I'm trying to host a TCP socket server on a Google Compute Engine, i added the following rule on GCE firewall-rules (sockets-port 0.0.0.0/0 tcp:11000 Apply to all targets) but the port is still inaccessible from the outside using the public IP (ephemeral in my case).
Is there more to be done in this case? should i use ufw on the VM itself to set additional rules?
Any help or hints would be appreciated, thx.
1) firewall settings:
NAME NETWORK SRC_RANGES RULES SRC_TAGS TARGET_TAGS
default-allow-http default 0.0.0.0/0 tcp:80 http-server
default-allow-https default 0.0.0.0/0 tcp:443 https-server
default-allow-icmp default 0.0.0.0/0 icmp
default-allow-internal default 10.128.0.0/9 tcp:0-65535,udp:0-65535,icmp
default-allow-rdp default 0.0.0.0/0 tcp:3389
default-allow-ssh default 0.0.0.0/0 tcp:22
sockets-port default 0.0.0.0/0 tcp:11000
2) on the VM itself the SocketListener class (C#) gives the error :
Cannot assign requested address
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
This is a classic problem with GCE, you must bind your server socket to 0.0.0.0, instead of the external IP. I don't know if this is by design.
The external IP is a virtual IP. The infrastructure knows how to direct traffic targeting the IP to your VM, but it is not bound to any of the VM's network interfaces. If you run
sudo ifconfig in the VM, you will only see the internal IP on eth0.