Google Cloud Platform为什么我声明防火墙规则不起作用? [英] Google Cloud Platform Why if I declare a firewall rule it doesn't work?

问题描述

我已在我的VM实例中将Debian Stretch安装为操作系统.我已下载(通过git)已安装的AllStarLink软件，以将其安装在上述实例中.

I has installed Debian Stretch as my OS in my VM instance. I has downloaded an installed (via git) the AllStarLink software to install it in the mentioned instance.

在安装和测试期过后，我运行了VM实例并正常运行.该应用程序似乎已在allstarlink.org注册服务器上进行了注册，但是-如果我尝试从外部访问该应用程序-系统将拒绝我的连接.

After installation and testing period, I run the VM instance and works fine. The application appears registered at allstarlink.org register server but -if I attempt to reach the application from outside- the system reject my connection.

我需要端口4569/udp才能与该应用程序一起使用，但是在编写了多个防火墙规则之后，该实例仍然拒绝越位连接.

I need the port 4569/udp to work with the application but after program several firewall rules, the instance still rejecting any connection from offside.

防火墙规则允许我进行连接的正确配置是什么?

What is the right configuration for a firewall rule to permit my connection?

提前谢谢！

推荐答案

Compute Engine网络具有一些诸如SSH，RDP之类的例外来阻止所有传入流量等，并允许所有传出流量.

Compute Engine networks have some implied rules that block all incoming traffic with some exceptions like SSH, RDP etc. and allow all outgoing traffic.

要允许4569(或文档中未提及的任何其他端口)上的流量，您必须nofollow noreferrer> gcloud 实用工具.

To allow traffic on a 4569 (or any other port than mentioned in the documentation) you have to create a new firewall rule using GCP Console or gcloud utility.

在我们的情况下，您必须指定

In our case you have to specify

您可以使用Google Cloud创建或修改VPC防火墙规则控制台，gcloud命令行工具和REST API.当您创建或修改防火墙规则，您可以指定防火墙实例旨在通过使用规则的目标组成部分来应用.

You create or modify VPC firewall rules by using the Google Cloud Console, gcloud command-line tool, and REST API. When you create or modify a firewall rule, you can specify the instances to which it is intended to apply by using the target component of the rule.

您的 gcloud 命令如下所示:

gcloud compute --project = my-project-name防火墙规则create my-rule1 --direction = INGRESS --priority = 1000 --network = default --action = ALLOW --rules = tcp:4569，udp:4569

但是，您需要确保您的实例还允许该端口上的传入流量(默认为Debian Stretch不会阻止任何内容.要确保登录到您的VM并运行以下命令: sudo iptables -L ；您应该会看到类似以下内容:

However you need to make sure that your instance also permits incoming traffic on that port (by default Debian Stretch doesn't block anything. To make sure login to your VM and run this command: sudo iptables -L; you should see something like this:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination   

这是默认的防火墙配置，这意味着允许所有流量(进出).

This is default firewall configuration which means all traffic (on & out) is allowed.

这篇关于Google Cloud Platform为什么我声明防火墙规则不起作用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！