Problem connecting 2 external IP Google Cloud Platafform - google-cloud-platform

I created my VM(Google Cloud Platform), working with Windows Server 2008 R2. So i installed a program that needs the port 6900 opened to run. The program for work must connect to it own server that is: 200.229.50.3:6900. So i entered in the firewall rules of Google Cloud Platform, put ip as 0.0.0.0/0 and opened the port 6900. Also entered in the advanced configures of firewall on my VM, and also allowed the port 6900. Tried to run the program and failed, tried to run telnet to test and failed. Already checked security settings, disabled firewall, etc. I don't know whats is happening.
Follow my Google Cloud Platafform Firewall Rules bellow:
Firewall Rules
Follow my instance Firewall Rules:
Instance Firewall Rules
Follow the program getting error trying to connect on it own server:
Program error
If someone want enter in my instance to check better it, can download the RDP file from here: RDP file
my external ip: 104.198.152.164
user: lala2018
password: ^#0aQaaz)MXbMNy
The program that the error is ocurring is on the desktop with the name xstart.
Feel free to run it, and try to understand what is the problem, because i can't find reasons for it isn't running right.
Someone can help me?
Edit 1:
Follow my VPC routting:
VPC 1 VPC 2
Edit 2:
Traced Route - 200.229.50.3

After seeing the screenshot of the message you attached, it looks like you are trying to connect from a GCP instance to the server "200.229.50.3" whose IP address belongs to "LEVEL UP! INTERACTIVE LTDA" in Brasil; however, seems "200.229.50.3" is not allowing you to connect ("200.229.50.3" it doesn't respond). If this is correct, you may have to create firewall rules in "200.229.50.3" instead of creating them in GCP.
I can see you have three rules to permit ingress and egress traffic from and to the GCP instances but none of them affects to "200.229.50.3" because this server doesn't belong to the GCP project:
- The GCP firewall rule named "testeee" allows incoming connections from the IP address 200.229.50.3 to all instances within your GCP project through the port 6900.
- The Windows firewall rule named "Port 6900" allows connections from any IP outside the Windows server through the port 6900.
- The GCP firewall rules "mean-stack" and "exit900" are allowing egress traffic from GCP instances to any IP outside the GCP project through the port 6900.
I tried to establish a telnet connection to 200.229.50.3:6900 but it doesn't respond. This could be normal because there could be a firewall in that server which is not allowing connections from my IP address; however, I have to ask the following:
Can you confirm 200.229.50.3 is allowing connections through the port 6900 from your GCP Instance?

Related

Cannot SSH to google cloud Linux machine

When i attempt to SSH from https://console.cloud.google.com/compute/instances?authuser=0&projec
I get the error:
Connection via Cloud Identity-Aware Proxy Failed
Code: 4010
Reason: destination read failed
Please ensure you can make a proper https connection to the IAP for
TCP hostname: https://tunnel.cloudproxy.app You may be able to connect
without using the Cloud Identity-Aware Proxy.
Though on a seperate machine i am able to login, but Firewall and other settings seem identical ?
What should i do to get in ?
Krgds.
C
This issue is due to the lack of a firewall rule to allow-ingress-from-iap with this IP range 35.235.240.0/20 that needs to be configured when using IAP (Identity-Aware Proxy).
To Allow SSH access to all VM instances in your network, do the following:
1- Open the Firewall Rules page (Navigation menu > VPC network > Firewall) and click Create firewall rule
2- Configure the following settings:
Name: allow-ingress-from-iap
Direction of traffic: Ingress
Target: All instances in the network
Source filter: IP ranges
Source IP ranges: 35.235.240.0/20
Protocols and ports: Select TCP and enter 22 to allow SSH
3- Click Create
My impression is that the root casuse, was the the linux box had run out of hard disk space, causing the issues.
So when i recreated the same machine, with more disk space, the issue was resolved.

GCP VM ECONNREFUSED with completely open firewalls

I have a few gcp virtual machines setup with external IPs and http/https turned on.
Also added completely open firewall ingress/egress rules...
However when I try to reach the external IP it refuses to connect.
Here is the result of running netstat -a
Also when describing my instance I can verify it is running and setup on http/https firewall
I had to add the specific port to the request url. In my case it was
JSONRPC_URL=http://EXTERNAL-IP:8545

Lost access to Mongo running on Google Cloud VM and can't ssh to it

I have a mongo instance running on a google cloud VM and my application lost access to it overnight. I'm not being able to SSH to it and Cloud console is looking weird.
VM Image: bitnami-mongodb-3-2-1-1-r04-linux-debian-7-x86-64
It first says I don't have permission to access the instance console page. Eventhough I'm the owner of the project and I can see it once I close the modal.
Then when I try to SSH using the built-in SSH tool I first get the following message. I see I have a VPC setup so I'm not really sure if that is actually expected or not.
If I try the alternative method I then get the following:
Does anyone has any hint on what could be the issue?
UPDATE:
VPC Firewall settings are set to allow SSH and the target project is set for it this rule:
I also have an external static IP set for this VM.
Just yesterday I could connect to my mongo instance through port 27017 and it stoped working without touching any GPC configuration.
Based on the information you have provided, it would seem that your GCE VM instance is currently utilizing IAP (Identity-Aware Proxy).
With this in mind, any overviewing the error message you are receiving, it would seem that your firewall rules aren't allowing connections on the SSH port. There should be an ingress rule to allow traffic to the instance on TCP port 22 (SSH) on that VPC network.
Generally, this is automatically created by GCP, on the default network it is typically called "default-allow-ssh", but you can also manually create it in the VPC Network -> Firewall rules tab. Make sure it applies to the instance in question (either through "All targets" or a target tag that matches the instance). You can read more about GCP firewall rules in the documentation.
Likewise, make sure you have an external IP or that you are following one of the options described here.

Access localhost on Google Cloud instance using External IP

There are many similar questions to this on SO, but none of the solutions I saw really solved my issue completely. I'm doing test runs for a website framework hosted on the Google Cloud Platform.
By default, the website is hosted on http://localhost:2800 And I know the external IP of the instance I'm running it on. How can I access the hosted website through a browser on my local machine? Do I use virtual hosts / port forwarding etc.?
go to your VPC firewall
https://console.cloud.google.com/networking/firewalls
and create a firewall rule to allow traffic on your desired tcp port
Create a Firewall Rule for SQL Server
Configure a firewall rule to allow traffic on port 1433 so other clients can connect to the newly created SQL Server instance over the public internet:
In the Developers Console main menu, go to the Firewall rules section.
OPEN THE FIREWALL RULES
Click the Add firewall rule button.
Name the new firewall rule allow-tcp-1433.
Set Source Filter to IP Ranges.
For Source IP Ranges enter 0.0.0.0/0. This value allows access by all IP addresses.
Warning: This configuration leaves your SQL Server instance open to traffic from everyone, everywhere. It is used only for demonstration purposes. In production environments, restrict access to only those IP addresses that need access.
For Allowed protocols and ports enter tcp:1433.
Click the Create button to create the firewall rule.
Set firewall rules for you google cloud project with following properties:
Target: all instances
Direction: ingress
Source IP ranges: 0.0.0.0/0
Ports and protocols: allow all
Then Depending on your framework, set allowed_host to externalIP or "*" .
For example - In Django, in settings.py set ALLOWED_HOSTS = ["*"]
Now run server on specific 0.0.0.0:[your_port]
For example in django - Python manage.py runserver 0.0.0.0:8000
After this note down you instance external IP address and then in your browser :- goto
[external-IP:[your_port]]
you have to go VPC network, then add firewall to allow your port. then don't forget to select [All intances in the network] (see pic). because, by default its value is [Spesified by tags].
and you can access that instance to its External IP
Try your [externalip]:[port] This worked for me in Amazom ec2.
example: 31.181.171.141:2800

AWS t2.micro EC2 instance running JetBrains YouTrack on port 80. Cannot access YouTrack on public IP

I have installed IntelliJ YouTrack running on port 80 on a Windows Server 2012 t2.micro EC2 instance on AWS.
I am able to access YouTrack when I remote desktop into the machine and enter http://localhost or http:// or http://. Therefore I know the application is up and running on the expected port.
I have whitelisted my ip by adding the relevant inbound rule under the security group settings for the instance.
I was assuming that was the only necessary step to allow inbound connections to that specific port. However I cannot access YouTrack when I enter the public IP of the instance on my web-browser from the whitelisted IP. Also what I find more confusing is when I try to enter http:// within the remote desktop of the instance, I am still unable to connect.
What am I missing for enabling incoming connections to a port on my EC2 t2.micro instance?
I appreciate all the advice.
It seems that Windows firewall was running and blocking the connections beyond the security group settings. Opening port 80 within Windows firewall fixed the issue.
When I first ran into the issue I typed "Firewall" into the start search. First result was "Windows Firewall with Advanced Security". When I opened that I got the error "There was an error opening Windows Firewall with Advanced Security snap-in". I immediately assumed AWS eliminated the firewall service from the windows builds to force customers to prefer the security group controls of the AWS console.
Embarassingly I have just now tried the second option in the list "Windows Firewall" which showed the normal windows firewall being active and of course blocking incoming connections to port 80. I have added the exceptions to the required ports and the issue was immediately resolved.
I hope this helps someone else out there.