Open up specific ports in google compute Engine. [centos7]

0
votes

I am trying to open up some ports on my compute VM.

For example, I have this in firewall-rules 

$ gcloud compute firewall-rules list
NAME                    NETWORK  SRC_RANGES    RULES                         SRC_TAGS  TARGET_TAGS
default-allow-http      default  0.0.0.0/0     tcp:80                                  http-server
default-allow-https     default  0.0.0.0/0     tcp:443                                 https-server
default-allow-icmp      default  0.0.0.0/0     icmp
default-allow-internal  default  10.128.0.0/9  tcp:0-65535,udp:0-65535,icmp
default-allow-rdp       default  0.0.0.0/0     tcp:3389
default-allow-ssh       default  0.0.0.0/0     tcp:22
test-24284              default  0.0.0.0/0     tcp:24284                               test-tcp-open-24284

I have created a centos 7 instance to which I have attached the tags 

$ gcloud compute instances describe test-network-opened
...
...
  items:
  - http-server
  - https-server
  - test-tcp-open-24284
...
...

Now when I try to check from my dev box to see whether the port is opened or not using nmap on the public IP showed in the console for the VM

$ nmap -p 24284 35.193.xxx.xxx

Nmap scan report for 169.110.xxx.xx.bc.googleusercontent.com (35.193.xxx.xxx)
Host is up (0.25s latency).

PORT      STATE  SERVICE
24284/tcp closed unknown

Nmap done: 1 IP address (1 host up) scanned in 1.15 seconds

Now it's hitting the external NAT IP for my VM which would be 169.110.xxx.xx

I tried checking using the iptables rules, but that didn't show anything

[root@test-network-opened ~]# iptables -S | grep 24284
[root@test-network-opened ~]#

So I enabled firewalld and tried opening the port with it

[root@test-network-opened ~]# firewall-cmd --zone=public --add-port=24284/tcp --permanent
success
[root@test-network-opened ~]# firewall-cmd --reload
success
[root@test-network-opened ~]# iptables -S | grep 24284
[root@test-network-opened ~]#

I am not sure where I am doing it wrong with this. I referred these relevant questions on SO about this

1
centosgoogle-cloud-platformfirewalliptables
Is there any service running on port 24284 on your VM? Please post output of netstat -plnt command.Kamran

1 Answers

1
votes

The ports were opened by the firewall but since I didn't have an application using the port already, nmap was showing the closed port which meant it was able to reach to the server and not firewalled

If it was it would have showed filtered.

I didn't have any application running on it so, didn't know this as a possibility. Careless of me.

Thanks for pointing this out.