I had created a standard Public IP and standard Load balancer and 2 VMs and configured NAT rule to map port 5000 to 3389.
But when I try to RDP to I am not able connect to the VM.
The same configuration when I do with Basic LoadBalancer it works fine. Is there any extra configuration I need to do for standard LoadBalancer?
Also there is no NSG configured.
For a Standard Load Balancer NSG is mandatory. Without it NAT rule will not working.
Related
I could allow the IP of Bastian host but how do I allow IP of Google Cloud Console in firewall rule?
1. If you use Default network configuration, Compute Engine creates firewall rules that allows TCP connections through port 22 for you. You can see them in the GCP Console:
GCP Console => VPC network => Firewall rules
The Default network has preconfigured firewall rules that allow all instances in the network to talk with each other. In particular, these firewall rules allow ICMP, RDP, and SSH ingress traffic from anywhere (0.0.0.0/0). There should be an Ingress firewall rule for SSH: default-allow-ssh.
2. If you use Custom network, firewall rule for SSH should be created manually.
With Cloud Console
GCP Console => VPC network => Firewall rules => Create Firewall Rule
Name: mynet-allow-ssh
Network: mynet
Targets: All instances in the network
Source filter: IP Ranges
Source IP ranges: 0.0.0.0/0
Protocols and ports: Specified protocols and ports
tcp: ports 22
With command line
$ gcloud compute --project=myproject firewall-rules create mynet-allow-ssh --direction=INGRESS --priority=1000 --network=mynet --action=ALLOW --rules=tcp:22 --source-ranges=0.0.0.0/0
For more details see Compute Engine => Documentation => Connecting to instances
Speaking about whitelisting of an "IP of Google Cloud Console" for the case when you press the "SSH" button in the Cloud Console, this is rather unfeasible because SSH connection is established over HTTPS via a relay server that could have an unpredictable address from the Google's external pool of IPs. Use of a Bastion host with a single static IP is more rational from this perspective.
If you're using the SSH button, it's your external IP.
If you're using Cloud Shell, it's a random external IP (of Google Cloud) since it's technically a VM instance.
The answer in GCP open firewall only to cloud shell can be an option for you if you want to access from the console.
I follow Document for Creating Content-Based Load Balancing: https://cloud.google.com/load-balancing/docs/https/content-based-example
I want to reach external address with https. I want load balancer to connect to VM with simple http.
Both VMs work as expected and are returning proper answet when reached by IP address. LB's settings seem fine. Both health checks are passing and Google SSL Certificate is ACTIVE.
However, when I try to reach Load Balancer's IP address or domain I get 502.
LB IP is 35.244.161.226 wciel.pl
Load Balancer's logs show statusDetails: "failed_to_connect_to_backend"
I attached screens of my Google Cloud Console.
Please advice.
me#machine:$ gcloud beta compute ssl-certificates list
NAME TYPE CREATION_TIMESTAMP EXPIRE_TIME MANAGED_STATUS
wciel-pl-certificate2 MANAGED 2019-08-11T03:20:15.971-07:00 2019-11-09T01:27:44.000-08:00 ACTIVE
www.wciel.pl: ACTIVE
I think there is a mismatch in back end service configuration. From the details of web-map-backend-service its seems like your service listening on port 80. However, when you have configured backend service you have configured it with port 443.
If you don't require secure communication between LB to VM, I would recommend followings:
Change backend protocol from HTTPS to HTTP
Edit backend Port numbers from 443 to 80
Save and update the configuration.
i trying to setup an apache proxy on VM. I have no issue that create the VM, i have setup the network for the connection between the host and VM through bridge connection. Now both host and VM can be access by the public.
But with client requirement, we are not allow to have the host as public. Hence i need go setup the host as internal network. Which means only the apache VM is allow to be ssh or ftp from outside, the host is not allow to be access from outside. All request will be proxy through apache VM.
Would like to know any export know how to do this ? Attached with the basic request diagram. Looking for the advice and answer. Thanks.
Info
Ubuntu 14.04 , Apache2 , KVM
The basic diagram
I really have stuck at this, what i have succesful setup is host and VM is accessible by public, via bridge connection.
When i try to set it as NAT conenection, the VM will be not accessible.
I have think an alternative way is block all the access port in the host, but host allowed to outbound , but not allowed inbound, but allow inbound from VM.
I hope have an expert help on this. Thanks.
I have recently starred out with EC2. Currently I am using the Free Tier to test and learn about it. However as I am behind a proxy that allows only connections at port 80 and 443, I am unable to connect the EC2 instance. Is there a way to get past this ?
So far I've guess that running sslh on the EC2 instance, as described here might help. But I am not sure if this behavior should remain persistent once the instance is terminated and re-started (as I am using Free Tier). Is there a way I can achieve persistence in terms of settings and installed resources like sslh (and many others) while using the Free Tier ?
Thanks in advance.
Once when behind a firewall that only allowed outgoing communication on ports such as 80, I just ran an sshd on the server on a different port. You won't be able to set this up while behind the firewall, you'll have to go somewhere else, ssh in, and reconfigure ssh.
Instead of running sshd on a non-standard port, you could also just have something redirect traffic from some other port to port 22.
If your ec2 instance isn't running a web server, you can use port 80 or 443 for the sshd. If you're not using https, then use 443.
You say they only allow outgoing traffic to remote ports 80 and 443, but often times ports above 1024 are also unblocked.
Make sure you've also correctly configured your security groups on the ec2 instance, since it has a firewall as well. You'll have to make sure it's configured to allow incoming traffic on the port supplying the sshd from your IP address. This can be done through the aws management console.
Here there's is a neat solution. I haven't tried it. The idea is to pass a script to boot the instance with ssh bind to port 80.
