Issue opening port on 5601 despite configuring firewall route similar to port 80 and 443

371 views
Skip to first unread message

Marcus Davies

unread,
Jun 17, 2018, 6:44:15 PM6/17/18
to gce-discussion
Dear community

Can you please help as I am struggling to configure firewall in GCP?

I have a VM instance elk-test-vm which has port 80 and 443 open and I need to open port 5601
I have setup a new firewall rule in order to do this.  See elk-test-tcp-443 below

However the port does not seem to open

I have tested this as follows:

1. Login to elk-test-vm
2. The following works ok
cat < /dev/tcp/localhost/5601
3. The following external IP and port does not work
cat < /dev/tcp/35.234.139.60/5601
4. The following internal IP and port does not work
cat < /dev/tcp/10.154.0.15/5601


You can find the configuration settings below

Note: I have tried setting the firewall rule to open up tcp:5601 and udp:5601


elk-test-vm

Remote access
SSH 
 
Connect to serial console 
Logs
Machine type
n1-standard-1 (1 vCPU, 3.75 GB memory)
CPU platform
Intel Broadwell
europe-west2-b
Labels
goog-dm : elk-test
Creation time
15 Jun 2018, 05:58:38
None
Firewalls
Network tags
elk-test-tcp-443, elk-test-tcp-5601, elk-test-tcp-80
Deletion protection
Boot disk and local disks
NameSize (GB)TypeEncryptionMode
10
Standard persistent disk
Google-managed
Boot, read/write
Additional disks
None
Availability policies
Preemptibility
Off (recommended)
Automatic restart
On (recommended)
On host maintenance
Migrate VM instance (recommended)
Custom metadata
bitnami-base-password
PbFJwMudK8yd
status-variable-path
status
status-uptime-deadline
420
startup-script
#!/bin/bash

set -e

DEFAULT_UPTIME_DEADLINE="300"  # 5 minutes

metadata_value() {
  curl --retry 5 -sfH "Metadata-Flavor: Google" \
       "http://metadata/computeMetadata/v1/$1"
}

access_token() {
  metadata_value "instance/service-accounts/default/token" \
  | python -c "import sys, json; print json.load(sys.stdin)['access_token']"
}

uptime_seconds() {
  seconds="$(cat /proc/uptime | cut -d' ' -f1)"
  echo ${seconds%%.*}  # delete floating point.
}

config_url() { metadata_value "instance/attributes/status-config-url"; }
instance_id() { metadata_value "instance/id"; }
variable_path() { metadata_value "instance/attributes/status-variable-path"; }
project_name() { metadata_value "project/project-id"; }
uptime_deadline() {
  metadata_value "instance/attributes/status-uptime-deadline" \
      || echo $DEFAULT_UPTIME_DEADLINE
}

config_name() {
  python - $(config_url) <<EOF
import sys, urlparse
parsed = urlparse.urlparse(sys.argv[1])
print '/'.join(parsed.path.rstrip('/').split('/')[-4:])
EOF
}

variable_body() {
  encoded_value=$(echo "$2" | base64)
  printf '{"name":"%s", "value":"%s"}\n' "$1" "$encoded_value"
}

post_result() {
  var_subpath=$1
  var_value=$2
  var_path="$(config_name)/variables/$var_subpath/$(instance_id)"

  curl --retry 5 -sH "Authorization: Bearer $(access_token)" \
      -H "Content-Type: application/json" \
      -X POST -d "$(variable_body "$var_path" "$var_value")" \
      "$(config_url)/variables"
}

post_success() {
  post_result "$(variable_path)/success" "${1:-Success}"
}

post_failure() {
  post_result "$(variable_path)/failure" "${1:-Failure}"
}

# The contents of initScript are contained within this function.
custom_init() (
  return 0
)

# The contents of checkScript are contained within this function.
check_success() (
  failed=$(/etc/init.d/bitnami status \
      | grep "not running" | cut -d" " -f1 | tr "\n" " ")
  if [ ! -z "$failed" ]; then
    echo "Processes failed to start: $failed"
    exit 1
  fi
)

check_success_with_retries() {
  deadline="$(uptime_deadline)"
  while [ "$(uptime_seconds)" -lt "$deadline" ]; do
    message=$(check_success)
    case $? in
    0)
      # Success.
      return 0
      ;;
    1)
      # Not ready; continue loop
      ;;
    *)
      # Failure; abort.
      echo $message
      return 1
      ;;
    esac

    sleep 5
  done

  # The check was not successful within the required deadline.
  echo "status check timeout"
  return 1
}

do_init() {
  # Run the init script first. If no init script was specified, this
  # is a no-op.
  echo "software-status: initializing..."

  set +e
  message="$(custom_init)"
  result=$?
  set -e

  if [ $result -ne 0 ]; then
    echo "software-status: init failure"
    post_failure "$message"
    return 1
  fi
}

do_check() {
  # Poll for success.
  echo "software-status: waiting for software to become ready..."
  set +e
  message="$(check_success_with_retries)"
  result=$?
  set -e

  if [ $result -eq 0 ]; then
    echo "software-status: success"
    post_success
  else
    echo "software-status: failed with message: $message"
    post_failure "$message"
  fi
}

# Run the initialization script synchronously.
do_init || exit $?

# The actual software initialization might come after google's init.d
# script that executes our startup script. Thus, launch this script
# into the background so that it does not block init and eventually
# timeout while waiting for software to start.
do_check & disown



elk-test-tcp-5601

default1000IngressAllow
Targets
Target tags
elk-test-tcp-5601
Source filters
IP ranges
Protocols and ports
tcp:5601
Enabled
Equivalent REST



elk-test-tcp-443 - for comparison

default1000IngressAllow
Targets
Target tags
elk-test-tcp-443
Source filters
IP ranges
Protocols and ports
tcp:443
Enabled

Digil (Google Cloud Platform Support)

unread,
Jun 18, 2018, 6:38:50 PM6/18/18
to gce-discussion

Based on your current configuration, the GCP firewall should be allowing traffic for the port 5601 on your virtual machine instances. This means, if you are having any service running on your instance which listens to the specific port(ie 5601), the GCP firewall won't block it.


Try to run a ‘nmap’ on your virtual machine instance and see what all services active and listening on various ports on your instance. If you don’t any service listening to that port(5601), it won’t list there. This doesn’t mean GCP firewall is blocking that port, but no service is using that port.

Reply all
Reply to author
Forward
0 new messages