I could allow the IP of Bastian host but how do I allow IP of Google Cloud Console in firewall rule?
Asked
Active
Viewed 1.1k times
2 Answers
5
1. If you use Default network configuration, Compute Engine creates firewall rules that allows TCP connections through port 22 for you. You can see them in the GCP Console:
GCP Console => VPC network => Firewall rules
The Default network has preconfigured firewall rules that allow all instances in the network to talk with each other. In particular, these firewall rules allow ICMP, RDP, and SSH ingress traffic from anywhere (0.0.0.0/0). There should be an Ingress firewall rule for SSH: default-allow-ssh.
2. If you use Custom network, firewall rule for SSH should be created manually.
With Cloud Console
GCP Console => VPC network => Firewall rules => Create Firewall Rule
Name: mynet-allow-ssh
Network: mynet
Targets: All instances in the network
Source filter: IP Ranges
Source IP ranges: 0.0.0.0/0
Protocols and ports: Specified protocols and ports
tcp: ports 22
With command line
$ gcloud compute --project=myproject firewall-rules create mynet-allow-ssh --direction=INGRESS --priority=1000 --network=mynet --action=ALLOW --rules=tcp:22 --source-ranges=0.0.0.0/0
For more details see Compute Engine => Documentation => Connecting to instances
Speaking about whitelisting of an "IP of Google Cloud Console" for the case when you press the "SSH" button in the Cloud Console, this is rather unfeasible because SSH connection is established over HTTPS via a relay server that could have an unpredictable address from the Google's external pool of IPs. Use of a Bastion host with a single static IP is more rational from this perspective.
mebius99
- 2,495
- 1
- 5
- 9
2
- If you're using the SSH button, it's your external IP.
- If you're using Cloud Shell, it's a random external IP (of Google Cloud) since it's technically a VM instance.
The answer in GCP open firewall only to cloud shell can be an option for you if you want to access from the console.
mertpaker
- 81
- 4