Goto instances
at the top of the list of your running instances you should see "instance action"
In that menu you should see "connect"
Select "connect from your browser using Java ssh client"
note, you need Java to be installed.
I'm trying to setup JMeter in a distributed mode.
I have a server running on an ec2 intance, and I want the master to run on my local computer.
I had to jump through some hopes to get RMI working correctly on the server but was solved with setting the "java.rmi.server.hostname" to the IP of the ec2 instance.
The next (and hopefully last) problem is the server communicating back to the master.
The problem is that because I am doing this from an internal network, the master is sending its local/internal ip address (192.168.1.XXX) when it should be sending back the IP of my external connection (92.XXX.XXX.XXX).
I can see this in the jmeter-server.log:
ERROR - jmeter.samplers.RemoteListenerWrapper: testStarted(host) java.rmi.ConnectException: Connection refused to host: 192.168.1.50; nested exception is:
That host IP is wrong. It should be the 92.XXX.XXX.XX address. I assume this is because in the master logs I see the following:
2012/07/29 20:45:25 INFO - jmeter.JMeter: IP: 192.168.1.50 Name: XXXXXX.local FullName: 192.168.1.50
And this IP is sent to the server during RMI setup.
So I think I have two options:
Tell the master to send the external IP
Tell the server to connect on the external IP of the master.
But I can't see where to set these commands.
Any help would be useful.
For the benefit of future readers, don't take no for an answer. It is possible! Plus you can keep your firewall in place.
In this case, I did everything over port 4000.
How to connect a JMeter client and server for distributed testing with Amazon EC2 instance and local dev machine across different networks.
Setup:
JMeter 2.13 Client: local dev computer (different network)
JMeter 2.13 Server: Amazon EC2 instance
I configured distributed client / server JMeter connectivity as follows:
1. Added a port forwarding rule on my firewall/router:
Port: 4000
Destination: JMeter client private IP address on the LAN.
2. Configured the "Security Group" settings on the EC2 instance:
Type: Allow: Inbound
Port: 4000
Source: JMeter client public IP address (my dev computer/network public IP)
Update: If you already have SSH connectivity, you could use an SSH tunnel for the connection, that will avoid needing to add the firewall rules.
$ ssh -i ~/.ssh/54-179-XXX-XXX.pem ServerAliveInterval=60 -R 4000:localhost:4000 jmeter#54.179.XXX.XXX
3. Configured client $JMETER_HOME/bin/jmeter.properties file RMI section:
note only the non-default values that I changed are included here:
#---------------------------------------------------------------------------
# Remote hosts and RMI configuration
#---------------------------------------------------------------------------
# Remote Hosts - comma delimited
# Add EC2 JMeter server public IP address:Port combo
remote_hosts=127.0.0.1,54.179.XXX.XXX:4000
# RMI port to be used by the server (must start rmiregistry with same port)
server_port=4000
# Parameter that controls the RMI port used by the RemoteSampleListenerImpl (The Controler)
# Default value is 0 which means port is randomly assigned
# You may need to open Firewall port on the Controller machine
client.rmi.localport=4000
# To change the default port (1099) used to access the server:
server.rmi.port=4000
# To use a specific port for the JMeter server engine, define
# the following property before starting the server:
server.rmi.localport=4000
4. Configured remote server $JMETER_HOME/bin/jmeter.properties file RMI section as follows:
#---------------------------------------------------------------------------
# Remote hosts and RMI configuration
#---------------------------------------------------------------------------
# RMI port to be used by the server (must start rmiregistry with same port)
server_port=4000
# Parameter that controls the RMI port used by the RemoteSampleListenerImpl (The Controler)
# Default value is 0 which means port is randomly assigned
# You may need to open Firewall port on the Controller machine
client.rmi.localport=4000
# To use a specific port for the JMeter server engine, define
# the following property before starting the server:
server.rmi.localport=4000
5. Started the JMeter server/slave with:
jmeter-server -Djava.rmi.server.hostname=54.179.XXX.XXX
where 54.179.XXX.XXX is the public IP address of the EC2 server
6. Started the JMeter client/master with:
jmeter -Djava.rmi.server.hostname=121.73.XXX.XXX
where 121.73.XXX.XXX is the public IP address of my client computer.
7. Ran a JMeter test suite.
JMeter GUI log output
Success!
I had a similar problem: the JMeter server tried to connect to the wrong address for sending the results of the test (it tried to connect to localhost).
I solved this by setting the following parameter when starting the JMeter master:
-Djava.rmi.server.hostname=xx.xx.xx.xx
It looks as though this wont work Distributed JMeter Testing explains the requirements for load testing in a distributed environment. Number 2 and 3 are particular to your use case I believe.
The firewalls on the systems are turned off.
All the clients are on the same subnet.
The server is in the same subnet, if 192.x.x.x or 10.x.x.x ip addresses are used.
Make sure JMeter can access the server.
Make sure you use the same version of JMeter on all the systems. Mixing versions may not work correctly.
Might be very late in the game but still. Im running this with jmeter 5.3.
So to get it work by setting up the slaves in aws and the controller on your local machine.
Make sure your slave has the proper localports and hostname. The hostname on the slave should be the ec2 instance public dns.
Make sure AWS has proper security policies.
For the controller (which is your local machine) make sure you run with the parameter '-Djava.rmi.server.hostname='. You can get the ip by googling "my public ip address". Definately not those 192.xxx.xxx.x or 172.xx.xxx.
Then you have to configure your modem to port forward your machine that is used to be your controller. The port can be obtained when from the slave log (the ones that has the FINE: RMI RenewClean....., yeah you have to set the log to verbose). OR set DMZ and put your controller machine. Dangerous, but convinient just for the testing time, don't forget to off it after that
Then it should work.