尽管有防火墙规则，Google Cloud Compute Engine仍拒绝连接 [英] Google Cloud Compute Engine refusing connections despite firewall rule

问题描述

我正在尝试在运行debian的GCE实例上设置VNC服务器.通常，我通过SSH连接，但是在其他一些用例中，我需要图形界面.我有一个非常基本的防火墙规则，看起来像这样

I'm trying to setup a VNC server on my GCE instance running debian. Normally I connect over SSH, but I need a graphical interface for some other use cases. I have a very basic firewall rule that looks like this

但是当我使用netcat检查端口5901上的外部IP时，我得到拒绝连接.检查22之类的端口可以正常工作，但是没有其他端口可以让我连接.我在这里错过了一步吗?

But when I use netcat to check the external IP on port 5901 I get that the connection is refused. Checking a port like 22 works, but none of the other ones let me connect. Am I missing a step here?

推荐答案

与您的问题有关的最常见问题是应用程序/服务器配置为localhost或127.0.0.1，这意味着仅在本地接受连接机器.您需要与0.0.0.0绑定，这意味着在所有可用网络上进行监听.

The most common problem related to your issue is that the application / server is configured for localhost or 127.0.0.1, which means accept connections only on the local machine. You need to bind with 0.0.0.0 which means listen on all available networks.

从公共网络(系统外部)连接时，Connection refused表示没有人在听.这不是防火墙规则问题，因为错误消息表明该连接没有被阻止(无响应)而被拒绝(拒绝了权限).

When connecting from the public network (outside your system) Connection refused means that nobody is listening. This is not a firewall rule issue as the error message indicates that the connection is not being blocked (no response) versus refused (permission denied).

通过SSH连接到您的实例.然后运行以下命令:netstat -a.查找在端口号上显示LISTENING的行.然后查看IP地址.如果显示127.0.0.1，这是您的问题.如果您没有在LISTENING状态下看到端口号，则表明该端口上没有进程在监听.

Connect to your instance via SSH. Then run this command: netstat -a. Look for a line that says LISTENING on your port number. Then look at the IP address. If it shows 127.0.0.1, this is your problem. If you do not see your port number in LISTENING state, then you do not have a process listening on that port.

这篇关于尽管有防火墙规则，Google Cloud Compute Engine仍拒绝连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！