I'm a newbie to Azure and recently launched my first Ubuntu 24.04 LTS virtual machine with a static public IP. I've configured the inbound rules in the NSG to allow TCP 22 (for SSH), UDP 500, UDP 4500, and ICMP, while the outbound rules also permit ICMP and all other kinds of traffic. I've confirmed that UFW is inactive and iptables is set to accept all traffic, so everything looks good on that front. The public IP and DNS are resolving correctly, and SSH is working perfectly. However, I'm puzzled because my VM doesn't respond to ping requests from the outside, even though UDP 500 and 4500 tests were successful. Is this behavior typical for Azure public IPs? Am I missing a critical piece of the configuration? This VM is intended to run StrongSwan for an IPSec tunnel between Azure and my homelab, so I want to get this figured out. I'd appreciate any insights from more experienced Azure users!
5 Answers
I’m pretty sure Azure blocks ICMP by default, so you might be missing a rule somewhere that allows it.
I’m not an Azure expert, but I’d suggest checking your routing. ICMP operates at layer 3, so if your routing isn’t set up correctly, TCP/IP ports might work but ping could fail.
By default, Azure doesn't allow ICMP. You might want to check out this guide: https://www.thomasmaurer.ch/2019/09/how-to-enable-ping-icmp-echo-on-an-azure-vm/
Microsoft really has a thing for blocking pings. It’s interesting; they used to have Xbox 360s in conference rooms for media purposes, but pings being blocked caused issues with monitoring.
Try installing tcpdump to see if the traffic is reaching your server. Is it responding but the return packets aren’t coming back? You’re going to want to go through each segment of your network.
Problem is resolved!! It wasn't a rule issue; turns out I got a new public IP when I created the Ubuntu server. I mistakenly tried to ping an old public IP I had set up earlier. SSH was using the correct, new IP though. My bad!
Thanks for the link! Just to clarify, the inbound rule is set up, and since I'm using Ubuntu, not Windows, there's that.