How to open a specific port such as 9090 in Google Compute Engine

Question

I have 2 Google Compute Engine instances and I want to open port 9090 in both the instances  I think we need to add some firewall rules      Can you tell me how can I do that

User · Answer

Here is the command-line approach to answer this question:

gcloud compute firewall-rules create <rule-name> --allow tcp:9090 --source-tags=<list-of-your-instances-names> --source-ranges=0.0.0.0/0 --description="<your-description-here>"

This will open the port 9090 for the instances that you name. Omitting --source-tags and --source-ranges will apply the rule to all instances. More details are in the Gcloud documentation and the firewall-rule create command manual

The previous answers are great, but Google recommends using the newer gcloud commands instead of the gcutil commands.

PS: To get an idea of Google's firewall rules, run gcloud compute firewall-rules list and view all your firewall rules

User · Answer

Creating firewall rules  Please review the firewall rule components  1  if you are unfamiliar with firewall rules in GCP  Firewall rules are defined at the network level  and only apply to the network where they are created  however  the name you choose for each of them must be unique to the project   For Cloud Console    Go to the Firewall rules page in the Google Cloud Platform Console   Click Create firewall rule  Enter a Name for the firewall rule   This name must be unique for the project  Specify the Network where the firewall rule will be implemented  Specify the Priority of the rule   The lower the number  the higher the priority  For the Direction of traffic  choose ingress or egress  For the Action on match  choose allow or deny  Specify the Targets of the rule    If you want the rule to apply to all instances in the network  choose All instances in the network  If you want the rule to apply to select instances by network  target  tags  choose Specified target tags  then type the tags to which the rule should apply into the Target tags field  If you want the rule to apply to select instances by associated service account  choose Specified service account  indicate whether the service account is in the current project or another one under Service account scope  and choose or type the service account name in the Target service account field   For an ingress rule  specify the Source filter     Choose IP ranges and type the CIDR blocks into the Source IP ranges field to define the source for incoming traffic by IP address ranges  Use 0 0 0 0 0 for a source from any network  Choose Subnets then mark the ones you need from the Subnets pop-up button to define the source for incoming traffic by subnet name  To limit source by network tag  choose Source tags  then type the network tags in to the Source tags field  For the limit on the number of source tags  see VPC Quotas and Limits  Filtering by source tag is only available if the target is not specified by service account  For more information  see filtering by service account vs network tag  To limit source by service account  choose Service account  indicate whether the service account is in the current project or another one under Service account scope  and choose or type the service account name in the Source service account field  Filtering by source service account is only available if the target is not specified by network tag  For more information  see filtering by service account vs  network tag  Specify a Second source filter if desired  Secondary source filters cannot use the same filter criteria as the primary one   For an egress rule  specify the Destination filter     Choose IP ranges and type the CIDR blocks into the Destination IP ranges field to define the destination for outgoing traffic by IP address ranges  Use 0 0 0 0 0 to mean everywhere  Choose Subnets then mark the ones you need from the Subnets pop-up button to define the destination for outgoing traffic by subnet name   Define the Protocols and ports to which the rule will apply     Select Allow all or Deny all  depending on the action  to have the rule apply to all protocols and ports  Define specific protocols and ports    Select tcp to include the TCP protocol and ports  Enter all or a comma delimited list of ports  such as 20-22  80  8080  Select udp to include the UDP protocol and ports  Enter all or a comma delimited list of ports  such as 67-69  123  Select Other protocols to include protocols such as icmp or sctp     Optional  You can create the firewall rule but not enforce it by setting its enforcement state to disabled  Click Disable rule  then select Disabled   Optional  You can enable firewall rules logging    Click Logs   On  Click Turn on   Click Create    Link   1  https   cloud google com vpc docs firewalls firewall rule components

User · Answer

This question is old and Carlos Rojas s answer is good  but I think I should post few things which should be kept in mind while trying to open the ports     The first thing to remember is that Networking section is renamed to VPC Networking  So if you re trying to find out where Firewall Rules option is available  go look at VPC Networking   The second thing is  if you re trying to open ports on a Linux VM  make sure under no circumstances should you try to open port using ufw command  I tried using that and lost ssh access to the VM  So don t repeat my mistake     The third thing is  if you re trying to open ports on a Windows VM  you ll need to create Firewall rules inside the VM also in Windows Firewall along with VPC Networking -  Firewall Rules  The port needs to be opened in both firewall rules  unlike Linux VM  So if you re not getting access to the port from outside the VM  check if you ve opened the port in both GCP console and Windows Firewall     The last  obvious  thing is  do not open ports unnecessarily  Close the ports  as soon as you no longer need it   I hope this answer is useful

User · Answer

You ll need to add a firewall rule to open inbound access to tcp 9090 to your instances   If you have more than the two instances  and you only want to open 9090 to those two  you ll want to make sure that there is a tag that those two instances share   You can add or update tags via the console or the command-line  I d recommend using the GUI for that if needed because it handles the read-modify-write cycle with setinstancetags   If you want to open port 9090 to all instances  you can create a firewall rule like   gcutil addfirewall allow-9090 --allowed tcp 9090   which will apply to all of your instances   If you only want to open port 9090 to the two instances that are serving your application  make sure that they have a tag like my-app  and then add a firewall like so   gcutil addfirewall my-app-9090 --allowed tcp 9090 --target tags my-app   You can read more about creating and managing firewalls in GCE here

User · Answer

I had the same problem as you do and I could solve it by following  CarlosRojas instructions with a little difference  Instead of create a new firewall rule I edited the default-allow-internal one to accept traffic from anywhere since creating new rules didn t make any difference

User · Answer

You need to    Go to cloud google com Go to my Console Choose your Project Choose Networking   VPC network Choose  Firewalls rules  Choose  Create Firewall Rule  To apply the rule to select VM instances  select Targets    Specified target tags   and enter into  Target tags  the name of the tag  This tag will be used to apply the new firewall rule onto whichever instance you d like  Then  make sure the instances have the network tag applied  To allow incoming TCP connections to port 9090  in  Protocols and Ports  enter tcp 9090 Click Create   I hope this helps you   Update Please refer to docs to customize your rules

User · Answer

I had to fix this by decreasing the priority  making it higher   This caused an immediate response  Not what I was expecting  but it worked

User · Answer

console cloud google com  gt  gt  select project  gt  gt  Networking  gt  VPC network  gt  gt  firewalls  gt  gt  create firewall  To apply the rule to VM instances  select Targets   quot Specified target tags quot   and enter into  quot Target tags quot  the name of the tag  This tag will be used to apply the new firewall rule onto whichever instance you d like  in  quot Protocols and Ports quot  enter tcp 9090 Click Save

[google-cloud-platform] How to open a specific port such as 9090 in Google Compute Engine

Examples related to google-cloud-platform

Examples related to port

Examples related to google-compute-engine