Minor changes

Author: fcabreramsft

articles/iot-edge/troubleshoot-iot-edge-for-linux-on-windows-networking.md

@@ -84,15 +84,16 @@ The address resolution could fail for multiple reasons. First, the DNS servers c
     ```powershell
     Connect-EflowVm
     ```
-1. Ping the DNS server address.
+1. Ping the DNS server address and check the response.
    ```bash
    ping <DNS-Server-IP-Address>
     ```
-   If the server is reachable, you should get a response, and your issue may be related to other DNS server configurations. If there's no response, then you probably have a connection issue to the server.
+   >[!TIP]
+   > If the server is reachable, you should get a response, and your issue may be related to other DNS server configurations. If there's no response, then you probably have a connection issue to the server.
 
-Second, some networking environments will limit the access of the DNS servers to specific allowlist addresses. If so, first make sure that you can access the DNS server from the Windows host OS, and then check with your networking team if you need to add the EFLOW IP address to an allowlist. 
+Second, some network environments will limit the access of the DNS servers to specific allowlist addresses. If so, first make sure that you can access the DNS server from the Windows host OS, and then check with your networking team if you need to add the EFLOW IP address to an allowlist. 
 
-Finally, some networking environment will block public DNS servers, like Google DNS (8.8.8.8 and 8.8.4.4). If so, talk with your networking environment team to define a valid DNS server, and then set it up using the `Set-EflowVmDnsServers` cmdlet. 
+Finally, some network environment will block public DNS servers, like Google DNS (_8.8.8.8_ and _8.8.4.4_). If so, talk with your network environment team to define a valid DNS server, and then set it up using the `Set-EflowVmDnsServers` cmdlet. 
 
 ## Check your firewall and port configuration rules
 
@@ -106,6 +107,9 @@ The IoT Edge for Linux on Windows is still dependent on the underlying Windows h
 |AMQP|5671|BLOCKED (Default)|OPEN (Default)|<ul> <li>Default communication protocol for IoT Edge. <li> Must be configured to be *Open* if Azure IoT Edge isn't configured for other supported protocols or AMQP is the desired communication protocol.<li>5672 for AMQP isn't supported by IoT Edge.<li>Block this port when Azure IoT Edge uses a different IoT Hub supported protocol.<li>Incoming (Inbound) connections should be blocked.</ul></ul>|
 |HTTPS|443|BLOCKED (Default)|OPEN (Default)|<ul> <li>Configure *Outgoing (Outbound)* to be *Open* on port 443 for IoT Edge provisioning. This configuration is required when using manual scripts or Azure IoT Device Provisioning Service (DPS). <li><a id="anchortext">*Incoming (Inbound)* connection</a> should be *Open* only for specific scenarios: <ul> <li>  If you have a transparent gateway with leaf devices that may send method requests. In this case, port 443 doesn't need to be open to external networks to connect to IoT Hub or provide IoT Hub services through Azure IoT Edge. Thus the incoming rule could be restricted to only open *Incoming (Inbound)* from the internal network. <li> For *client to device (C2D)* scenarios.</ul><li>80 for HTTP isn't supported by IoT Edge.<li>If non-HTTP protocols (for example, AMQP or MQTT) can't be configured in the enterprise; the messages can be sent over WebSockets. Port 443 will be used for WebSocket communication in that case.</ul>|
 
+>[!NOTE]
+> If you are using an external virtual switch, make sure to add the appropriate firewall rules for the module port mappings you're using inside the EFLOW virtual machine. 
+
 For more information about EFLOW VM firewall, see [IoT Edge for Linux on Windows Security](./iot-edge-for-linux-on-windows-security.md). To check the EFLOW virtual machine rules, use the following steps:
 
 1. Start an elevated _PowerShell_ session using **Run as Administrator**.
@@ -118,10 +122,7 @@ For more information about EFLOW VM firewall, see [IoT Edge for Linux on Windows
     sudo iptables -L
     ```
 
->[!NOTE]
-> If you are using an external virtual switch, make sure to add the appropriate firewall rules for the module port mappings you're using inside the EFLOW virtual machine. 
-
-To add a firewall rule to the EFLOW VM, you can check the [EFLOW Util - Firewall Rules](https://github.com/Azure/iotedge-eflow/tree/eflow-usbip/eflow-util/firewall-rules) sample PowerShell cmdlets. Also, you can use the following steps:
+To add a firewall rule to the EFLOW VM, you can use the [EFLOW Util - Firewall Rules](https://github.com/Azure/iotedge-eflow/tree/eflow-usbip/eflow-util/firewall-rules) sample PowerShell cmdlets. Also, you can achieve the same rules creation by following these steps:
 
 1. Start an elevated _PowerShell_ session using **Run as Administrator**.
 1. Connect to the EFLOW virtual machine
@@ -141,11 +142,16 @@ To add a firewall rule to the EFLOW VM, you can check the [EFLOW Util - Firewall
 
 There are multiple other reasons why network communication could fail. The following section will just list a couple of issues that users have encountered in the past.
 
-- EFLOW virtual machine won't respond to ping (ICMP traffic) requests.
+- **EFLOW virtual machine won't respond to ping (ICMP traffic) requests.**
+    
     By default ICMP ping traffic response is disabled on the EFLOW VM firewall. To respond to ping requests, allow the ICMP traffic by using the following PowerShell cmdlet:
-   `Invoke-EflowVmCommand "sudo iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT"`
-- Failed device discovery using multicast traffic.
+
+    `Invoke-EflowVmCommand "sudo iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT"`
+
+- **Failed device discovery using multicast traffic.**
+    
     First, to allow device discovery via multicast, the Hyper-V VM must be configured to use an external switch. Second, the IoT Edge custom module must be configured to use the host network via the container create options:
+    
     ```json
     {
       "HostConfig": {
@@ -158,17 +164,21 @@ There are multiple other reasons why network communication could fail. The follo
       }
     }
     ```
-- Firewall rules added, but traffic still not able to reach the IoT Edge module.
+- **Firewall rules added, but traffic still not able to reach the IoT Edge module.**
+    
     If communication is still not working after addling the appropriate firewall rules, try completely disabling the firewall to troubleshoot.
+    
     ```bash
     sudo iptables -F
     sudo iptables -X
     sudo iptables -P INPUT ACCEPT
     sudo iptables -P OUTPUT ACCEPT
     sudo iptables -P FORWARD ACCEPT
     ```
-    Once finished, reboot the VM to get the EFLOW VM firewall back to normal state. 
-- Can't connect to internet when using multiple NICs.
+    Once finished, reboot the VM (`Stop-EflowVm` and `Start-EflowVm`) to get the EFLOW VM firewall back to normal state. 
+
+- **Can't connect to internet when using multiple NICs.**
+    
     Generally, this issue is related to a routing problem. Check [How to configure Azure IoT Edge for Linux on Windows Industrial IoT & DMZ configuration](how-to-configure-iot-edge-for-linux-on-windows-iiot-dmz.md) to set up a static route.