I am trying to follow this tutorial. You do not have to read whole tutorial, my small goal is to create firewall rule on Google Compute engine and connect to using telnet.
I did create firewall rule:
But when type telnet X.X.X.X 5901, I get back
Connecting To X.X.X.X...Could not open connection to the host, on port 5901: Connect failed
I replaced actual ip with X.X.X.X in the above.
Any suggestions how I can troubleshoot it?
That should work!
I suspect vncserver isn't running (correctly) on the instance.
Or you're using the internal IP rather than the external IP address.
Did you confirm the server is running before you tried access it remotely? The tutorial suggests:
nc localhost 5901
But, you could also try:
ss --tcp --listening | grep 5901
and should see something similar to
LISTEN 0 5 *:5901
you need to tag the one GCE instance with vnc-server, in order to apply the rule. setting IP ranges to the home network might be tighter than permitting range 0.0.0.0. think one can use Stackdriver to log whenever a firewall rule applies. the host firewall might also prevent the access (eg. when Stackdriver logs, but it still not works).
Related
I have installed mysql on a VM in gcp using this: https://cloud.google.com/architecture/setup-mysql
(I manually installed it on a VM)
But I am not able to connect to it using DBeaver. I am using the external IP provided in the dashboard and I have allowed 3306 but even then I am not able to connect to it. I keep getting connection refused: 4003 error
connection refused: 4003 error
This means the instance isn't listening on the port you're trying to connect to or the firewall is closed. In order to fix this error, we need to ensure that the listening process on the VM runs and listens on the correct port. Then, we verify if the Google Cloud firewall is configured correctly and open
You should look for default-allow-ssh to see if your firewall's rules allow SSH connections. If the firewall and IAP do not resolve your issue.
Check whether you have access. When you add a user and grant privileges to them (or with existing users) you need to specify the host or network range from which that user is allowed to connect. Follow the steps in this stack question and check whether you can connect now.
for more information follow How To Allow Remote Connections To MySQL. Attaching SSH troubleshooting doc.
I have a google cloud machine which has an ubuntu Os, I have MySQL database on another server, I opened the remote connection on my SQL server, and I connect to my database from any machine else from my google cloud machine I can not, it taking long time then I have a timeout connection problem.
I think the problem is from firewall rules, so I applied this command to create rule that allow 3306 port
cloud compute firewall-rules create "mysql-remote-access" --allow tcp:3306 --source-tags "mysql-client" --target-tags "mysql-server"
but still, I can not connect to a remote MySQL server
from where can I enable it, thank you
I think your firewall rules is not correct. This one should solve the issue
gcloud compute firewall-rules create "mysql-remote-access" \
--direction=EGRESS --action=ALLOW --rules=tcp:3306 \
--destination-ranges=xxx.xxx.xxx.xxx/32 --target-tags=mysql-client
Short description: You allow the EGRESS traffic on port 3306 to the destination xxx.xxx.xxx.xxx for the traffic coming from the VM with the tag "mysql-client"
By default all the outgoing communication are allowed, but you might have a rule with higher priority that prevents this
Implied allow egress rule. An egress rule whose action is allow, destination is 0.0.0.0/0, and priority is the lowest possible (65535) lets any instance send traffic to any destination, except for traffic blocked by Google Cloud.
It the rule doesn't work, share all your existing firewall rules.
I’ve a question regarding Compute VM and its associated privileges. I have ‘Owner’ privileges at Project level. I created a VM but was not able to assign an external IP address to it. Upon referring to google cloud docs, it appears that I’ll still be able to connect to this VM using VPN or IAP. Upon clicking the SSH link next to the VM, I see that it uses a Cloud-IAP tunnel but the connection fails.
Here is the error message
External IP address was not found; defaulting to using IAP tunneling.
ERROR: (gcloud.compute.start-iap-tunnel) Error while connecting [4003: u'failed to connect to backend'].
ssh_exchange_identification: Connection closed by remote host
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
How do I go about connecting to this VM?
Appreciate your help with this
https://hodari.be/posts/2019_09_30_access_private_gke_nodes_with_ssh/
https://cloud.google.com/iap/docs/using-tcp-forwarding
Firewall rules that are configured to allow access from Cloud IAP's TCP forwarding netblock, 35.235.240.0/20, on all ports of your machine. This ensures that connections are allowed from Cloud IAP's TCP forwarding IP addresses to the TCP port of the admin service on your resource. Note that you might not need to adjust your firewall rules if the default-allow-ssh and default-allow-rdp default rules are applied to ports used for SSH and RDP.
As probably you already have default-allow-ssh instead of trying:
gcloud compute start-iap-tunnel stage-es-kibana 5601 --local-host-port=localhost:5601
jump to port via extra ssh layer:
gcloud compute ssh stage-es-kibana -- -N -L 5601:localhost:5601
or open Google Firewall between host/port stage-es-kibana:5601 and subnet 35.235.240.0/20.
