Salem Salem - 11 months ago 65
C# Question

GCE allow incoming traffic on specific ports

I'm trying to host a TCP socket server on a Google Compute Engine, i added the following rule on GCE firewall-rules (sockets-port tcp:11000 Apply to all targets) but the port is still inaccessible from the outside using the public IP (ephemeral in my case).

Is there more to be done in this case? should i use ufw on the VM itself to set additional rules?

Any help or hints would be appreciated, thx.

1) firewall settings:


default-allow-http default tcp:80 http-server

default-allow-https default tcp:443 https-server

default-allow-icmp default icmp

default-allow-internal default tcp:0-65535,udp:0-65535,icmp

default-allow-rdp default tcp:3389

default-allow-ssh default tcp:22

sockets-port default tcp:11000

2) on the VM itself the SocketListener class (C#) gives the error :

Cannot assign requested address
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)

"IPEndpoint consists of the public IP of the machine and port 11000

Answer Source

This is a classic problem with GCE, you must bind your server socket to, instead of the external IP. I don't know if this is by design.

The external IP is a virtual IP. The infrastructure knows how to direct traffic targeting the IP to your VM, but it is not bound to any of the VM's network interfaces. If you run sudo ifconfig in the VM, you will only see the internal IP on eth0.