Question: I am looking at this I am guessing I don't have to add any rule for egress as that is allow all by default what should a rule for allowing port 43342 look like? @tasdikrahman uploaded a file: Screen Shot 2017-08-17 at 9.45.44 PM.png https://devopschat.slack.com/files/tasdikrahman/F6Q5VFSE9/screen_shot_2017-08-17_at_9.45.44_pm.png

Asked By
tasdikrahman
Asked At
2017-08-17 16:16:00

Found 15 possible answers.

User Answered At Possible Answer
cpitkin 2017-08-17 16:22:10
  0.0.0.0 tcp:43342 Allow 1 default
that should* work. i haven't looked at the documentation but i have used it some for personal stuff and it is really similar to AWS security groups
chamby 2017-08-17 16:35:32 @tasdikrahman here's how I do it (as recently as yesterday) if it helps... gcloud compute firewall-rules create --allow=tcp: --network
tasdikrahman 2017-08-17 16:40:38 thanks. So I made the changes on the VPC network. Here is what I have right now. not sure where I went wrong I still don't see anything But on my instance, after I do a iptables -S | grep 80 the last one is the o/p after making the changes
ovirt-metrics-ports     default  0.0.0.0/0     tcp:22,tcp:80,tcp:443,tcp:8443,tcp:24284
default-allow-ssh       default  0.0.0.0/0     tcp:22
default-allow-rdp       default  0.0.0.0/0     tcp:3389
default-allow-internal  default  10.128.0.0/9  tcp:0-65535,udp:0-65535,icmp
default-allow-icmp      default  0.0.0.0/0     icmp
default-allow-https     default  0.0.0.0/0     tcp:443                                             https-server
default-allow-http      default  0.0.0.0/0     tcp:80                                              http-server
NAME                    NETWORK  SRC_RANGES    RULES                                     SRC_TAGS  TARGET_TAGS
$ gcloud compute firewall-rules list
cpitkin 2017-08-17 16:54:12 what are you running on the server that you're trying to access? @tasdikrahman that might be a good place to start
tasdikrahman 2017-08-17 16:55:04 I haven't configured the server yet. As of now I am just doing a nmap -p from my dev box to check if anything has been applied @cpitkin
cpitkin 2017-08-17 16:56:39 and you're showing the ports aren't open?
tasdikrahman 2017-08-17 16:56:45 yep
cpitkin 2017-08-17 16:57:33 i would maybe check that the ingress rules have the machine name or just use the apply all to start.
tasdikrahman 2017-08-17 16:59:11 are these changes propagated instantly or I have to do something externally like restarting the server? I am adding the rules individually from the command line as @chamby suggested
cpitkin 2017-08-17 17:00:55 they are instant since the firewall is seperate from the instance itself @chamby might have better insight since he uses GCP more frequently a general rule to follow when doing networking is to start wide open and work your way down.
chamby 2017-08-17 17:04:21 I'm not sure I can provide additional help, but I am creating a rule to allow traffic to a pod in Kubernetes and it "just works" when I run that command... I did not assume or think it was doing anything on the host node or anything seemed like it was more like a security group in AWS that gets associated with an instance, but sits at a different (network) layer
cpitkin 2017-08-17 17:07:43 that is my assumption and how it always worked for me that is exactly how it works in AWS as well
ankurbjr 2017-08-18 07:36:13 thanks boss, let me try it.
tasdikrahman 2017-08-19 12:38:11 @chamby @cpitkin Was not able to fix this issue. Asked on SO https://stackoverflow.com/questions/45771584/open-up-specific-ports-in-google-compute-engine-centos7
galeaspablo 2017-08-22 22:32:04 Having some issues using openresty (nginx+lua+other godies). Trying to issue a cosocket request, after the content phase in proxy_pass. Answered it myself, in case anyone's curious. https://stackoverflow.com/questions/45828614/how-do-i-issue-an-http-request-after-proxy-pass-using-openresty-lua-nginx/45828640#45828640

Related Questions