Menu
I have an IOTA IRI instance running on a VM in GCP compute engine.
The instance is using port 14265 to communicate, and checking it locally by doing something like curl http://localhost:14265 does respond.
I want to open this port to outside of the vm, so I set up a static IP, and a firewall rule to allow tcp:14265; udp:14265 and still the port is not responding.
I even tried allowing all by doing:
But no luck. There is no port open except for 22 for ssh (looked in a port scanner)
I am aware it feels like a duplicate of How to open a specific port such as 9090 in Google Compute Engine, but I did try those answers and they didn't solve it for me.
EDIT:
Running the two commands I was asked to run in an answer:
D:\Downloads> gcloud compute networks list
NAME MODE IPV4_RANGE GATEWAY_IPV4
default auto
D:\Downloads>gcloud compute instances describe instance-1 --zone europe-west1-b
canIpForward: false
cpuPlatform: Intel Sandy Bridge
creationTimestamp: '2017-08-22T09:33:12.240-07:00'
description: ''
disks:
- autoDelete: true
boot: true
deviceName: instance-1
index: 0
interface: SCSI
kind: compute#attachedDisk
licenses:
- https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/licenses/ubuntu-1604-xenial
mode: READ_WRITE
source: https://www.googleapis.com/compute/v1/projects/iota-177616/zones/europe-west1-b/disks/instance-1
type: PERSISTENT
id: '8895209582493819432'
kind: compute#instance
labelFingerprint: 42WmSpB8rSM=
machineType: https://www.googleapis.com/compute/v1/projects/iota-177616/zones/europe-west1-b/machineTypes/f1-micro
metadata:
fingerprint: -pkE3KaIzLU=
kind: compute#metadata
name: instance-1
networkInterfaces:
- accessConfigs:
- kind: compute#accessConfig
name: External NAT
natIP: 35.187.9.204
type: ONE_TO_ONE_NAT
kind: compute#networkInterface
name: nic0
network: https://www.googleapis.com/compute/v1/projects/iota-177616/global/networks/default
networkIP: 10.132.0.2
subnetwork: https://www.googleapis.com/compute/v1/projects/iota-177616/regions/europe-west1/subnetworks/default
scheduling:
automaticRestart: true
onHostMaintenance: MIGRATE
preemptible: false
selfLink: https://www.googleapis.com/compute/v1/projects/iota-177616/zones/europe-west1-b/instances/instance-1
serviceAccounts:
- email: [email protected]
scopes:
- https://www.googleapis.com/auth/devstorage.read_only
- https://www.googleapis.com/auth/logging.write
- https://www.googleapis.com/auth/monitoring.write
- https://www.googleapis.com/auth/servicecontrol
- https://www.googleapis.com/auth/service.management.readonly
- https://www.googleapis.com/auth/trace.append
startRestricted: false
status: RUNNING
tags:
fingerprint: 6smc4R4d39I=
items:
- http-server
- https-server
zone: https://www.googleapis.com/compute/v1/projects/iota-177616/zones/europe-west1-b
353
Opening Ports with Firewall RulesFrom the Compute Engine console, click “View Network Details” on the instance. Click on “Firewall Rules” in the sidebar. Create a new firewall rule. Give it a name, and choose whether you want to allow or deny traffic.
It is difficult to give an exact answer without some diagnostics.
It could be that the rules are being created for a network and your instance is in a different network.
So, first of all, check the networks available in your project:
gcloud compute networks list
Secondly, check in which network your instance is located:
gcloud compute instances describe [Instance Name] --zone [Zone]
Check the firewall rules being applied to the network used by your instance:
gcloud compute firewall-rules list
Also check that the target tags are the appropriate ones.
As you can see there are not tags applied to the VM, although the rules should apply if you target it to all vm's itis a good practice to do it.
Edit your VM and add a tag(Ex. frontserver)
gcloud compute instances add-tags [INSTANCE NAME] --zone [ZONE] --tags frontserver
Now create the firewall rule and apply it to the tag created
gcloud beta compute firewall-rules create [NAME_OF_THE_RULE] --direction=INGRESS --priority=1000 --network=default --allow=all --source-ranges=0.0.0.0/0 --target-tags=frontserver
Check this it it works you can run an update to restrict it to the desired ports and protocols and your source IP
gcloud beta compute firewall-rules update [NAME_OF_THE_RULE] --direction=INGRESS --priority=1000 --network=default --allow=tcp:--source-ranges=[your_source_IP] --target-tags=frontserver
Hope this helps, further info is found here with examples
123
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
