stackoom
  简体   繁体   中英

GCP Compute Engine Firewall Rules for TCP Server

 原文  2017-08-12 19:51:05       node.js/ tcp/ google-compute-engine/ firewall/ gcp

Question

I have created a GCP compute engine instance with a static external ip address. Machine type: n1-standard-2 (2 vCPUs, 7.5 GB memory). OS is Linux/Debian.

在此输入图像描述

My intention is to create a plain Node.js TCP server on the machine. The code is as follows: 

var net = require('net');

var HOST = '0.0.0.0';
var PORT = 110;

net.createServer(function(sock) {
        console.log('CONNECTED: ' + sock.remoteAddress +':'+ sock.remotePort);
        sock.on('data', function(data) {
        console.log('DATA ' + sock.remoteAddress + ': ' + data);
        sock.write('You said "' + data + '"');

    });


}).listen(PORT, HOST);
console.log('Server listening on ' + HOST +':'+ PORT);

The client is: 

var net = require('net');

var HOST = '104.197.23.132';
var PORT = 110;

var client = new net.Socket();
client.connect(PORT, HOST, function() {
    console.log('CONNECTED TO: ' + HOST + ':' + PORT);
    client.write('I am Chuck Norris!');

});
client.on('data', function(data) {
    console.log('DATA: ' + data);
    client.destroy();

});
client.on('close', function() {
    console.log('Connection closed');
});

My firewall rules are as follows:

在此输入图像描述

PLEASE NOTE: I am listening on port 110, and the client is trying to connect to the static external ip address. Itt appears that I am enabling TCP traffic over 110 according to firewall rules. The error I see is 

Error: connect ETIMEDOUT 104.197.23.132:110

When I ssh into the instance, and run tcp client, I connect successfully. So the final question is, why can't local tcp client (my computer) connect to compute instance? Is there something wrong with my firewall rules / source filters / IP forwarding?

2 answers

solution1
 2  2017-11-03 02:38:34

在此输入图像描述 I just solved this problem.

You have the wrong targets. Go to the edit page and click the select menu of "Targets", and then you can select the first option "Apply to all instance" that is the easiest way.

solution2
 -1  2017-08-26 03:42:00

You need to first add firewall rule according to your host's IP, as internal traffic needs to be received from that particular host (your machine) Then you should be able to ping to GCP Compute Instance. You should also be able to telnet at the particular port which you configured in your program.

This should be okay. Also - the customized rule should be added in the Network Tags of instance, to make the rule associated to that instance, after this the instance uses that particular rule.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Making changes GCP compute engine? Connect to Compute Engine From App Engine or CLoud Run with firewall and IAP GCP Compute Engine - cannot listen on port 80? NodeJS TLS/TCP server in need of an external firewall VM firewall rules update GCP - Compute Engine to Storage per group/user access ACL with custom Auth system Deployment to GCP App Engine, but not serving Server Side Rendered pages Is there a gcloud API to detect when a Compute Engine server is completely up? Run Node.js on a Google Compute Engine Debian server Reaching Node.js server externally from Google Compute Engine
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM