TCP服务器的GCP计算引擎防火墙规则
[英]GCP Compute Engine Firewall Rules for TCP Server
问题描述
I have created a GCP compute engine instance with a static external ip address. 
我创建了一个带有静态外部ip地址的GCP计算引擎实例。 Machine type: n1-standard-2 (2 vCPUs, 7.5 GB memory). 机器类型:n1-standard-2(2个vCPU,7.5 GB内存)。 OS is Linux/Debian. 操作系统是Linux / Debian。
My intention is to create a plain Node.js TCP server on the machine. 我的目的是在机器上创建一个普通的Node.js TCP服务器。 The code is as follows: 代码如下:
var net = require('net');
var HOST = '0.0.0.0';
var PORT = 110;
net.createServer(function(sock) {
console.log('CONNECTED: ' + sock.remoteAddress +':'+ sock.remotePort);
sock.on('data', function(data) {
console.log('DATA ' + sock.remoteAddress + ': ' + data);
sock.write('You said "' + data + '"');
});
}).listen(PORT, HOST);
console.log('Server listening on ' + HOST +':'+ PORT);
The client is: 客户是:
var net = require('net');
var HOST = '104.197.23.132';
var PORT = 110;
var client = new net.Socket();
client.connect(PORT, HOST, function() {
console.log('CONNECTED TO: ' + HOST + ':' + PORT);
client.write('I am Chuck Norris!');
});
client.on('data', function(data) {
console.log('DATA: ' + data);
client.destroy();
});
client.on('close', function() {
console.log('Connection closed');
});
My firewall rules are as follows: 我的防火墙规则如下:
PLEASE NOTE: I am listening on port 110, and the client is trying to connect to the static external ip address. 请注意:我正在侦听端口110,客户端正在尝试连接到静态外部IP地址。 Itt appears that I am enabling TCP traffic over 110 according to firewall rules. 根据防火墙规则,我似乎正在启用超过110的TCP流量。 The error I see is 我看到的错误是
Error: connect ETIMEDOUT 104.197.23.132:110
When I ssh into the instance, and run tcp client, I connect successfully. 当我进入实例并运行tcp客户端时,我成功连接。 So the final question is, why can't local tcp client (my computer) connect to compute instance? 所以最后一个问题是,为什么本地tcp客户端(我的电脑)不能连接到计算实例? Is there something wrong with my firewall rules / source filters / IP forwarding? 我的防火墙规则/源过滤器/ IP转发有问题吗?
2 个解决方案
解决方案1
2 2017-11-03 02:38:34
I just solved this problem.
我刚刚解决了这个问题。
You have the wrong targets. 你有错误的目标。 Go to the edit page and click the select menu of "Targets", and then you can select the first option "Apply to all instance" that is the easiest way. 转到编辑页面并单击“目标”的选择菜单,然后您可以选择第一个选项“应用于所有实例”,这是最简单的方法。
解决方案2
-1 2017-08-26 03:42:00
You need to first add firewall rule according to your host's IP, as internal traffic needs to be received from that particular host (your machine) Then you should be able to ping to GCP Compute Instance. 您需要首先根据主机的IP添加防火墙规则,因为需要从该特定主机(您的计算机)接收内部流量然后您应该能够ping到GCP计算实例。 You should also be able to telnet at the particular port which you configured in your program. 您还应该能够在程序中配置的特定端口上进行telnet。
This should be okay. 这应该没问题。 Also - the customized rule should be added in the Network Tags of instance, to make the rule associated to that instance, after this the instance uses that particular rule. 此外 - 应在实例的网络标记中添加自定义规则,以使规则与该实例关联,然后实例使用该特定规则。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.