Reputation: 71
Error connecting to tcp socket from Azure Functions
We have Azure Function configured with VNet integration to our private network. Also, we have Azure Container Instance with ClamAV application running in our private network.
Using my development machine that is connected to the private network I can connect to the ClamAV application.
But when Azure Function tries to connect to the same ClamAV application it fails with this error: Exception: An attempt was made to access a socket in a way forbidden by its access permissions. [::ffff:172.16.195.196]:3310;
The code looks like this:
var clamAvClient = new TcpClient();
await clamAvClient.ConnectAsync("172.16.195.196", 3310); // <-- exception thorwn here
// send the file data to the tcp client stream
Some notes:
- The exact same code works from the dev machine but fails in Azure Function.
- Azure Function has access to the private network (it successfully connects to the Blob Storage in this private network).
- Azure Function can connect to the different ClamAV application located in the public network:
await clamAvClient.ConnectAsync("<instance name>.azurecontainer.io", 3310); // <-- it works
await clamAvClient.ConnectAsync("172.16.195.196", 3310); // <-- it fails
Upvotes: 0
Views: 1323
Answers (3)
Reputation: 16108
I assume you are using the nClam library. This is a know issue. There is an open PR to fix your exact same issue here: https://github.com/tekmaven/nClam/pull/39 You might need to use the forked version from that PR since the PR doesn't seem to be looked at by the repo maintainer :(
Upvotes: 1
Reputation: 18387
Seems to me problem is related to the port 3310 your clamav is listening to. Try changing to default 443 port or host clamav in a service fabric cluster / vm / worker role where you can control which ports to open / listen.
Upvotes: 0
Reputation: 26314
Judging by the IPv4-mapped-IPv6-address i see here
Exception: An attempt was made to access a socket in a way
forbidden by its access permissions. [::ffff:172.16.195.196]:3310
your clamAvClient is trying to speak IPv6 to your remote endpoint. Look at the docs and find a way to persuade it to switch to IPv4, which will work nicely from an Azure Function. IPv6 won't.
Try this:
// InterNetwork -- Address for IP version 4.
// InterNetworkV6 -- Address for IP version 6.
TcpClient clamAvClient = new TcpClient(AddressFamily.InterNetwork);
(from learn.microsoft.com)
<instance name>.azurecontainer.io works because most probably its DNS name resolves to an IPv4 address.
Upvotes: 4
Related Questions
- Azure Function runs into System.Net.Sockets.SocketException
- Azure Functions Connection Monitoring
- Azure Functions and local TCP server
- Azure Functions - An attempt was made to access a socket in a way forbidden by its access
- Azure Function - Getting SocketException with HttpClient
- Socket exception while making Http calls
- My Azure Function Intermittantly fails to read the connection string
- System.Net.Sockets.SocketException in Function App 2.0
- Azure Function web socket client
- How do I resolve "connection string is not formatted correctly"?