3

I have followed some youtube and also stackoverflow thread to open a port in GCP. The firewall rule is defined and bind to my VM but yet it's not accessible from browser. firewall defined

Then i checked my angular app, the server also run with 'ng serve' command. angular app started

more details: sudo netstat -pantu enter image description here

ping port closed enter image description here

Turned on logging and it 

{
  "insertId": "jzt0cnftr4835",
  "jsonPayload": {
    "connection": {
      "dest_ip": "10.128.0.2",
      "dest_port": 4201,
      "src_port": 49222,
      "protocol": 6,
      "src_ip": "147.158.87.171"
    },
    "vpc": {
      "vpc_name": "default",
      "subnetwork_name": "default",
      "project_id": "cloud-xp"
    },
    "disposition": "ALLOWED",
    "remote_location": {
      "city": "Johor Bahru",
      "continent": "Asia",
      "country": "mys",
      "region": "Johor"
    },
    "rule_details": {
      "direction": "INGRESS",
      "action": "ALLOW",
      "ip_port_info": [
        {
          "port_range": [
            "4201"
          ],
          "ip_protocol": "TCP"
        }
      ],
      "source_range": [
        "0.0.0.0/0"
      ],
      "priority": 1000,
      "reference": "network:default/firewall:angular-apps"
    },
    "instance": {
      "project_id": "cloud-xp",
      "vm_name": "wordpress-1-vm",
      "region": "us-central1",
      "zone": "us-central1-f"
    }
  },
  "resource": {
    "type": "gce_subnetwork",
    "labels": {
      "project_id": "cloud-xp",
      "subnetwork_id": "7656824026900524897",
      "location": "us-central1-f",
      "subnetwork_name": "default"
    }
  },
  "timestamp": "2020-05-18T03:58:12.619210139Z",
  "logName": "projects/cloud-xp/logs/compute.googleapis.com%2Ffirewall",
  "receiveTimestamp": "2020-05-18T03:58:16.927671108Z"
}

Full firewall rules enter image description here Is there anything i missed out?

Weilies
  • 500
  • 1
  • 7
  • 27
  • 1
    Can you mention what is the priority for the rule you've added? And can you check are there any rules which overrride that priority? – Jeffy Mathew May 18 '20 at 03:32
  • GCP firewall drops packages instead of reject them so, when the GCP firewall is not OPEN, the error you will get its a TIME OUT and not a CONNECTION REFUSED. This looks more like a issue with your APP rather than a GCP Firewall. Can you please share the output of the command `sudo netstat -pantu` – Armando Cuevas May 18 '20 at 03:47
  • Guys, new details added. JeffyMathew, i can see all rules are 'Allow'. Armando, how can i tell it's app issue? as the PING the port also failed as mentioned above – Weilies May 18 '20 at 05:36

1 Answers1

1

In the netstat you sent I don't see the service listening on port 4201 and from GCP logins we can observe that the connection is allowed and is reaching the destination machine but on the destination machine the service is not listening.

Running an nmap from my PC to that IP and to that port the result is "closed" if it is being filtered by GCP the result would be "filtered"

Also as previously commented, the error received in case of being blocked would be “TIME OUT” instead of "CONNECTION REJECTED"

Based on this, everything indicates that it is an app issue.

alvlopez
  • 11
  • 1
  • Furthermore, the `netstat -pantu` clearly shows that the APP is not opening the port. The application is not binding the port. – Armando Cuevas May 18 '20 at 19:52
  • While i netstat, i killed the server which can only start with command 'ng serve'. That could be the reason it doesn't listen to port 4201 (https://i.stack.imgur.com/Cd8tA.png). – Weilies May 20 '20 at 00:41
  • Can you run a netstat while running the server and let's see the result? – alvlopez May 22 '20 at 09:40