I have 2 VMs (CentOS), running in the same VNET (and subnet). They both have a static public IP.
I have a Network Security Group which defines inbound and outbound rules, attached to both NICs as well as to the VNET.
One of the inbound rules is the default-allow-ssh rule. All good so far, using SSH, I can access both VMs from outside Azure, from my own computer from anywhere on the web.
On 1 of the VMs I'm running a webserver.
Exposing the webserver on port 80 and adding a new NSG inbound security rule on port 80 (src: any, src port range: *, dest: any, port: 80, protocol: any) allows met to access the webserver from anywhere: from my pc from anywhere on the web, from my other VM within Azure, so just as I was expecting.
Now when I change the port of the webserver from 80 to for example 7181:
I can still do "curl http://[PUBLIC_IP]:7181" from the server I'm hosting the webserver on AS WELL AS from the other CentOS server sitting in the same VNET (subnet) BUT no longer from my pc or any pc outside the Azure realm (the web).
Firewalld is not running on the webserver, nor do I have iptables set, only NSG rules define inbound and outbound traffic.
The host of the webserver is always accessible from anywhere outside Azure, using ssh. The webservice itself, on port 80, including a proper inbound NSG rule, also works just fine from anywhere out- and inside Azure. The custom port, configured identically as port 80 or 22 in the NSG (except for the port number of course), is accessible only from inside the same VNET.
Anyone?
(the error I get is the well-known: ERR_CONNECTION_REFUSED)
NSG screenshot: enter image description here
