web 应用程序,请考虑将 VM 放在 Azure 负载均衡器后面。For highly available web applications, consider placing your VMs behind an Azure load balancer. 当负载均衡器向 VM 分配流量时,网络安全组可以筛选流量。The load balancer distributes traffic to VMs, with a network security group that provides traffic filtering. 有关详细信息,请参阅在 Azure 中均衡 Windows 虚拟机负载以创建高可用性应用程序For more information, see Load balance Windows virtual machines in Azure to create a highly available application.

后续步骤Next steps

在本文中,已经创建了网络安全组、创建了允许端口 80 上的 HTTP 流量的入站规则,并将该规则与子网进行了关联。In this article, you created a network security group, created an inbound rule that allows HTTP traffic on port 80, and then associated that rule with a subnet.

可以从下列文章中,找到有关创建更详细环境的信息:You can find information on creating more detailed environments in the following articles: