Best IT Recipes

How to open a specific port, such as 9090 in Google Compute Engine

I have 2 instances of Google Compute Engine, and I want to open port 9090 in both instances. I think we need to add some firewall rules.

Can you tell me how I can do this?

+161
port google-compute-engine google-cloud-platform
Jan 11 '14 at 18:06
source share
8 answers

You need:

  1. Go to cloud.google.com.

  2. Go to my console

  3. Choose your project

  4. Choose Network> VPC Network.

  5. Select "Firewall Rules"

  6. Select Create Firewall Rule

  7. To apply the rule for selecting VM instances, select Goals> Defined Target Tags and enter a tag name in Target Tags. This tag will be used to apply the new firewall rule to any instance you want. Then make sure that the network tag is applied to the instances.

  8. To allow incoming TCP connections to port 9090, in the Protocols and Ports box, enter tcp:9090

  9. Click Create

I hope this helps you.

Update Please refer to the documentation to configure your rules.

+295
Jan 11 '14 at
source share

The following is a command line approach to answer this question:

 gcloud compute firewall-rules create <rule-name> --allow tcp:9090 --source-tags=<list-of-your-instances-names> --source-ranges=0.0.0.0/0 --description="<your-description-here>"

This will open port 9090 for the names you name. --source-tags and --source-ranges apply the rule to all instances. For more information, see the Gcloud documentation and the firewall-rule create user guide.

The previous answers are great, but Google recommends using the new gcloud commands instead of the gcutil commands.

PS: To get an idea of ​​the rules of the Google firewall, run gcloud compute firewall-rules list and view all the rules of the firewall.

+70
Dec 28 '14 at 10:31
source share

You need to add a firewall rule to allow inbound access to tcp:9090 to your instances. If you have more than two instances, and you want to open only 9090 for these two, you need to make sure that there is a tag that the two instances share. You can add or update tags through the console or on the command line; I would recommend using a GUI for this if necessary, because it handles the read-modify-write setinstancetags with setinstancetags .

If you want to open port 9090 for all instances, you can create a firewall rule, for example:

 gcutil addfirewall allow-9090 --allowed=tcp:9090

which will apply to all your instances.

If you want to open port 9090 for two instances serving your application, make sure they have a tag like my-app , and then add a firewall like this:

 gcutil addfirewall my-app-9090 --allowed=tcp:9090 --target_tags=my-app

Learn more about creating and managing GCE firewalls here .

+9
Jan 12 '14 at 18:54
source share

I had the same problem as yours, and I could solve it by following the instructions of @CarlosRojas with a slight difference. Instead of creating a new firewall rule, I edited the default-allow-internal one to accept traffic from anywhere, since creating new rules did not make any difference.

+7
Aug 25 '14 at
source share

This question is old, and Carlos Rojas will answer well, but I think I should post a few things to keep in mind when trying to open ports.

The first thing to remember is that the Networking section has been renamed VPC Networking . Therefore, if you are trying to figure out where the " Firewall Rules " option is available, look at the VPC network .

Secondly, if you are trying to open ports on a virtual ufw Linux, in no case try to open a port with ufw command. I tried using this and lost SSH access to the virtual machine. So do not repeat my mistake.

Thirdly, if you are trying to open ports on a Windows virtual machine, you need to create firewall rules inside the virtual machine also in the Windows firewall along with the VPC network → Firewall Rules . The port must be open in both firewall rules, unlike the Linux virtual machine. Therefore, if you are not accessing the port from outside the virtual machine, check if you opened the port in the GCP console and the Windows firewall.

Last (obvious): Do not open ports unnecessarily. Close the ports as soon as you no longer need them.

I hope this answer is helpful.

+6
May 14 '18 at 5:19
source share

Creating Firewall Rules

Please review the components of the firewall rules [1] if you are not familiar with the firewall rules in GCP. Firewall rules are defined at the network level and apply only to the network in which they are created; however, the name you choose for each of them must be unique to the project.

For the cloud console:

  1. Go to the firewall rules page in the console of the Google cloud platform.
  2. Click Create Firewall Rule.
  3. Enter a name for the firewall rule. This name must be unique to the project.
  4. Specify the Network on which the firewall rule will be implemented.
  5. Specify Rule Priority. The lower the number, the higher the priority.
  6. For direction of travel, select an input or output.
  7. To act on a match, select Allow or Deny.

  8. Specify the Purpose of the rule.

    • If you want the rule to apply to all instances on the network, select All instances on the network.
    • If you want the rule to be applied to select instances according to network (target) tags, select "Specified target tags", then enter the tags to which the rule should be applied in the "Target tags" field.
    • If you want the rule to be used to select instances for the associated service account, select "Specified Service Account", indicate whether the service account is in the current project or another in the "Service Account" area, and select or enter the account name service records in the target service. account field.

  9. For an entry rule, specify a source filter:

    • Select the IP address ranges and enter the CIDR blocks in the "Source IP address ranges" field to determine the source of the incoming traffic by the IP address ranges. Use 0.0.0.0/0 for a source from any network.
    • Select "Subnets", then check the ones you need in the pop-up button "Subnets" to determine the source of incoming traffic by the name of the subnet.
    • To restrict the source to a network tag, select Source Tags, then enter network tags in the Source Tags box. To limit the number of source tags, see VPC quotas and limits. Filtering by source tag is only available if the target is not specified by the service account. For more information, see Filtering by Service Account and Network Tag.
    • To restrict the source to a service account, select “Service account”, select whether the service account is in the current project or another in the “Service account” area, and select or enter the name of the service account in the “Source service account” field . Filtering by source service account is available only if the target is not indicated by a network tag. For more information, see Filtering by Service Account and Network Tag.
    • Specify the filter of the second source, if necessary. Secondary source filters cannot use the same filter criteria as the primary.

  10. For the output rule, specify the destination filter:

    • Select the IP ranges and enter the CIDR blocks in the Destination IP Ranges field to determine the destination for outgoing traffic by the IP ranges. Use 0.0.0.0/0 to mean everywhere.
    • Select "Subnets", then check the ones you need in the pop-up button "Subnets" to determine the destination for outgoing traffic by the name of the subnet.

  11. Define the protocols and ports to which the rule will apply:

    • Select Allow All or Deny All, depending on the action, to apply the rule to all protocols and ports.

    • Define specific protocols and ports:

      • Select tcp to enable TCP and ports. Enter all or a list of ports, separated by commas, for example, 20-22, 80, 8080.
      • Select udp to enable UDP and ports. Enter all or a list of ports, separated by commas, for example 67-69, 123.
      • Select Other Protocols to enable protocols such as icmp or sctp.

  12. (Optional) You can create a firewall rule, but do not apply it by setting the forced disconnect state to it. Click Disable rule, then select Disabled.

  13. (Optional) You can enable firewall rule logging:

    • Click Logs> On.
    • Click Enable.

  14. Click Create.

Link: [1] https://cloud.google.com/vpc/docs/firewalls#firewall_rule_components

+3
May 01 '19 at 9:08
source share

You can check the link below to open the Google Cloud port.
Opening a port on Google Cloud

0
Jul 09 '19 at 13:40
source share

I had to fix this by decreasing the priority (by making it higher). This prompted an immediate response. Not what I expected, but it worked.

0
Jul 18 '19 at 23:51
source share


More articles:


All Articles