尽管有防火墙规则,谷歌云计算引擎仍拒绝连接 [英] Google Cloud Compute Engine refusing connections despite firewall rule
问题描述
我正在尝试在运行 debian 的 GCE 实例上设置 VNC 服务器.通常我通过 SSH 连接,但我需要一个用于其他一些用例的图形界面.我有一个非常基本的防火墙规则,看起来像这样
I'm trying to setup a VNC server on my GCE instance running debian. Normally I connect over SSH, but I need a graphical interface for some other use cases. I have a very basic firewall rule that looks like this
但是当我使用 netcat 检查端口 5901 上的外部 IP 时,我发现连接被拒绝.检查像 22 这样的端口有效,但其他端口都不让我连接.我在这里错过了一步吗?
But when I use netcat to check the external IP on port 5901 I get that the connection is refused. Checking a port like 22 works, but none of the other ones let me connect. Am I missing a step here?
推荐答案
与您的问题相关的最常见问题是应用程序/服务器配置为 localhost
或 127.0.0.1
,这意味着只接受本地机器上的连接.您需要与 0.0.0.0
绑定,这意味着侦听所有可用网络.
The most common problem related to your issue is that the application / server is configured for localhost
or 127.0.0.1
, which means accept connections only on the local machine. You need to bind with 0.0.0.0
which means listen on all available networks.
从公共网络(在您的系统外)连接时连接被拒绝
意味着没有人在听.这不是防火墙规则问题,因为错误消息表明连接没有被阻止(无响应)而不是被拒绝(权限被拒绝).
When connecting from the public network (outside your system) Connection refused
means that nobody is listening. This is not a firewall rule issue as the error message indicates that the connection is not being blocked (no response) versus refused (permission denied).
通过 SSH 连接到您的实例.然后运行这个命令:netstat -a
.查找在您的端口号上显示 LISTENING
的行.然后查看IP地址.如果它显示 127.0.0.1
,那就是你的问题.如果您没有在 LISTENING
状态下看到您的端口号,那么您没有在该端口上侦听的进程.
Connect to your instance via SSH. Then run this command: netstat -a
. Look for a line that says LISTENING
on your port number. Then look at the IP address. If it shows 127.0.0.1
, this is your problem. If you do not see your port number in LISTENING
state, then you do not have a process listening on that port.
这篇关于尽管有防火墙规则,谷歌云计算引擎仍拒绝连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!