This is a permissions issue.
You are trying to ssh into your vm thru google's IAP proxy.
You don't have permissions to create the tunnel from your computer to the proxy server.
You need have the role "roles/iap.tunnelResourceAccessor" to ssh to your vm:
It seems that the GCP CE requires to initialize SSH and other services after its RUNNING status.
I used a workaround by adding a sleep (60 sec) command, after starting the VM and before SSH using the IAP tunnel.
In my case I solved or worked around it by omitting the --tunnel-through-iap parameter that is passed to gcloud compute ssh.
try open Google Firewall subnet 35.235.240.0/20
I have set up an Google Cloud Compute Instance:
Machine type
n1-standard-1 (1 vCPU, 3.75 GB memory)
CPU platform
Intel Haswell
Zone
us-east1-c
I can ssh in using the external address.
I have installed the vncserver and can access it on port 5901 from localhost as well as the internal IP.
I am trying to access it from the static, external IP address but it is not working.
I have configured the firewall to open to port to 0.0.0.0/0, but it is not reachable.
Can anyone help?
------after further investigation from the tips from the two answers (thanks, both!), I have a partial answer:
The Google Cloud Compute instance was set, by default, to not allow
HTTP traffic. I reset the configuration to allow HTTP traffic. I
then tried the troubleshooting tip to run a small HTTP service in
python. I was able to get a ressponse from the service over the
internet.
The summary of the current situation is as follows:
The external IP address can be reached
It is enabled and working for SSH
It is enabled and working for HTTP
It does not seem to allow traffic from vncserver
Any idea how to configure the compute instance to allow for vncserver traffic?
If you already verified that Google Firewall or your VM are not blocking packets, you must make sure that VNC service is configured to listen on the external IP address.
You can always use a utility like nmap outside Google project to reveal information on the port status.
enable http/https traffic form the firewall as per the need. it will work!!
The Google Cloud Compute instance was set, by default, to not allow HTTP traffic. I reset the configuration to allow HTTP traffic. I then tried the troubleshooting tip to run a small HTTP service in python. I was able to get a response from the service over the internet.
As such, the original question is answered, I can access Google Cloud Compute Instance External IP. My wider issue is still not solved, but I will post a new, more specific question about this issue
TLDR: make sure you are requesting http not https
In my case i was following the link from my CE instance's External Ip property which takes you directly to the https version and i didn't set up https, so that was causing the 'site not found' error.
Create an entry in your local ssh config file as below with mentioned local forward port. In my case its an example of yarn's IP, which I want to access in browser.
Host hadoop
HostName <External-IP>
User <Local-machine-username>
IdentityFile ~/.ssh/<private-key-for-above-user>
LocalForward 8089 <Internal-IP>:8088
In addition to having the firewall rules to allow HTTP traffic in both Google Cloud Platform and within the OS of the instance, make sure you install a web server such as Apache or Nginx.
After installing the web server, you connect to the instance using SSH and verify you do not get a failed connection with the following command:
$ sudo wget http://localhost
If the connection is positive, it means that you can access your external URL:
http://<IP-EXTERNAL-VM>
Usually there are two main things to check.
1. Port
By default, only port 80, 443 and ICMP are exposed. If your server is running on a different port, create a record for the same.
2. Firewall
Make sure you are allowing http and https traffic based on your need.
oua re
For me the problem was that I set up the traffic for the firewall rule to be 'Egress' instead of 'Ingress'.
If anyone already initiated 'https'
just disable it and check again.
I've setup a google compute VM, and can access phpmyadmin and the default index page. SSH works when I click the button on the website.
I am having issues remotly connecting to my server instance for any sort of management(ftp or sql)
I followed the firewall section here: https://cloud.google.com/solutions/mysql-remote-access
But I still can't connect.
My firewall is configured:
And I have no idea how to get HTTPS working, But it can be a problem to take care of in the future when I fully switch my site over the compute engine. Since I can't switch my domain or current SSL certificates over yet.
EDIT:
More information:
When I try to connect to SQL using client "Sequel Pro" it returns:
With telnet:
When I try connect to SFTP I get:
Could this be caused by me mistyping the password?
Your firewall settings show that you allowed external traffic to both ports 21 and 3306 for TCP protocol. This is good but not enough.
In order to allow remote connections to MySQL, you will need to grant remote access to your username and your external IP address. Take a look at this case for an example. This is also mentioned in step 6 and step 7 of Configure MySQL server on my-server section of the article you specified:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'TESTUSER'#'<external-ip-my-client>' IDENTIFIED BY '<some-password>';
About the ftp server, the VM instance comes with no ftp service installed, but instead you can use SFTP protocol to connect to it which is more secure than FTP protocol and is highly recommended. Use gcloud compute config-ssh to generate SFTP/SSH key pair. For more information visit Setting up secure FTP on Google Compute Engine artcile.