I'm trying to setup a VNC server on my GCE instance running debian. Normally I connect over SSH, but I need a graphical interface for some other use cases. I have a very basic firewall rule that looks like this
But when I use netcat to check the external IP on port 5901 I get that the connection is refused. Checking a port like 22 works, but none of the other ones let me connect. Am I missing a step here?
VPC firewall rules are stateful. When a connection is allowed through the firewall in either direction, return traffic matching this connection is also allowed. You cannot configure a firewall rule to deny associated response traffic.
Google Cloud firewalls are fully embedded in the cloud networking fabric, highly scalable, and granular to meet your enterprise's unique security needs.
The most common problem related to your issue is that the application / server is configured for localhost
or 127.0.0.1
, which means accept connections only on the local machine. You need to bind with 0.0.0.0
which means listen on all available networks.
When connecting from the public network (outside your system) Connection refused
means that nobody is listening. This is not a firewall rule issue as the error message indicates that the connection is not being blocked (no response) versus refused (permission denied).
Connect to your instance via SSH. Then run this command: netstat -a
. Look for a line that says LISTENING
on your port number. Then look at the IP address. If it shows 127.0.0.1
, this is your problem. If you do not see your port number in LISTENING
state, then you do not have a process listening on that port.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With