Google Compute Engine: How can I disable the firewall of VM instance?

Question

I have used firewall rules but I still cannot receive traffic on vm instance. I want to allow http server incoming connection. By default google compute engine does not allow incoming traffic outside the network, so you have to create firewall rules. In google cloud platform documentation it suggests to disable operating system firewall. To disable it I need my user password, which I never created. So what to do now? I need password for my user, I am the creator of vm instance. Any help? These are my firewall settings:

saad_hussain@saad:~$ gcloud compute firewall-rules list 
NAME                    NETWORK  SRC_RANGES    RULES                         SRC_TAGS  TARGET_TAGS
default-allow-http      default  0.0.0.0/0     tcp:80                                  http-server
default-allow-https     default  0.0.0.0/0     tcp:443                                 https-server
default-allow-icmp      default  0.0.0.0/0     icmp
default-allow-internal  default  10.128.0.0/9  tcp:0-65535,udp:0-65535,icmp
default-allow-rdp       default  0.0.0.0/0     tcp:3389
default-allow-ssh       default  0.0.0.0/0     tcp:22
http                    default  0.0.0.0/0     tcp:80
https                   default  0.0.0.0/0     tcp:80

Answer 1

• Open Google Cloud Platform and log in.
• Click Console at the top-right

• Click Computer Engine from the left menu.

• Than click VM instances from the left menu.

• Click the virtual machine instance's three-dot menu(...) which you want to allow the port connection.

• Select "View network details". (Now you can see rules about firewall)

• Click "Firewall Rules" from left menu.

• Click "CREATE FIREWALL RULE" button at the top of page.

At here you can allow any ip to connect to your vm instance or allow any port to connection. Now you can adjust firewall for vm instance good luck.

Answer 2

Here is some advice to troubleshoot similar issues. Have a look to:

a) Google Firewall. As per the comments and the output provided, port 80 is already opened but will only apply to instances that hold the tag ¨http-server¨.

b) Making sure that a firewall inside the VM is not filtering packets. As also mentioned in the comments most of the public images provided by Google allow the traffic by default.

c) Making sure that the service is not only listening on localhost and it is using an IPv4 address

Using nmap can help to determine if the issue is being caused by a firewall or the server not listening in the appropiate port. The lastest can also be verified using ¨netstat --listen¨