问题
I have created a GCP compute engine instance with a static external ip address. Machine type: n1-standard-2 (2 vCPUs, 7.5 GB memory). OS is Linux/Debian.
My intention is to create a plain Node.js TCP server on the machine. The code is as follows:
var net = require('net');
var HOST = '0.0.0.0';
var PORT = 110;
net.createServer(function(sock) {
console.log('CONNECTED: ' + sock.remoteAddress +':'+ sock.remotePort);
sock.on('data', function(data) {
console.log('DATA ' + sock.remoteAddress + ': ' + data);
sock.write('You said "' + data + '"');
});
}).listen(PORT, HOST);
console.log('Server listening on ' + HOST +':'+ PORT);
The client is:
var net = require('net');
var HOST = '104.197.23.132';
var PORT = 110;
var client = new net.Socket();
client.connect(PORT, HOST, function() {
console.log('CONNECTED TO: ' + HOST + ':' + PORT);
client.write('I am Chuck Norris!');
});
client.on('data', function(data) {
console.log('DATA: ' + data);
client.destroy();
});
client.on('close', function() {
console.log('Connection closed');
});
My firewall rules are as follows:
PLEASE NOTE: I am listening on port 110, and the client is trying to connect to the static external ip address. Itt appears that I am enabling TCP traffic over 110 according to firewall rules. The error I see is
Error: connect ETIMEDOUT 104.197.23.132:110
When I ssh into the instance, and run tcp client, I connect successfully. So the final question is, why can't local tcp client (my computer) connect to compute instance? Is there something wrong with my firewall rules / source filters / IP forwarding?
回答1:
I just solved this problem.
You have the wrong targets. Go to the edit page and click the select menu of "Targets", and then you can select the first option "Apply to all instance" that is the easiest way.
回答2:
You need to first add firewall rule according to your host's IP, as internal traffic needs to be received from that particular host (your machine) Then you should be able to ping to GCP Compute Instance. You should also be able to telnet at the particular port which you configured in your program.
This should be okay. Also - the customized rule should be added in the Network Tags of instance, to make the rule associated to that instance, after this the instance uses that particular rule.
来源:https://stackoverflow.com/questions/45654321/gcp-compute-engine-firewall-rules-for-tcp-server