search

decoder-leco / plateforme

La plateforme de Data Engineering Décoder l'éco
0 stars 0 forks source link

ssh access ok but http impossible #9

Closed Jean-Baptiste-Lasselle closed 1 month ago

Jean-Baptiste-Lasselle commented 1 month ago

even though i added firewall rules to access http on port 8081 i cant access the vm like that https://www.googlecloudcommunity.com/gc/Serverless/Cannot-connect-to-vm-instance-via-external-ip-after-import/m-p/647534

but ssh access on same ip works

Jean-Baptiste-Lasselle commented 1 month ago

it might be iptables : https://stackoverflow.com/questions/22453803/enable-access-google-compute-engine-instance-via-http-port

Jean-Baptiste-Lasselle commented 1 month ago

or maybe this: image

also an iptable thing on ubuntu : https://stackoverflow.com/questions/44620723/cant-connect-to-port-80-on-google-cloud-compute-instance-despite-firewall-rule

Jean-Baptiste-Lasselle commented 1 month ago 
pierre@first-test-vm:~$ nmap 0.0.0.0
Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-28 00:48 UTC
Nmap scan report for 0.0.0.0
Host is up (0.000088s latency).
Not shown: 994 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
5001/tcp open  commplex-link
8081/tcp open  blackice-icecap
9000/tcp open  cslistener
9001/tcp open  tor-orport
pierre@first-test-vm:~$ nmap 35.188.214.168
Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-28 00:50 UTC
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.03 seconds
pierre@first-test-vm:~$ nmap 35.188.214.168 -Pn
Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-28 00:51 UTC
Nmap scan report for 168.214.188.35.bc.googleusercontent.com (35.188.214.168)
Host is up (0.00038s latency).
Not shown: 999 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 4.24 seconds
pierre@first-test-vm:~$

ok so nmap confirms that the public ip address does not expose the 8081 port as opened

Jean-Baptiste-Lasselle commented 1 month ago 
docker run -it --restart unless-stopped -d -p 0.0.0.0:8081:80 --name jbtest nginx
Jean-Baptiste-Lasselle commented 1 month ago

https://serverfault.com/questions/634896/google-computer-engine-firewall-and-iptables

Jean-Baptiste-Lasselle commented 1 month ago

yes there's something, there's a firewall I think because nmap says 999 ports re filtered, and:

Jean-Baptiste-Lasselle commented 1 month ago

mashed potatoes, its just that i didn't configured properly thetarget tags of the firewall rules