Salem Salem - 2 months ago 13
C# Question

GCE allow incoming traffic on specific ports

I'm trying to host a TCP socket server on a Google Compute Engine, i added the following rule on GCE firewall-rules (sockets-port 0.0.0.0/0 tcp:11000 Apply to all targets) but the port is still inaccessible from the outside using the public IP (ephemeral in my case).

Is there more to be done in this case? should i use ufw on the VM itself to set additional rules?

Any help or hints would be appreciated, thx.

EDIT:
1) firewall settings:

NAME NETWORK SRC_RANGES RULES SRC_TAGS TARGET_TAGS

default-allow-http default 0.0.0.0/0 tcp:80 http-server

default-allow-https default 0.0.0.0/0 tcp:443 https-server

default-allow-icmp default 0.0.0.0/0 icmp

default-allow-internal default 10.128.0.0/9 tcp:0-65535,udp:0-65535,icmp

default-allow-rdp default 0.0.0.0/0 tcp:3389

default-allow-ssh default 0.0.0.0/0 tcp:22

sockets-port default 0.0.0.0/0 tcp:11000

2) on the VM itself the SocketListener class (C#) gives the error :


Cannot assign requested address
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)


"IPEndpoint consists of the public IP of the machine and port 11000

Answer

This is a classic problem with GCE, you must bind your server socket to 0.0.0.0, instead of the external IP. I don't know if this is by design.

The external IP is a virtual IP. The infrastructure knows how to direct traffic targeting the IP to your VM, but it is not bound to any of the VM's network interfaces. If you run sudo ifconfig in the VM, you will only see the internal IP on eth0.

Comments