尽管有防火墙规则,Google Cloud Compute Engine仍拒绝连接 [英] Google Cloud Compute Engine refusing connections despite firewall rule
问题描述
我正在尝试在运行debian的GCE实例上设置VNC服务器.通常,我通过SSH连接,但是在其他一些用例中,我需要图形界面.我有一个非常基本的防火墙规则,看起来像这样
I'm trying to setup a VNC server on my GCE instance running debian. Normally I connect over SSH, but I need a graphical interface for some other use cases. I have a very basic firewall rule that looks like this
但是当我使用netcat检查端口5901上的外部IP时,我得到拒绝连接.检查22之类的端口可以正常工作,但是没有其他端口可以让我连接.我在这里错过了一步吗?
But when I use netcat to check the external IP on port 5901 I get that the connection is refused. Checking a port like 22 works, but none of the other ones let me connect. Am I missing a step here?
推荐答案
与您的问题有关的最常见问题是应用程序/服务器配置为localhost
或127.0.0.1
,这意味着仅在本地接受连接机器.您需要与0.0.0.0
绑定,这意味着在所有可用网络上进行监听.
The most common problem related to your issue is that the application / server is configured for localhost
or 127.0.0.1
, which means accept connections only on the local machine. You need to bind with 0.0.0.0
which means listen on all available networks.
从公共网络(系统外部)连接时,Connection refused
表示没有人在听.这不是防火墙规则问题,因为错误消息表明该连接没有被阻止(无响应)而被拒绝(拒绝了权限).
When connecting from the public network (outside your system) Connection refused
means that nobody is listening. This is not a firewall rule issue as the error message indicates that the connection is not being blocked (no response) versus refused (permission denied).
通过SSH连接到您的实例.然后运行以下命令:netstat -a
.查找在端口号上显示LISTENING
的行.然后查看IP地址.如果显示127.0.0.1
,这是您的问题.如果您没有在LISTENING
状态下看到端口号,则表明该端口上没有进程在监听.
Connect to your instance via SSH. Then run this command: netstat -a
. Look for a line that says LISTENING
on your port number. Then look at the IP address. If it shows 127.0.0.1
, this is your problem. If you do not see your port number in LISTENING
state, then you do not have a process listening on that port.
这篇关于尽管有防火墙规则,Google Cloud Compute Engine仍拒绝连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!