尽管有防火墙规则，谷歌云计算引擎仍拒绝连接 [英] Google Cloud Compute Engine refusing connections despite firewall rule

问题描述

我正在尝试在运行 debian 的 GCE 实例上设置 VNC 服务器.通常我通过 SSH 连接，但我需要一个用于其他一些用例的图形界面.我有一个非常基本的防火墙规则，看起来像这样

I'm trying to setup a VNC server on my GCE instance running debian. Normally I connect over SSH, but I need a graphical interface for some other use cases. I have a very basic firewall rule that looks like this

但是当我使用 netcat 检查端口 5901 上的外部 IP 时，我发现连接被拒绝.检查像 22 这样的端口有效，但其他端口都不让我连接.我在这里错过了一步吗?

But when I use netcat to check the external IP on port 5901 I get that the connection is refused. Checking a port like 22 works, but none of the other ones let me connect. Am I missing a step here?

推荐答案

与您的问题相关的最常见问题是应用程序/服务器配置为 localhost 或 127.0.0.1，这意味着只接受本地机器上的连接.您需要与 0.0.0.0 绑定，这意味着侦听所有可用网络.

The most common problem related to your issue is that the application / server is configured for localhost or 127.0.0.1, which means accept connections only on the local machine. You need to bind with 0.0.0.0 which means listen on all available networks.

从公共网络(在您的系统外)连接时连接被拒绝意味着没有人在听.这不是防火墙规则问题，因为错误消息表明连接没有被阻止(无响应)而不是被拒绝(权限被拒绝).

When connecting from the public network (outside your system) Connection refused means that nobody is listening. This is not a firewall rule issue as the error message indicates that the connection is not being blocked (no response) versus refused (permission denied).

通过 SSH 连接到您的实例.然后运行这个命令:netstat -a.查找在您的端口号上显示 LISTENING 的行.然后查看IP地址.如果它显示 127.0.0.1，那就是你的问题.如果您没有在 LISTENING 状态下看到您的端口号，那么您没有在该端口上侦听的进程.

Connect to your instance via SSH. Then run this command: netstat -a. Look for a line that says LISTENING on your port number. Then look at the IP address. If it shows 127.0.0.1, this is your problem. If you do not see your port number in LISTENING state, then you do not have a process listening on that port.

这篇关于尽管有防火墙规则，谷歌云计算引擎仍拒绝连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！