I have an Azure Virtual Machine running Windows Server.
I have written a client-server code in python (2 files, one runs on server one on client) that works locally on my machine (using 127.0.0.1), but I can't get it to work when I run the server side code on the azure VM. I get connection timeout.
I think the problem is in my python implementation, and not a FW or NSG rule problem, because other connections (like python -m http.server, or just RDPing into the machine) did go work.
I have also made sure that the network rule allows ANY for protocol, and wasn't specified on HTTP for example.
here's for what I tired so far:
server_side.py
import socket
HOST = "127.0.0.1" # I change this accordingly
PORT = 10537 # tried 8888 at first, but thought maybe it was taken?
def main():
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.bind((HOST, PORT))
s.listen()
conn, addr = s.accept()
with conn:
print(f"Connected by {addr}")
main()
client_side.py
import socket
import time
HOST = "120.120.120.120." # here I write VM's public IP address
PORT = 10537 # The port I listen on server, and opened by FW.
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.connect((HOST, PORT))
# I have simplified the code to just to connection part
when I run this on my machine (changing IPs to 127.0.0.1 or similar) it works as expected. server side prints the received connection.
But wen I run the server side on the VM, it prints nothing (no connection received) and my client after some time prints connection timeout.
here's the NSG rule of the VM:
{
"Name": "AllowMYIP8888Inbound",
"Etag": "W/\"<random_looking_string>\"",
"Id": "/subscriptions/<subs ID>/resourceGroups/<RG name>/providers/Microsoft.Network/networkSecurityGroups/<my>-VirtualMachine-nsg/securityRules/AllowMYIP8888Inbound",
"Description": "allow inboud traffic at port 8888 for python script. for my IP only.",
"Protocol": "*",
"SourcePortRange": [
"*"
],
"DestinationPortRange": [
"10537"
],
"SourceAddressPrefix": [
"<my public IP address>"
],
"DestinationAddressPrefix": [
"*"
],
"Access": "Allow",
"Priority": 1000,
"Direction": "Inbound",
"ProvisioningState": "Succeeded",
"SourceApplicationSecurityGroups": [],
"DestinationApplicationSecurityGroups": []
}
Why I think the problem is in the python implementation:
Because when I did python -m http.server 10573 on the VM, I was able to access the directory (using the public IP).
This also rules out local FW on the windows machine, because this simple HTTP server did go through.
But I couldn't get a connection when using a socket like shown above.
on the server I tried changing the binding IP address to anything I could think of or found on the internet: localhost, 127.0.0.1, 0.0.0.0, 10.0.0.8 (local IP address), public IP address (understandably got an error), empty string.
On the client side I kept the public IP address, because nothing else would make sense (and worked).
On the NSG I also tried allowing all IP addresses (and not just my own), but it didn't help (and it was scary).
I'm not sure why my code won't work over the internet, on any guide and SOF question I saw, it was just a matter of changing IP address on the code and nothing beyond that.
Would really love some advice,
thanks.