0

I created my VM(Google Cloud Platform), working with Windows Server 2008 R2. So i installed a program that needs the port 6900 opened to run. The program for work must connect to it own server that is: 200.229.50.3:6900. So i entered in the firewall rules of Google Cloud Platform, put ip as 0.0.0.0/0 and opened the port 6900. Also entered in the advanced configures of firewall on my VM, and also allowed the port 6900. Tried to run the program and failed, tried to run telnet to test and failed. Already checked security settings, disabled firewall, etc. I don't know whats is happening.

Follow my Google Cloud Platafform Firewall Rules bellow:

Firewall Rules

Follow my instance Firewall Rules:

Instance Firewall Rules

Follow the program getting error trying to connect on it own server:

Program error

If someone want enter in my instance to check better it, can download the RDP file from here: RDP file

    my external ip: 104.198.152.164
    user: lala2018
    password: ^#0aQaaz)MXbMNy

The program that the error is ocurring is on the desktop with the name xstart.

Feel free to run it, and try to understand what is the problem, because i can't find reasons for it isn't running right.

Someone can help me?

Edit 1:

Follow my VPC routting:

VPC 1 VPC 2

Edit 2:

Traced Route - 200.229.50.3

Black Mamba
  • 247
  • 1
  • 12
  • Where is the host 200.229.50.3 located? Do you have firewall rules in whatever environment that is allow inbound access from GCP? – Zach Seils Jan 16 '19 at 22:14
  • I don't know where the host `200.229.50.3` is located. But i guess it's on USA. Well, just created a firewall rule (on my VM and in the GCP) allowing everything, but not changed. The same error is still happening. I don't know much about that, but maybe this error is because the `220.229.50.3` is an external IP adress? – Black Mamba Jan 16 '19 at 22:22
  • What are the contents of your VPC routing table? – Zach Seils Jan 17 '19 at 02:22
  • Please check my `EDIT 1`. There are 2 links showing my VPC. Sorry for the link, but i can't post image until i have 10 of reputation. – Black Mamba Jan 17 '19 at 02:42
  • I don't see anything wrong with your VPC routing and firewall configuration. Can you try a traceroute to the 200.229.50.3 address? – Zach Seils Jan 17 '19 at 16:32
  • Please, check my `EDIT 2`. Did it. – Black Mamba Jan 17 '19 at 16:50
  • Based on the traceroute results, the issue is not on the Google Cloud network. – Zach Seils Jan 17 '19 at 23:46
  • So why the program says that can't connect to it own ip server? `200.229.50.3:6900`. It doesn't make sense... – Black Mamba Jan 17 '19 at 23:58

1 Answers1

0

After seeing the screenshot of the message you attached, it looks like you are trying to connect from a GCP instance to the server "200.229.50.3" whose IP address belongs to "LEVEL UP! INTERACTIVE LTDA" in Brasil; however, seems "200.229.50.3" is not allowing you to connect ("200.229.50.3" it doesn't respond). If this is correct, you may have to create firewall rules in "200.229.50.3" instead of creating them in GCP.

I can see you have three rules to permit ingress and egress traffic from and to the GCP instances but none of them affects to "200.229.50.3" because this server doesn't belong to the GCP project: - The GCP firewall rule named "testeee" allows incoming connections from the IP address 200.229.50.3 to all instances within your GCP project through the port 6900. - The Windows firewall rule named "Port 6900" allows connections from any IP outside the Windows server through the port 6900. - The GCP firewall rules "mean-stack" and "exit900" are allowing egress traffic from GCP instances to any IP outside the GCP project through the port 6900.

I tried to establish a telnet connection to 200.229.50.3:6900 but it doesn't respond. This could be normal because there could be a firewall in that server which is not allowing connections from my IP address; however, I have to ask the following:

  • Can you confirm 200.229.50.3 is allowing connections through the port 6900 from your GCP Instance?
Alfredo GH
  • 26
  • 2
  • Thanks a lot for your explaination! Can you please say me how i can confirm if `200.229.50.3` is allowing connections trought the port `6900` on my GCP instance? – Black Mamba Jan 18 '19 at 18:06
  • Just used the best VPN program `Express VPN` and it worked. Thanks! – Black Mamba Jan 18 '19 at 19:11
  • @I'mNotHere. To confirm that 200.229.50.3 is allowing connections through the port 6900 from the GCP instance you can test it using telnet: ~$ telnet 200.229.50.3 6900 "200.229.50.3" must be running an application listening on the port 6900 and the firewalls applied to "200.229.50.3" (not the ones in the GCP project) must be disabled or they must be configured to permit incoming connections from the instances created in the GCP project. – Alfredo GH Jan 22 '19 at 16:10
  • @I'mNotHere. If you just want to test your firewall rules allow traffic, you can try an "iperf" test. The following commands will help you to set an iperf test in a linux OS: For "200.229.50.3" as a "Server": ~$ iperf -s -p 6901 For the GCP VMs as "Client": ~$ iperf -c 200.229.50.3 -p 6901 -t1 In the "Server", the tcp port 6901 will be opened to allow the "Client" to send traffic. The "Client" will send traffic to the port 6901 of the "Server". Iperf can be also used in Windows systems. You can find more information about iperf in the [Official Documentation](https://iperf.fr/). – Alfredo GH Jan 22 '19 at 16:12